package org.springframework.security.web.authentication;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.log.LogMessage;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.5.0.jar:org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.class */
public abstract class AbstractAuthenticationTargetUrlRequestHandler {
    protected final Log logger = LogFactory.getLog(getClass());
    private String targetUrlParameter = null;
    private String defaultTargetUrl = "/";
    private boolean alwaysUseDefaultTargetUrl = false;
    private boolean useReferer = false;
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    /* JADX INFO: Access modifiers changed from: protected */
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        String determineTargetUrl = determineTargetUrl(httpServletRequest, httpServletResponse, authentication);
        if (httpServletResponse.isCommitted()) {
            this.logger.debug(LogMessage.format("Did not redirect to %s since response already committed.", determineTargetUrl));
        } else {
            this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, determineTargetUrl);
        }
    }

    protected String determineTargetUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        return determineTargetUrl(httpServletRequest, httpServletResponse);
    }

    protected String determineTargetUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (isAlwaysUseDefaultTargetUrl()) {
            return this.defaultTargetUrl;
        }
        String targetUrlParameterValue = getTargetUrlParameterValue(httpServletRequest);
        if (StringUtils.hasText(targetUrlParameterValue)) {
            trace("Using url %s from request parameter %s", targetUrlParameterValue, this.targetUrlParameter);
            return targetUrlParameterValue;
        }
        if (!this.useReferer) {
            return this.defaultTargetUrl;
        }
        trace("Using url %s from Referer header", httpServletRequest.getHeader("Referer"));
        return httpServletRequest.getHeader("Referer");
    }

    private String getTargetUrlParameterValue(HttpServletRequest httpServletRequest) {
        String parameter;
        if (this.targetUrlParameter == null || (parameter = httpServletRequest.getParameter(this.targetUrlParameter)) == null) {
            return null;
        }
        return StringUtils.hasText(parameter) ? parameter : this.defaultTargetUrl;
    }

    private void trace(String str, String... strArr) {
        if (this.logger.isTraceEnabled()) {
            this.logger.trace(LogMessage.format(str, (Object[]) strArr));
        }
    }

    protected final String getDefaultTargetUrl() {
        return this.defaultTargetUrl;
    }

    public void setDefaultTargetUrl(String str) {
        Assert.isTrue(UrlUtils.isValidRedirectUrl(str), "defaultTarget must start with '/' or with 'http(s)'");
        this.defaultTargetUrl = str;
    }

    public void setAlwaysUseDefaultTargetUrl(boolean z) {
        this.alwaysUseDefaultTargetUrl = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isAlwaysUseDefaultTargetUrl() {
        return this.alwaysUseDefaultTargetUrl;
    }

    public void setTargetUrlParameter(String str) {
        if (str != null) {
            Assert.hasText(str, "targetUrlParameter cannot be empty");
        }
        this.targetUrlParameter = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getTargetUrlParameter() {
        return this.targetUrlParameter;
    }

    public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
        Assert.notNull(redirectStrategy, "redirectStrategy cannot be null");
        this.redirectStrategy = redirectStrategy;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RedirectStrategy getRedirectStrategy() {
        return this.redirectStrategy;
    }

    public void setUseReferer(boolean z) {
        this.useReferer = z;
    }
}
