package de.muenchen.oss.digiwf.cockpit.security.spring;

import de.muenchen.oss.digiwf.cockpit.CamundaWebappsProperties;
import de.muenchen.oss.digiwf.spring.security.SecurityConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.web.SecurityFilterChain;

@Profile({SecurityConfiguration.SECURITY})
@Configuration
/* loaded from: input_file:BOOT-INF/lib/digiwf-engine-cockpit-1.5.3.jar:de/muenchen/oss/digiwf/cockpit/security/spring/CamundaWebAppsSecurityConfiguration.class */
public class CamundaWebAppsSecurityConfiguration {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CamundaWebAppsSecurityConfiguration.class);
    private static final String[] CAMUNDA_APP_PATHS = {"/camunda/app/**", "/camunda/api/**", "/camunda/lib/**"};
    private final CamundaWebappsProperties camundaWebappsProperties;

    @Bean
    @Order(-23)
    public SecurityFilterChain camundaWebAppFilterChain(HttpSecurity httpSecurity, JwtAuthenticationConverter jwtAuthenticationConverter) throws Exception {
        httpSecurity.securityMatcher(CAMUNDA_APP_PATHS).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.anyRequest().hasRole(this.camundaWebappsProperties.getWebAppRole());
        }).csrf((v0) -> {
            v0.disable();
        }).oauth2ResourceServer(oAuth2ResourceServerConfigurer -> {
            oAuth2ResourceServerConfigurer.jwt(jwtConfigurer -> {
                jwtConfigurer.jwtAuthenticationConverter(jwtAuthenticationConverter);
            });
        });
        return httpSecurity.build();
    }

    public CamundaWebAppsSecurityConfiguration(CamundaWebappsProperties camundaWebappsProperties) {
        this.camundaWebappsProperties = camundaWebappsProperties;
    }
}
