package org.cloudfoundry.multiapps.controller.web.configuration;

import javax.inject.Inject;
import org.cloudfoundry.multiapps.controller.PackageMarker;
import org.cloudfoundry.multiapps.controller.web.security.AuthenticationLoaderFilter;
import org.cloudfoundry.multiapps.controller.web.security.CompositeUriAuthorizationFilter;
import org.cloudfoundry.multiapps.controller.web.security.CsrfHeadersFilter;
import org.cloudfoundry.multiapps.controller.web.security.ExceptionHandlerFilter;
import org.cloudfoundry.multiapps.controller.web.security.RequestSizeFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.switchuser.SwitchUserFilter;
import org.springframework.security.web.csrf.CsrfFilter;

@EnableWebSecurity
@ComponentScan(basePackageClasses = {PackageMarker.class})
/* loaded from: input_file:org/cloudfoundry/multiapps/controller/web/configuration/SecurityConfiguration.class */
public class SecurityConfiguration {
    private final AuthenticationLoaderFilter authenticationLoaderFilter;
    private final CompositeUriAuthorizationFilter compositeUriAuthorizationFilter;
    private final RequestSizeFilter requestSizeFilter;
    private final CsrfHeadersFilter csrfHeadersFilter;
    private final ExceptionHandlerFilter exceptionHandlerFilter;

    @Inject
    public SecurityConfiguration(AuthenticationLoaderFilter authenticationLoaderFilter, CompositeUriAuthorizationFilter compositeUriAuthorizationFilter, RequestSizeFilter requestSizeFilter, CsrfHeadersFilter csrfHeadersFilter, ExceptionHandlerFilter exceptionHandlerFilter) {
        this.authenticationLoaderFilter = authenticationLoaderFilter;
        this.compositeUriAuthorizationFilter = compositeUriAuthorizationFilter;
        this.requestSizeFilter = requestSizeFilter;
        this.csrfHeadersFilter = csrfHeadersFilter;
        this.exceptionHandlerFilter = exceptionHandlerFilter;
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        return (SecurityFilterChain) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and().authorizeRequests().antMatchers(HttpMethod.GET, new String[]{"/**"})).hasAnyAuthority(new String[]{"cloud_controller.read", "cloud_controller.admin"}).antMatchers(HttpMethod.POST, new String[]{"/**"})).hasAnyAuthority(new String[]{"cloud_controller.write", "cloud_controller.admin"}).antMatchers(HttpMethod.PUT, new String[]{"/**"})).hasAnyAuthority(new String[]{"cloud_controller.write", "cloud_controller.admin"}).antMatchers(HttpMethod.DELETE, new String[]{"/**"})).hasAnyAuthority(new String[]{"cloud_controller.write", "cloud_controller.admin"}).and().addFilterBefore(this.authenticationLoaderFilter, AbstractPreAuthenticatedProcessingFilter.class).addFilterBefore(this.exceptionHandlerFilter, AuthenticationLoaderFilter.class).addFilterAfter(this.requestSizeFilter, AuthenticationLoaderFilter.class).addFilterAfter(this.csrfHeadersFilter, CsrfFilter.class).addFilterAfter(this.compositeUriAuthorizationFilter, SwitchUserFilter.class).exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and().build();
    }

    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        return webSecurity -> {
            webSecurity.ignoring().antMatchers(new String[]{"/public/**"});
        };
    }

    @Bean
    public AccessDeniedHandler accessDeniedHandler() {
        return new CsrfAccessDeniedHandler();
    }
}
