package org.springframework.security.web.access;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.config.Elements;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.security.web.util.ThrowableCauseExtractor;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:BOOT-INF/lib/spring-security-web-4.2.5.RELEASE.jar:org/springframework/security/web/access/ExceptionTranslationFilter.class */
public class ExceptionTranslationFilter extends GenericFilterBean {
    private AccessDeniedHandler accessDeniedHandler;
    private AuthenticationEntryPoint authenticationEntryPoint;
    private AuthenticationTrustResolver authenticationTrustResolver;
    private ThrowableAnalyzer throwableAnalyzer;
    private RequestCache requestCache;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-web-4.2.5.RELEASE.jar:org/springframework/security/web/access/ExceptionTranslationFilter$DefaultThrowableAnalyzer.class */
    private static final class DefaultThrowableAnalyzer extends ThrowableAnalyzer {
        private DefaultThrowableAnalyzer() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.springframework.security.web.util.ThrowableAnalyzer
        public void initExtractorMap() {
            super.initExtractorMap();
            registerExtractor(ServletException.class, new ThrowableCauseExtractor() { // from class: org.springframework.security.web.access.ExceptionTranslationFilter.DefaultThrowableAnalyzer.1
                @Override // org.springframework.security.web.util.ThrowableCauseExtractor
                public Throwable extractCause(Throwable th) {
                    ThrowableAnalyzer.verifyThrowableHierarchy(th, ServletException.class);
                    return ((ServletException) th).getRootCause();
                }
            });
        }
    }

    public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint) {
        this(authenticationEntryPoint, new HttpSessionRequestCache());
    }

    public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint, RequestCache requestCache) {
        this.accessDeniedHandler = new AccessDeniedHandlerImpl();
        this.authenticationTrustResolver = new AuthenticationTrustResolverImpl();
        this.throwableAnalyzer = new DefaultThrowableAnalyzer();
        this.requestCache = new HttpSessionRequestCache();
        Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint cannot be null");
        Assert.notNull(requestCache, "requestCache cannot be null");
        this.authenticationEntryPoint = authenticationEntryPoint;
        this.requestCache = requestCache;
    }

    @Override // org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        Assert.notNull(this.authenticationEntryPoint, "authenticationEntryPoint must be specified");
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            this.logger.debug("Chain processed normally");
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            Throwable[] determineCauseChain = this.throwableAnalyzer.determineCauseChain(e2);
            RuntimeException runtimeException = (AuthenticationException) this.throwableAnalyzer.getFirstThrowableOfType(AuthenticationException.class, determineCauseChain);
            if (runtimeException == null) {
                runtimeException = (AccessDeniedException) this.throwableAnalyzer.getFirstThrowableOfType(AccessDeniedException.class, determineCauseChain);
            }
            if (runtimeException != null) {
                handleSpringSecurityException(httpServletRequest, httpServletResponse, filterChain, runtimeException);
            } else {
                if (e2 instanceof ServletException) {
                    throw ((ServletException) e2);
                }
                if (!(e2 instanceof RuntimeException)) {
                    throw new RuntimeException(e2);
                }
                throw ((RuntimeException) e2);
            }
        }
    }

    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
        return this.authenticationEntryPoint;
    }

    protected AuthenticationTrustResolver getAuthenticationTrustResolver() {
        return this.authenticationTrustResolver;
    }

    private void handleSpringSecurityException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, RuntimeException runtimeException) throws IOException, ServletException {
        if (runtimeException instanceof AuthenticationException) {
            this.logger.debug("Authentication exception occurred; redirecting to authentication entry point", runtimeException);
            sendStartAuthentication(httpServletRequest, httpServletResponse, filterChain, (AuthenticationException) runtimeException);
        } else if (runtimeException instanceof AccessDeniedException) {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (this.authenticationTrustResolver.isAnonymous(authentication) || this.authenticationTrustResolver.isRememberMe(authentication)) {
                this.logger.debug("Access is denied (user is " + (this.authenticationTrustResolver.isAnonymous(authentication) ? Elements.ANONYMOUS : "not fully authenticated") + "); redirecting to authentication entry point", runtimeException);
                sendStartAuthentication(httpServletRequest, httpServletResponse, filterChain, new InsufficientAuthenticationException("Full authentication is required to access this resource"));
            } else {
                this.logger.debug("Access is denied (user is not anonymous); delegating to AccessDeniedHandler", runtimeException);
                this.accessDeniedHandler.handle(httpServletRequest, httpServletResponse, (AccessDeniedException) runtimeException);
            }
        }
    }

    protected void sendStartAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, AuthenticationException authenticationException) throws ServletException, IOException {
        SecurityContextHolder.getContext().setAuthentication(null);
        this.requestCache.saveRequest(httpServletRequest, httpServletResponse);
        this.logger.debug("Calling Authentication entry point.");
        this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, authenticationException);
    }

    public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
        Assert.notNull(accessDeniedHandler, "AccessDeniedHandler required");
        this.accessDeniedHandler = accessDeniedHandler;
    }

    public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
        Assert.notNull(authenticationTrustResolver, "authenticationTrustResolver must not be null");
        this.authenticationTrustResolver = authenticationTrustResolver;
    }

    public void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer) {
        Assert.notNull(throwableAnalyzer, "throwableAnalyzer must not be null");
        this.throwableAnalyzer = throwableAnalyzer;
    }
}
