package de.digitalcollections.commons.springsecurity.web.filter;

import de.digitalcollections.commons.springsecurity.access.UnsecuredPaths;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;

/* loaded from: input_file:BOOT-INF/lib/dc-commons-springsecurity-4.0.1.jar:de/digitalcollections/commons/springsecurity/web/filter/AuthenticatedUserFilter.class */
public class AuthenticatedUserFilter implements Filter {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AuthenticatedUserFilter.class);
    private final UnsecuredPaths unsecuredPaths;

    @Autowired
    public AuthenticatedUserFilter(UnsecuredPaths unsecuredPaths) {
        this.unsecuredPaths = unsecuredPaths;
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null) {
            Object principal = authentication.getPrincipal();
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Found principal=" + principal);
            }
            if (principal instanceof User) {
                servletRequest.setAttribute("username", ((User) principal).getUsername());
            }
        } else if (servletRequest instanceof HttpServletRequest) {
            String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
            if (!this.unsecuredPaths.getUnsecuredPaths().contains(requestURI)) {
                LOGGER.warn("Unauthorized request detected to " + requestURI);
            }
        } else {
            LOGGER.warn("Unauthorized request detected !");
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
