package org.frankframework.lifecycle.servlets;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import org.frankframework.util.SpringUtils;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.authority.mapping.MappableAttributesRetriever;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService;
import org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource;
import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever;

/* loaded from: input_file:org/frankframework/lifecycle/servlets/JeeAuthenticator.class */
public class JeeAuthenticator extends ServletAuthenticatorBase {

    /* loaded from: input_file:org/frankframework/lifecycle/servlets/JeeAuthenticator$DelegatedMappableAttributesRetriever.class */
    public static class DelegatedMappableAttributesRetriever implements MappableAttributesRetriever {
        private Set<String> mappableAttributes = new HashSet();

        public Set<String> getMappableAttributes() {
            return this.mappableAttributes;
        }

        public void addMappableAttributes(Set<String> set) {
            this.mappableAttributes.addAll(set);
        }
    }

    @Override // org.frankframework.lifecycle.servlets.ServletAuthenticatorBase
    public SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
        AuthenticationManager authenticationManager = getAuthenticationManager(httpSecurity);
        httpSecurity.addFilter(getProcessingFilter(authenticationManager));
        httpSecurity.authenticationManager(authenticationManager);
        return (SecurityFilterChain) httpSecurity.build();
    }

    private AuthenticationManager getAuthenticationManager(HttpSecurity httpSecurity) {
        return new ProviderManager(Arrays.asList(getAuthenticationProvider(httpSecurity)));
    }

    private PreAuthenticatedAuthenticationProvider getAuthenticationProvider(HttpSecurity httpSecurity) {
        PreAuthenticatedAuthenticationProvider preAuthenticatedAuthenticationProvider = new PreAuthenticatedAuthenticationProvider();
        preAuthenticatedAuthenticationProvider.setPreAuthenticatedUserDetailsService(new PreAuthenticatedGrantedAuthoritiesUserDetailsService());
        httpSecurity.authenticationProvider(preAuthenticatedAuthenticationProvider).setSharedObject(AuthenticationEntryPoint.class, getEntryPoint());
        return preAuthenticatedAuthenticationProvider;
    }

    private AuthenticationEntryPoint getEntryPoint() {
        return new Http403ForbiddenEntryPoint();
    }

    private J2eePreAuthenticatedProcessingFilter getProcessingFilter(AuthenticationManager authenticationManager) {
        J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter = new J2eePreAuthenticatedProcessingFilter();
        j2eePreAuthenticatedProcessingFilter.setAuthenticationDetailsSource(getAuthenticationDetailsSource());
        j2eePreAuthenticatedProcessingFilter.setAuthenticationManager(authenticationManager);
        return j2eePreAuthenticatedProcessingFilter;
    }

    private J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource getAuthenticationDetailsSource() {
        J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource = new J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource();
        j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.setMappableRolesRetriever(getWebXmlSecurityRoles());
        return j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource;
    }

    private MappableAttributesRetriever getWebXmlSecurityRoles() {
        DelegatedMappableAttributesRetriever delegatedMappableAttributesRetriever = new DelegatedMappableAttributesRetriever();
        delegatedMappableAttributesRetriever.addMappableAttributes(((MappableAttributesRetriever) SpringUtils.createBean(getApplicationContext(), WebXmlMappableAttributesRetriever.class)).getMappableAttributes());
        delegatedMappableAttributesRetriever.addMappableAttributes(new HashSet(getSecurityRoles()));
        return delegatedMappableAttributesRetriever;
    }
}
