package org.ifinalframework.security.web.method;

import java.util.Iterator;
import java.util.Set;
import org.ifinalframework.context.exception.ForbiddenException;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.http.HttpMethod;
import org.springframework.security.access.expression.SecurityExpressionRoot;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.CollectionUtils;
import org.springframework.web.method.HandlerMethod;

/* loaded from: input_file:org/ifinalframework/security/web/method/AbstractSpelHandlerMethodPreAuthenticate.class */
public abstract class AbstractSpelHandlerMethodPreAuthenticate implements HandlerMethodPreAuthenticate {
    private final SpelExpressionParser spelExpressionParser = new SpelExpressionParser();
    private final AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();

    @Override // org.ifinalframework.security.web.method.HandlerMethodPreAuthenticate
    public void authenticate(HandlerMethod handlerMethod, HttpMethod httpMethod, Set<String> set) {
        Set<String> spelAuthroizes = getSpelAuthroizes(httpMethod, set);
        if (CollectionUtils.isEmpty(spelAuthroizes)) {
            return;
        }
        SecurityExpressionRoot securityExpressionRoot = new SecurityExpressionRoot(SecurityContextHolder.getContext().getAuthentication()) { // from class: org.ifinalframework.security.web.method.AbstractSpelHandlerMethodPreAuthenticate.1
        };
        securityExpressionRoot.setTrustResolver(this.authenticationTrustResolver);
        Iterator<String> it = spelAuthroizes.iterator();
        while (it.hasNext()) {
            if (!Boolean.TRUE.equals((Boolean) this.spelExpressionParser.parseExpression(it.next()).getValue(securityExpressionRoot, Boolean.TYPE))) {
                throw new ForbiddenException("您没有权限：" + httpMethod + " " + String.join(",", set), new Object[0]);
            }
        }
    }

    protected abstract Set<String> getSpelAuthroizes(HttpMethod httpMethod, Set<String> set);
}
