package org.alfresco.web.app.servlet;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.web.bean.repository.User;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:WEB-INF/classes/org/alfresco/web/app/servlet/AdminAuthenticationFilter.class */
public class AdminAuthenticationFilter implements Filter {
    private static final Log logger = LogFactory.getLog(AdminAuthenticationFilter.class);
    private FilterConfig config;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (logger.isDebugEnabled()) {
            logger.debug("Authorising request for protected resource: " + httpServletRequest.getRequestURI());
        }
        User user = AuthenticationHelper.getUser(this.config.getServletContext(), httpServletRequest, httpServletResponse);
        if (user != null && user.isAdmin()) {
            if (logger.isDebugEnabled()) {
                logger.debug("Current user has admin authority, allowing access.");
            }
            filterChain.doFilter(servletRequest, servletResponse);
        } else if (httpServletResponse.isCommitted()) {
            if (logger.isWarnEnabled()) {
                logger.warn("Access denied to '" + httpServletRequest.getRequestURI() + "'. The response has already been committed so a 401 Forbidden error could not be sent!");
            }
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("Current user does not have admin authority, returning 401 Forbidden error...");
            }
            httpServletResponse.sendError(403);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.config = filterConfig;
    }

    public void destroy() {
    }
}
