package de.muenchen.oss.digiwf.cocreation.server.configuration;

import org.springdoc.core.Constants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

@Configuration
@EnableWebSecurity
@Profile({"!no-security"})
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
/* loaded from: input_file:BOOT-INF/classes/de/muenchen/oss/digiwf/cocreation/server/configuration/SecurityConfiguration.class */
public class SecurityConfiguration extends ResourceServerConfigurerAdapter {

    @Value("${security.oauth2.resource.user-info-uri}")
    private String userInfoUri;

    @Value("${security.oauth2.client.client-id}")
    private String resourceId;

    @Autowired
    private String[] swaggerWhitelist;

    @Override // org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer
    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) throws Exception {
        resourceServerSecurityConfigurer.resourceId(null);
    }

    @Override // org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer
    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.antMatcher(Constants.ALL_PATTERN).authorizeRequests().antMatchers("/actuator/info").permitAll().antMatchers("/actuator/health").permitAll().antMatchers("/actuator/metrics").permitAll().antMatchers(this.swaggerWhitelist).permitAll().antMatchers(Constants.ALL_PATTERN).authenticated();
    }

    @Bean
    public OAuth2RestTemplate oauth2RestTemplate(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, OAuth2ClientContext oAuth2ClientContext) {
        return new OAuth2RestTemplate(oAuth2ProtectedResourceDetails, oAuth2ClientContext);
    }

    @Bean
    @Primary
    public UserInfoTokenServices tokenServices() {
        return new CustomUserInfoTokenServices(this.userInfoUri, this.resourceId);
    }
}
