package com.centit.framework.system.config;

import com.centit.framework.config.SecurityDaoCondition;
import com.centit.framework.config.SpringSecurityBaseConfig;
import com.centit.framework.security.AjaxAuthenticationSuccessHandler;
import com.centit.framework.security.PretreatmentAuthenticationProcessingFilter;
import com.centit.framework.security.model.CentitPasswordEncoder;
import com.centit.support.algorithm.BooleanBaseOpt;
import com.centit.support.algorithm.NumberBaseOpt;
import com.centit.support.algorithm.StringBaseOpt;
import java.util.ArrayList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Conditional;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.csrf.CsrfLogoutHandler;

@EnableWebSecurity
@Conditional({SecurityDaoCondition.class})
/* loaded from: input_file:com/centit/framework/system/config/SpringSecurityDaoConfig.class */
public class SpringSecurityDaoConfig extends SpringSecurityBaseConfig {

    @Autowired
    private CentitPasswordEncoder passwordEncoder;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        if (BooleanBaseOpt.castObjectToBoolean(this.env.getProperty("http.csrf.enable"), false).booleanValue()) {
            httpSecurity.csrf().csrfTokenRepository(this.csrfTokenRepository);
        } else {
            httpSecurity.csrf().disable();
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/system/mainframe/login", "/system/mainframe/csrf", "/system/exception"})).permitAll().and().exceptionHandling().accessDeniedPage("/system/exception/accessDenied").and().httpBasic().authenticationEntryPoint(authenticationEntryPoint());
        AuthenticationManager createAuthenticationManager = createAuthenticationManager(createAuthenticationProvider());
        httpSecurity.addFilterAt(createPretreatmentAuthenticationProcessingFilter(createAuthenticationManager, createAjaxSuccessHandler(this.centitUserDetailsService), createAjaxFailureHandler()), UsernamePasswordAuthenticationFilter.class).addFilterBefore(createCentitPowerFilter(createAuthenticationManager, createCentitAccessDecisionManager(), createCentitSecurityMetadataSource()), FilterSecurityInterceptor.class).addFilterAt(logoutFilter(), LogoutFilter.class);
    }

    private LoginUrlAuthenticationEntryPoint authenticationEntryPoint() {
        return new LoginUrlAuthenticationEntryPoint("/system/mainframe/login");
    }

    private UsernamePasswordAuthenticationFilter createPretreatmentAuthenticationProcessingFilter(AuthenticationManager authenticationManager, AjaxAuthenticationSuccessHandler ajaxAuthenticationSuccessHandler, AuthenticationFailureHandler authenticationFailureHandler) {
        PretreatmentAuthenticationProcessingFilter pretreatmentAuthenticationProcessingFilter = new PretreatmentAuthenticationProcessingFilter();
        pretreatmentAuthenticationProcessingFilter.setAuthenticationManager(authenticationManager);
        pretreatmentAuthenticationProcessingFilter.setCheckCaptchaTime(NumberBaseOpt.castObjectToInteger(this.env.getProperty("login.captcha.checkTime"), 0).intValue());
        pretreatmentAuthenticationProcessingFilter.setCheckCaptchaType(NumberBaseOpt.castObjectToInteger(this.env.getProperty("login.captcha.checkType"), 0).intValue());
        pretreatmentAuthenticationProcessingFilter.setRetryCheckType(StringBaseOpt.emptyValue(this.env.getProperty("login.retry.checkType"), "H"));
        pretreatmentAuthenticationProcessingFilter.setRetryMaxTryTimes(NumberBaseOpt.castObjectToInteger(this.env.getProperty("login.retry.maxTryTimes"), 0).intValue());
        pretreatmentAuthenticationProcessingFilter.setRetryLockMinites(NumberBaseOpt.castObjectToInteger(this.env.getProperty("login.retry.lockMinites"), 10).intValue());
        pretreatmentAuthenticationProcessingFilter.setRetryCheckTimeTnterval(NumberBaseOpt.castObjectToInteger(this.env.getProperty("login.retry.checkTimeTnterval"), 3).intValue());
        pretreatmentAuthenticationProcessingFilter.setContinueChainBeforeSuccessfulAuthentication(BooleanBaseOpt.castObjectToBoolean(this.env.getProperty("http.filter.chain.continueBeforeSuccessfulAuthentication"), false).booleanValue());
        pretreatmentAuthenticationProcessingFilter.setAuthenticationFailureHandler(authenticationFailureHandler);
        pretreatmentAuthenticationProcessingFilter.setAuthenticationSuccessHandler(ajaxAuthenticationSuccessHandler);
        return pretreatmentAuthenticationProcessingFilter;
    }

    private LogoutFilter logoutFilter() {
        return new LogoutFilter("/system/mainframe/login", new LogoutHandler[]{new CsrfLogoutHandler(this.csrfTokenRepository), new CookieClearingLogoutHandler(new String[]{"JSESSIONID", "remember-me"}), new SecurityContextLogoutHandler()});
    }

    private AuthenticationProvider createAuthenticationProvider() {
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
        daoAuthenticationProvider.setUserDetailsService(this.centitUserDetailsService);
        daoAuthenticationProvider.setPasswordEncoder(this.passwordEncoder);
        return daoAuthenticationProvider;
    }

    private AuthenticationManager createAuthenticationManager(AuthenticationProvider authenticationProvider) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(authenticationProvider);
        return new ProviderManager(arrayList);
    }
}
