package com.naturalprogrammer.spring.lemon.commonsweb.security;

import com.naturalprogrammer.spring.lemon.commons.security.BlueTokenService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/* loaded from: input_file:com/naturalprogrammer/spring/lemon/commonsweb/security/LemonWebSecurityConfig.class */
public class LemonWebSecurityConfig {
    private static final Log log = LogFactory.getLog(LemonWebSecurityConfig.class);
    protected BlueTokenService blueTokenService;

    @Autowired
    public void createLemonWebSecurityConfig(BlueTokenService blueTokenService) {
        this.blueTokenService = blueTokenService;
        log.info("Created");
    }

    public HttpSecurity configure(HttpSecurity httpSecurity) throws Exception {
        sessionCreationPolicy(httpSecurity);
        logout(httpSecurity);
        exceptionHandling(httpSecurity);
        tokenAuthentication(httpSecurity);
        csrf(httpSecurity);
        cors(httpSecurity);
        authorizeRequests(httpSecurity);
        otherConfigurations(httpSecurity);
        return httpSecurity;
    }

    protected void sessionCreationPolicy(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

    protected void logout(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.logout().disable();
    }

    protected void exceptionHandling(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint());
    }

    protected void tokenAuthentication(HttpSecurity httpSecurity) {
        httpSecurity.addFilterBefore(new LemonCommonsWebTokenAuthenticationFilter(this.blueTokenService), UsernamePasswordAuthenticationFilter.class);
    }

    protected void csrf(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
    }

    protected void cors(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.cors();
    }

    protected void authorizeRequests(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeRequests().mvcMatchers(new String[]{"/**"}).permitAll();
    }

    protected void otherConfigurations(HttpSecurity httpSecurity) {
    }
}
