package org.springframework.security.data.repository.query;

import org.springframework.data.spel.spi.EvaluationContextExtension;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.expression.DenyAllPermissionEvaluator;
import org.springframework.security.access.expression.SecurityExpressionRoot;
import org.springframework.security.access.hierarchicalroles.NullRoleHierarchy;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:BOOT-INF/lib/spring-security-data-5.7.11.jar:org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.class */
public class SecurityEvaluationContextExtension implements EvaluationContextExtension {
    private Authentication authentication;
    private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
    private RoleHierarchy roleHierarchy = new NullRoleHierarchy();
    private PermissionEvaluator permissionEvaluator = new DenyAllPermissionEvaluator();
    private String defaultRolePrefix = "ROLE_";

    public SecurityEvaluationContextExtension() {
    }

    public SecurityEvaluationContextExtension(Authentication authentication) {
        this.authentication = authentication;
    }

    @Override // org.springframework.data.spel.spi.ExtensionIdAware
    public String getExtensionId() {
        return "security";
    }

    @Override // org.springframework.data.spel.spi.EvaluationContextExtension
    public SecurityExpressionRoot getRootObject() {
        SecurityExpressionRoot securityExpressionRoot = new SecurityExpressionRoot(getAuthentication()) { // from class: org.springframework.security.data.repository.query.SecurityEvaluationContextExtension.1
        };
        securityExpressionRoot.setTrustResolver(this.trustResolver);
        securityExpressionRoot.setRoleHierarchy(this.roleHierarchy);
        securityExpressionRoot.setPermissionEvaluator(this.permissionEvaluator);
        securityExpressionRoot.setDefaultRolePrefix(this.defaultRolePrefix);
        return securityExpressionRoot;
    }

    private Authentication getAuthentication() {
        return this.authentication != null ? this.authentication : SecurityContextHolder.getContext().getAuthentication();
    }
}
