package com.centit.framework.config;

import com.centit.framework.security.AjaxAuthenticationSuccessHandler;
import com.centit.framework.security.PretreatmentAuthenticationProcessingFilter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.csrf.CsrfLogoutHandler;

@EnableConfigurationProperties({SecurityProperties.class})
@Configuration
@EnableWebSecurity
@ConditionalOnProperty(prefix = "security.login.dao", name = {"enabled"})
/* loaded from: input_file:com/centit/framework/config/WebSecurityDaoConfig.class */
public class WebSecurityDaoConfig extends WebSecurityBaseConfig {
    private LoginUrlAuthenticationEntryPoint authenticationEntryPoint() {
        return new LoginUrlAuthenticationEntryPoint("/system/mainframe/login");
    }

    private UsernamePasswordAuthenticationFilter createPretreatmentAuthenticationProcessingFilter(AuthenticationManager authenticationManager, AjaxAuthenticationSuccessHandler ajaxAuthenticationSuccessHandler, AuthenticationFailureHandler authenticationFailureHandler) {
        PretreatmentAuthenticationProcessingFilter pretreatmentAuthenticationProcessingFilter = new PretreatmentAuthenticationProcessingFilter();
        pretreatmentAuthenticationProcessingFilter.setAuthenticationManager(authenticationManager);
        pretreatmentAuthenticationProcessingFilter.setCheckCaptchaTime(this.securityProperties.getLogin().getCaptcha().getCheckTime());
        pretreatmentAuthenticationProcessingFilter.setCheckCaptchaType(this.securityProperties.getLogin().getCaptcha().getCheckType());
        pretreatmentAuthenticationProcessingFilter.setRetryCheckType(this.securityProperties.getLogin().getRetry().getCheckType());
        pretreatmentAuthenticationProcessingFilter.setRetryMaxTryTimes(this.securityProperties.getLogin().getRetry().getMaxTryTimes());
        pretreatmentAuthenticationProcessingFilter.setRetryLockMinites(this.securityProperties.getLogin().getRetry().getLockMinites());
        pretreatmentAuthenticationProcessingFilter.setRetryCheckTimeTnterval(this.securityProperties.getLogin().getRetry().getCheckTimeInterval());
        pretreatmentAuthenticationProcessingFilter.setContinueChainBeforeSuccessfulAuthentication(this.securityProperties.getHttp().isFilterContinueAuthentication());
        pretreatmentAuthenticationProcessingFilter.setAuthenticationFailureHandler(authenticationFailureHandler);
        pretreatmentAuthenticationProcessingFilter.setAuthenticationSuccessHandler(ajaxAuthenticationSuccessHandler);
        return pretreatmentAuthenticationProcessingFilter;
    }

    private LogoutFilter logoutFilter() {
        return new LogoutFilter(this.securityProperties.getLogout().getTargetUrl(), new LogoutHandler[]{new CsrfLogoutHandler(this.csrfTokenRepository), new CookieClearingLogoutHandler(new String[]{"JSESSIONID", "remember-me"}), new SecurityContextLogoutHandler()});
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        if (this.securityProperties.getHttp().isCsrfEnable()) {
            httpSecurity.csrf().csrfTokenRepository(this.csrfTokenRepository);
        } else {
            httpSecurity.csrf().disable();
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/system/mainframe/login", "/system/exception", "/oauth/check_token"})).permitAll().and().exceptionHandling().accessDeniedPage("/system/exception/error/403").and().sessionManagement().invalidSessionUrl("/system/exception/error/401").and().httpBasic().authenticationEntryPoint(authenticationEntryPoint());
        httpSecurity.headers().frameOptions().sameOrigin();
        httpSecurity.addFilterAt(createPretreatmentAuthenticationProcessingFilter(this.authenticationManager, createSuccessHandler(this.centitUserDetailsService), createFailureHandler()), UsernamePasswordAuthenticationFilter.class).addFilterAt(logoutFilter(), LogoutFilter.class);
        httpSecurity.addFilterBefore(createCentitPowerFilter(createCentitAccessDecisionManager(), createCentitSecurityMetadataSource()), FilterSecurityInterceptor.class);
    }
}
