package com.centit.sys.security;

import com.centit.core.security.CentitUserDetails;
import java.util.Collection;
import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.FilterInvocation;
import org.springframework.stereotype.Component;

@Component("centitAccessDecisionManagerBean")
/* loaded from: input_file:com/centit/sys/security/DaoAccessDecisionManager.class */
public class DaoAccessDecisionManager implements AccessDecisionManager {
    protected static final Log logger = LogFactory.getLog(DaoAccessDecisionManager.class);

    public void decide(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
        if (collection == null || collection.size() < 1) {
            return;
        }
        Collection authorities = authentication.getAuthorities();
        if (authorities != null) {
            Iterator it = authorities.iterator();
            Iterator<ConfigAttribute> it2 = collection.iterator();
            String attribute = it2.next().getAttribute();
            String authority = ((GrantedAuthority) it.next()).getAuthority();
            while (true) {
                int compareTo = attribute.compareTo(authority);
                if (compareTo == 0) {
                    return;
                }
                if (compareTo < 0) {
                    if (!it2.hasNext()) {
                        break;
                    } else {
                        attribute = it2.next().getAttribute();
                    }
                } else if (!it.hasNext()) {
                    break;
                } else {
                    authority = ((GrantedAuthority) it.next()).getAuthority();
                }
            }
        }
        FilterInvocation filterInvocation = (FilterInvocation) obj;
        String requestUrl = filterInvocation.getRequestUrl();
        StringBuilder sb = new StringBuilder();
        Iterator<ConfigAttribute> it3 = collection.iterator();
        while (it3.hasNext()) {
            sb.append(it3.next().getAttribute().substring(2)).append(" ");
        }
        String str = "无权限访问资源:" + requestUrl + ",需要角色 " + ((Object) sb) + "中的一个。";
        if (authentication != null && (authentication instanceof CentitUserDetails)) {
            str = "用户 " + ((CentitUserDetails) authentication).getUserName() + str;
        }
        filterInvocation.getRequest().setAttribute("CENTIT_SYSTEM_ERROR_MSG", str);
        logger.error(str);
        throw new AccessDeniedException(str);
    }

    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    public boolean supports(Class<?> cls) {
        return true;
    }
}
