package de.taimos.dvalin.jaxrs.security;

import com.google.common.base.Joiner;
import com.google.common.collect.Lists;
import de.taimos.dvalin.jaxrs.JaxRsAnnotationScanner;
import de.taimos.dvalin.jaxrs.JaxRsComponent;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Priority;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.security.SecurityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@JaxRsComponent
@Provider
@Priority(2000)
/* loaded from: input_file:de/taimos/dvalin/jaxrs/security/RolesFilter.class */
public class RolesFilter implements ContainerRequestFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(RolesFilter.class);

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        Message currentMessage = JAXRSUtils.getCurrentMessage();
        List searchForAnnotation = JaxRsAnnotationScanner.searchForAnnotation((Method) currentMessage.get("org.apache.cxf.resource.method"), RolesAllowed.class);
        ArrayList<String> arrayList = new ArrayList();
        Iterator it = searchForAnnotation.iterator();
        while (it.hasNext()) {
            arrayList.addAll(Lists.newArrayList(((RolesAllowed) it.next()).value()));
        }
        if (arrayList.isEmpty()) {
            LOGGER.debug("No roles needed");
            return;
        }
        LOGGER.debug("Needs: {}", Joiner.on(",").join(arrayList));
        SecurityContext securityContext = (SecurityContext) currentMessage.get(SecurityContext.class);
        if (securityContext != null) {
            for (String str : arrayList) {
                if (securityContext.isUserInRole(str)) {
                    LOGGER.debug("Passed with role {}", str);
                    return;
                }
            }
        }
        containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).entity("Missing at least one of the following roles: " + Joiner.on(",").join(arrayList)).build());
    }
}
