package edu.internet2.middleware.grouper.ui;

import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.MemberFinder;
import edu.internet2.middleware.grouper.Stem;
import edu.internet2.middleware.grouper.StemFinder;
import edu.internet2.middleware.grouper.StemSave;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.audit.GrouperEngineBuiltin;
import edu.internet2.middleware.grouper.exception.GrouperSessionException;
import edu.internet2.middleware.grouper.grouperUi.beans.ContextContainer;
import edu.internet2.middleware.grouper.grouperUi.beans.RequestContainer;
import edu.internet2.middleware.grouper.grouperUi.beans.SessionContainer;
import edu.internet2.middleware.grouper.grouperUi.beans.json.GuiResponseJs;
import edu.internet2.middleware.grouper.grouperUi.beans.json.GuiScreenAction;
import edu.internet2.middleware.grouper.grouperUi.beans.ui.TextContainer;
import edu.internet2.middleware.grouper.grouperUi.serviceLogic.ExternalSubjectSelfRegister;
import edu.internet2.middleware.grouper.grouperUi.serviceLogic.InviteExternalSubjects;
import edu.internet2.middleware.grouper.hibernate.GrouperContext;
import edu.internet2.middleware.grouper.hooks.beans.GrouperContextTypeBuiltIn;
import edu.internet2.middleware.grouper.hooks.beans.HooksContext;
import edu.internet2.middleware.grouper.j2ee.GrouperRequestWrapper;
import edu.internet2.middleware.grouper.j2ee.status.GrouperStatusServlet;
import edu.internet2.middleware.grouper.misc.GrouperSessionHandler;
import edu.internet2.middleware.grouper.misc.GrouperStartup;
import edu.internet2.middleware.grouper.privs.NamingPrivilege;
import edu.internet2.middleware.grouper.privs.PrivilegeHelper;
import edu.internet2.middleware.grouper.session.GrouperSessionResult;
import edu.internet2.middleware.grouper.ui.exceptions.ControllerDone;
import edu.internet2.middleware.grouper.ui.util.GrouperUiConfig;
import edu.internet2.middleware.grouper.ui.util.GrouperUiUtils;
import edu.internet2.middleware.grouper.util.GrouperEmail;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
import edu.internet2.middleware.subject.SubjectNotFoundException;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.Principal;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.ResourceBundle;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.jsp.jstl.fmt.LocalizationContext;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileItemFactory;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:edu/internet2/middleware/grouper/ui/GrouperUiFilter.class */
public class GrouperUiFilter implements Filter {
    private static FileItemFactory fileItemFactory;
    private static ServletFileUpload upload;
    private static Log LOG;
    private static final long serialVersionUID = 1;
    private static ThreadLocal<HttpServlet> threadLocalServlet;
    private static ThreadLocal<Boolean> threadLocalInInit;
    private static ThreadLocal<HttpServletRequest> threadLocalRequest;
    private static ThreadLocal<Long> threadLocalRequestStartMillis;
    private static ThreadLocal<HttpServletResponse> threadLocalResponse;

    /* loaded from: input_file:edu/internet2/middleware/grouper/ui/GrouperUiFilter$UiSection.class */
    public enum UiSection implements Serializable {
        ANONYMOUS(null, null) { // from class: edu.internet2.middleware.grouper.ui.GrouperUiFilter.UiSection.1
            @Override // edu.internet2.middleware.grouper.ui.GrouperUiFilter.UiSection
            public boolean isAnonymous() {
                return true;
            }
        },
        EXTERNAL(null, null) { // from class: edu.internet2.middleware.grouper.ui.GrouperUiFilter.UiSection.2
            @Override // edu.internet2.middleware.grouper.ui.GrouperUiFilter.UiSection
            public boolean isAnonymous() {
                return true;
            }
        },
        ADMIN_UI("require.group.for.logins", null),
        INVITE_EXTERNAL_SUBJECTS("require.group.for.inviteExternalSubjects.logins", null),
        SIMPLE_MEMBERSHIP_UPDATE("require.group.for.membershipUpdateLite.logins", GrouperUtil.toSet(new UiSection[]{ADMIN_UI})),
        SIMPLE_ATTRIBUTE_UPDATE("require.group.for.attributeUpdateLite.logins", GrouperUtil.toSet(new UiSection[]{ADMIN_UI})),
        SUBJECT_PICKER("require.group.for.subjectPicker.logins", GrouperUtil.toSet(new UiSection[]{ADMIN_UI, SIMPLE_MEMBERSHIP_UPDATE}));

        private String mediaKey;
        private Set<UiSection> uiSectionsThatAllowThisSection;

        public boolean isAnonymous() {
            return false;
        }

        public Set<UiSection> getUiSectionsThatAllowThisSection() {
            if (this.uiSectionsThatAllowThisSection == null) {
                this.uiSectionsThatAllowThisSection = new LinkedHashSet();
            }
            if (!this.uiSectionsThatAllowThisSection.contains(this)) {
                LinkedHashSet linkedHashSet = new LinkedHashSet();
                linkedHashSet.add(this);
                linkedHashSet.addAll(GrouperUtil.nonNull(this.uiSectionsThatAllowThisSection));
                this.uiSectionsThatAllowThisSection = linkedHashSet;
            }
            return this.uiSectionsThatAllowThisSection;
        }

        UiSection(String str, Set set) {
            this.mediaKey = str;
            this.uiSectionsThatAllowThisSection = set;
        }

        public String getMediaKey() {
            return this.mediaKey;
        }
    }

    public static Locale retrieveLocale() {
        HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
        if (retrieveHttpServletRequest == null) {
            return null;
        }
        return retrieveHttpServletRequest.getLocale();
    }

    public static ResourceBundle retrieveSessionNavResourceBundle() {
        return ((LocalizationContext) retrieveHttpServletRequest().getSession().getAttribute("nav")).getResourceBundle();
    }

    public static ResourceBundle retrieveSessionMediaResourceBundle() {
        HttpSession session = retrieveHttpServletRequest().getSession(false);
        LocalizationContext localizationContext = null;
        if (session != null) {
            localizationContext = (LocalizationContext) session.getAttribute("media");
        }
        if (localizationContext != null) {
            return localizationContext.getResourceBundle();
        }
        throw new RuntimeException("Cant find media bundle");
    }

    public static Map<String, String> retrieveSessionMediaNullMapResourceBundle() {
        HttpSession session = retrieveHttpServletRequest().getSession(false);
        if (session != null) {
            return (Map) session.getAttribute("mediaNullMap");
        }
        throw new RuntimeException("Cant find media bundle");
    }

    public static Properties retrieveMediaProperties() {
        Properties properties = new Properties();
        properties.putAll(GrouperUtil.propertiesFromResourceName("resources/grouper/media.properties"));
        if (GrouperUtil.computeUrl("resources/custom/media.properties", true) != null) {
            properties.putAll(GrouperUtil.propertiesFromResourceName("resources/custom/media.properties"));
        }
        properties.putAll(GrouperUiConfig.retrieveConfig().properties());
        return properties;
    }

    public static List<FileItem> fileItems() {
        HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
        List<FileItem> list = (List) retrieveHttpServletRequest.getAttribute("fileItems");
        if (list == null) {
            try {
                list = upload.parseRequest(retrieveHttpServletRequest);
                retrieveHttpServletRequest.setAttribute("fileItems", list);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        return list;
    }

    public static Set<String> requestParameterNamesByPrefix(String str) {
        HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Enumeration parameterNames = retrieveHttpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str2 = (String) parameterNames.nextElement();
            if (str2.startsWith(str)) {
                linkedHashSet.add(str2);
            }
        }
        return linkedHashSet;
    }

    public static long retrieveRequestStartMillis() {
        return GrouperUtil.longValue(threadLocalRequestStartMillis.get(), 0L);
    }

    @Deprecated
    public static String retrieveUserPrincipalNameFromRequest() {
        HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
        GrouperUtil.assertion(retrieveHttpServletRequest != null, "HttpServletRequest is null, is the GrouperServiceServlet mapped in the web.xml?");
        Principal userPrincipal = retrieveHttpServletRequest.getUserPrincipal();
        GrouperUtil.assertion(userPrincipal != null, "There is no user logged in, make sure the container requires authentication");
        return userPrincipal.getName();
    }

    public static Subject retrieveSubjectLoggedIn() {
        return retrieveSubjectLoggedIn(false, null);
    }

    public static Subject retrieveSubjectLoggedIn(boolean z, HttpServletResponse httpServletResponse) {
        Subject retrieveSubjectLoggedInHelper = retrieveSubjectLoggedInHelper(z);
        ensureUserAllowedInSection(uiSectionForRequest(), retrieveSubjectLoggedInHelper, httpServletResponse);
        if (retrieveSubjectLoggedInHelper != null) {
            SessionContainer.retrieveFromSession().setSubjectLoggedIn(retrieveSubjectLoggedInHelper);
        }
        return retrieveSubjectLoggedInHelper;
    }

    private static Subject retrieveSubjectLoggedInHelper(boolean z) {
        GrouperSession grouperSession = SessionInitialiser.getGrouperSession(retrieveHttpServletRequest().getSession());
        if (grouperSession != null && grouperSession.getSubject() != null) {
            return grouperSession.getSubject();
        }
        Subject subjectLoggedIn = SessionContainer.retrieveFromSession().getSubjectLoggedIn();
        HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
        if (subjectLoggedIn != null) {
            return subjectLoggedIn;
        }
        String remoteUser = remoteUser(retrieveHttpServletRequest);
        if (StringUtils.isBlank(remoteUser)) {
            if (z) {
                return null;
            }
            throw new NoUserAuthenticatedException("Cant find logged in user");
        }
        GrouperSession startRootSession = GrouperSession.startRootSession();
        try {
            try {
                Subject findByIdOrIdentifier = SubjectFinder.findByIdOrIdentifier(remoteUser, true);
                GrouperSession.stopQuietly(startRootSession);
                return findByIdOrIdentifier;
            } catch (RuntimeException e) {
                if ((e instanceof SubjectNotFoundException) && z) {
                    GrouperSession.stopQuietly(startRootSession);
                    return null;
                }
                GrouperUtil.injectInException(e, "Cant find subject from login id: " + remoteUser);
                throw e;
            }
        } catch (Throwable th) {
            GrouperSession.stopQuietly(startRootSession);
            throw th;
        }
    }

    private static void ensureUserAllowedInSection(UiSection uiSection, Subject subject, HttpServletResponse httpServletResponse) {
        if (subject == null && uiSection.isAnonymous()) {
            return;
        }
        Set nonNull = GrouperUtil.nonNull(uiSection.getUiSectionsThatAllowThisSection());
        Iterator it = nonNull.iterator();
        while (it.hasNext()) {
            if (SessionContainer.retrieveFromSession().getAllowedUiSections().contains((UiSection) it.next())) {
                return;
            }
        }
        StringBuilder sb = new StringBuilder();
        Iterator it2 = nonNull.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            String mediaKey = ((UiSection) it2.next()).getMediaKey();
            if (!StringUtils.isBlank(mediaKey)) {
                if (subject != null) {
                    String requireUiGroup = requireUiGroup(mediaKey, subject);
                    if (StringUtils.isBlank(requireUiGroup)) {
                        sb = new StringBuilder();
                        break;
                    }
                    sb.append(requireUiGroup).append(", ");
                } else {
                    try {
                        httpServletResponse.sendRedirect(retrieveServletContext() + "/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=anonymousSessionNotAllowed");
                        throw new ControllerDone();
                    } catch (IOException e) {
                        throw new RuntimeException("Error", e);
                    }
                }
            }
        }
        if (sb.length() <= 0) {
            SessionContainer.retrieveFromSession().getAllowedUiSections().add(uiSection);
            return;
        }
        String message = GrouperUiUtils.message("ui.error.not.in.required.group", false, true, GrouperUtil.subjectToString(subject), sb.substring(0, sb.length() - 2));
        LOG.error(message);
        GrouperUiUtils.appendErrorToRequest(message);
        if (!RequestContainer.retrieveFromRequest().isAjaxRequest()) {
            throw new RuntimeException(message);
        }
        GuiResponseJs.retrieveGuiResponseJs().addAction(GuiScreenAction.newAlert(GrouperUiUtils.message("simpleMembershipUpdate.notAllowedInUi")));
        throw new ControllerDone();
    }

    private static String requireUiGroup(String str, Subject subject) {
        String propertyValueString = GrouperUiConfig.retrieveConfig().propertyValueString(str);
        if (LOG.isDebugEnabled()) {
            LOG.debug("mediaKeyOfGroup: " + str + ", groupToRequire: " + propertyValueString + ", subject: " + GrouperUtil.subjectToString(subject));
        }
        if (StringUtils.isBlank(propertyValueString)) {
            return null;
        }
        GrouperSession grouperSession = null;
        boolean z = false;
        try {
            try {
                grouperSession = GrouperSession.staticGrouperSession(false);
                if (grouperSession == null) {
                    grouperSession = GrouperSession.startRootSession();
                    z = true;
                }
                if (!PrivilegeHelper.isWheelOrRoot(grouperSession.getSubject())) {
                    grouperSession = grouperSession.internal_getRootSession();
                }
                Group findByName = GroupFinder.findByName(grouperSession, propertyValueString, true);
                if (subject != null) {
                    if (findByName.hasMember(subject)) {
                        if (z) {
                            GrouperSession.stopQuietly(grouperSession);
                        }
                        return null;
                    }
                }
                return propertyValueString;
            } catch (Exception e) {
                throw new RuntimeException("Problem with user: " + GrouperUtil.subjectToString(subject) + ", " + propertyValueString, e);
            }
        } finally {
            if (z) {
                GrouperSession.stopQuietly(grouperSession);
            }
        }
    }

    public static String remoteUser(HttpServletRequest httpServletRequest) {
        LinkedHashMap linkedHashMap = LOG.isDebugEnabled() ? new LinkedHashMap() : null;
        try {
            String remoteUser = httpServletRequest.getRemoteUser();
            if (LOG.isDebugEnabled()) {
                linkedHashMap.put("httpServletRequest.getRemoteUser()", remoteUser);
            }
            if (StringUtils.isBlank(remoteUser)) {
                String propertyValueString = GrouperUiConfig.retrieveConfig().propertyValueString("grouper.ui.authentication.http.header");
                if (StringUtils.isNotBlank(propertyValueString)) {
                    remoteUser = httpServletRequest.getHeader(propertyValueString);
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put(propertyValueString + " header", remoteUser);
                    }
                }
            }
            if (StringUtils.isBlank(remoteUser)) {
                remoteUser = (String) httpServletRequest.getAttribute("REMOTE_USER");
                if (LOG.isDebugEnabled()) {
                    linkedHashMap.put("REMOTE_USER attribute", remoteUser);
                }
            }
            if (StringUtils.isBlank(remoteUser) && httpServletRequest.getUserPrincipal() != null) {
                remoteUser = httpServletRequest.getUserPrincipal().getName();
                if (LOG.isDebugEnabled()) {
                    linkedHashMap.put("httpServletRequest.getUserPrincipal().getName()", remoteUser);
                }
            }
            if (StringUtils.isBlank(remoteUser)) {
                HttpSession session = httpServletRequest.getSession(false);
                remoteUser = (String) (session == null ? null : session.getAttribute("authUser"));
                if (LOG.isDebugEnabled()) {
                    linkedHashMap.put("session.getAttribute(authUser)", remoteUser);
                }
            }
            String trim = StringUtils.trim(remoteUser);
            httpServletRequest.getSession().setAttribute("grouperLoginId", trim);
            if (LOG.isDebugEnabled()) {
                linkedHashMap.put("remoteUser overall", trim);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug(GrouperUtil.mapToString(linkedHashMap));
            }
            return trim;
        } catch (Throwable th) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(GrouperUtil.mapToString(linkedHashMap));
            }
            throw th;
        }
    }

    public static String retrieveServletContext() {
        HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
        if (retrieveHttpServletRequest == null) {
            throw new NullPointerException("No request");
        }
        String contextPath = retrieveHttpServletRequest.getContextPath();
        if (contextPath == null || "/".equals(contextPath)) {
            contextPath = "";
        }
        return contextPath;
    }

    public static UiSection uiSectionForRequest() {
        HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
        UiSection uiSection = (UiSection) retrieveHttpServletRequest.getAttribute("uiSectionForRequest");
        if (uiSection == null) {
            uiSection = uiSectionForRequestHelper(retrieveHttpServletRequest);
            retrieveHttpServletRequest.setAttribute("uiSectionForRequest", uiSection);
        }
        return uiSection;
    }

    private static UiSection uiSectionForRequestHelper(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        if (!requestURI.matches("^/[^/]+/index\\.jsp$") && !requestURI.matches("^/[^/]+/populateIndex\\.do$") && !requestURI.matches("^/[^/]+/callLogin\\.do$") && !requestURI.matches("^/[^/]+/error\\.do$") && !requestURI.matches("^/[^/]+/logout\\.do$") && !requestURI.matches("^/[^/]+/grouperExternal[/]?.*/$") && !requestURI.matches("^/[^/]+/grouperExternal[/]?.*/index.html$") && !requestURI.matches("^/[^/]+/grouperExternal/public/UiV2Public\\.index$") && !requestURI.matches("^/[^/]+/grouperUi/app/UiV2Public\\.index$") && !requestURI.matches("^/[^/]+/grouperExternal/public/UiV2Public\\.postIndex$") && !requestURI.matches("^/[^/]+/grouperUi/app/UiV2Public\\.postIndex$")) {
            boolean z = requestURI.matches("^/[^/]+/grouperExternal/appHtml/grouper\\.html$") || requestURI.matches("^/[^/]+/grouperExternal/app/[^/]+$");
            String str = null;
            if (requestURI.matches("^/[^/]+/grouper(Ui|External)/appHtml/grouper\\.html$")) {
                str = httpServletRequest.getParameter("operation");
                if (StringUtils.isBlank(str) && !z) {
                    return UiSection.SIMPLE_MEMBERSHIP_UPDATE;
                }
            } else if (requestURI.matches("^/[^/]+/grouper(Ui|External)/app/[^/]+$")) {
                str = requestURI.substring(requestURI.lastIndexOf(47) + 1);
            }
            String str2 = null;
            if (!StringUtils.isBlank(str)) {
                str2 = GrouperUtil.prefixOrSuffix(str, ".", true);
            }
            if (z) {
                if (StringUtils.isBlank(str2)) {
                    return UiSection.ANONYMOUS;
                }
                if (str2.startsWith(ExternalSubjectSelfRegister.class.getSimpleName())) {
                    return UiSection.EXTERNAL;
                }
                throw new RuntimeException("Cannot use the external servlet for non external operations! '" + requestURI + "', '" + str2 + "'");
            }
            if (!StringUtils.isBlank(str)) {
                if (str2.equals("Misc") || str2.equals("MiscMenu")) {
                    return UiSection.ANONYMOUS;
                }
                if (str2.startsWith("SimpleAttributeUpdate")) {
                    return UiSection.SIMPLE_ATTRIBUTE_UPDATE;
                }
                if (str2.startsWith("SimpleMembershipUpdate")) {
                    return UiSection.SIMPLE_MEMBERSHIP_UPDATE;
                }
                if (str2.startsWith("SubjectPicker") || str2.startsWith("AttributeDefNamePicker")) {
                    return UiSection.SUBJECT_PICKER;
                }
                if (str2.startsWith(InviteExternalSubjects.class.getSimpleName())) {
                    return UiSection.INVITE_EXTERNAL_SUBJECTS;
                }
            }
            return UiSection.ADMIN_UI;
        }
        return UiSection.ANONYMOUS;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        GrouperStartup.startup();
    }

    /* JADX WARN: Finally extract failed */
    public static GrouperRequestWrapper initRequest(GrouperRequestWrapper grouperRequestWrapper, ServletResponse servletResponse) {
        boolean z = threadLocalInInit.get() != null && threadLocalInInit.get().booleanValue();
        threadLocalInInit.set(true);
        try {
            try {
                threadLocalServlet.remove();
                threadLocalRequest.set(grouperRequestWrapper);
                threadLocalResponse.set((HttpServletResponse) servletResponse);
                threadLocalRequestStartMillis.set(Long.valueOf(System.currentTimeMillis()));
                grouperRequestWrapper.init();
                String requestURI = grouperRequestWrapper.getRequestURI();
                if (requestURI.matches("^/[^/]+/grouper(Ui|External)/app/[^/]+$") && !requestURI.endsWith("/UiV2Main.index") && !requestURI.endsWith("/UiV2Public.index")) {
                    RequestContainer.retrieveFromRequest().setAjaxRequest(true);
                }
                HooksContext.clearThreadLocal();
                GrouperContextTypeBuiltIn.setDefaultContext(GrouperContextTypeBuiltIn.GROUPER_UI);
                HttpSession session = grouperRequestWrapper.getSession();
                final String remoteUser = remoteUser(grouperRequestWrapper);
                Subject subject = null;
                GrouperSession grouperSession = SessionInitialiser.getGrouperSession(session);
                if (grouperSession != null) {
                    subject = grouperSession.getSubject();
                }
                UiSection uiSectionForRequest = uiSectionForRequest();
                if (subject == null && !StringUtils.isBlank(remoteUser)) {
                    GrouperSession grouperSession2 = null;
                    try {
                        try {
                            grouperSession2 = GrouperSession.startRootSession(false);
                            subject = (Subject) GrouperSession.callbackGrouperSession(grouperSession2, new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.ui.GrouperUiFilter.1
                                public Object callback(GrouperSession grouperSession3) throws GrouperSessionException {
                                    return SubjectFinder.findByIdOrIdentifier(remoteUser, true);
                                }
                            });
                            GrouperSession.stopQuietly(grouperSession2);
                        } catch (Exception e) {
                            if (!uiSectionForRequest.isAnonymous()) {
                                LOG.error("Cant find login subject: " + remoteUser + ", " + uiSectionForRequest, e);
                                try {
                                    ((HttpServletResponse) servletResponse).sendRedirect(retrieveServletContext() + "/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=authenticatedSubjectNotFound");
                                    throw new ControllerDone();
                                } catch (IOException e2) {
                                    throw new RuntimeException("Cant redirect", e2);
                                }
                            }
                            GrouperSession.stopQuietly(grouperSession2);
                        }
                    } catch (Throwable th) {
                        GrouperSession.stopQuietly((GrouperSession) null);
                        throw th;
                    }
                }
                HooksContext.assignSubjectLoggedIn(subject);
                HooksContext.setAttributeThreadLocal("HttpServletRequest", grouperRequestWrapper, false);
                HooksContext.setAttributeThreadLocal("HttpSession", session, false);
                HooksContext.setAttributeThreadLocal("HttpServletResponse", servletResponse, false);
                final GrouperContext createNewDefaultContext = GrouperContext.createNewDefaultContext(GrouperEngineBuiltin.UI, false, false);
                createNewDefaultContext.setCallerIpAddress(grouperRequestWrapper.getRemoteAddr());
                if (subject != null) {
                    final Subject subject2 = subject;
                    GrouperSession.internal_callbackRootGrouperSession(new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.ui.GrouperUiFilter.2
                        public Object callback(GrouperSession grouperSession3) throws GrouperSessionException {
                            createNewDefaultContext.setLoggedInMemberId(MemberFinder.findBySubject(grouperSession3, subject2, true).getUuid());
                            return null;
                        }
                    });
                }
                threadLocalInInit.remove();
                return grouperRequestWrapper;
            } catch (RuntimeException e3) {
                LOG.error("error in init", e3);
                if (!z) {
                    throw e3;
                }
                threadLocalInInit.remove();
                return null;
            }
        } catch (Throwable th2) {
            threadLocalInInit.remove();
            throw th2;
        }
    }

    public static void finallyRequest() {
        threadLocalRequest.remove();
        threadLocalResponse.remove();
        threadLocalRequestStartMillis.remove();
        threadLocalServlet.remove();
        HooksContext.clearThreadLocal();
        GrouperContext.deleteDefaultContext();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        GrouperRequestWrapper grouperRequestWrapper = null;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            try {
                servletRequest.setCharacterEncoding("UTF-8");
                servletResponse.setCharacterEncoding("UTF-8");
                GrouperRequestWrapper grouperRequestWrapper2 = new GrouperRequestWrapper((HttpServletRequest) servletRequest);
                ((HttpServletResponse) servletResponse).setHeader("Cache-Control", "private, no-store, no-cache, must-revalidate");
                ((HttpServletResponse) servletResponse).setHeader("Pragma", "no-cache");
                ((HttpServletResponse) servletResponse).setHeader("Expires", "0");
                grouperRequestWrapper = initRequest(grouperRequestWrapper2, servletResponse);
                try {
                    if (GrouperUiConfig.retrieveConfig().propertyValueBoolean("debugSessionSerialization", false)) {
                        HttpSession session = grouperRequestWrapper.getSession();
                        Enumeration attributeNames = session.getAttributeNames();
                        while (attributeNames.hasMoreElements()) {
                            String str = (String) attributeNames.nextElement();
                            Object attribute = session.getAttribute(str);
                            try {
                                new ObjectOutputStream(new ByteArrayOutputStream()).writeObject(attribute);
                            } catch (Exception e) {
                                LOG.error("Error serializing: " + str, e);
                                if (attribute instanceof Map) {
                                    Map map = (Map) attribute;
                                    for (String str2 : map.keySet()) {
                                        try {
                                            new ObjectOutputStream(new ByteArrayOutputStream()).writeObject(map.get(str2));
                                        } catch (Exception e2) {
                                            LOG.error("Error serializing in map: " + str2, e2);
                                        }
                                    }
                                }
                            }
                        }
                    }
                } catch (Exception e3) {
                    LOG.error("Error checking debugSessionSerialization", e3);
                }
                Subject retrieveSubjectLoggedIn = retrieveSubjectLoggedIn(true, httpServletResponse);
                if (retrieveSubjectLoggedIn != null) {
                    ensureUserAllowedInSection(uiSectionForRequest(), retrieveSubjectLoggedIn, httpServletResponse);
                }
                TextContainer.retrieveFromRequest();
                ensureUserFolder(retrieveSubjectLoggedIn, grouperRequestWrapper);
                filterChain.doFilter(grouperRequestWrapper, servletResponse);
                sendErrorEmailIfNeeded();
                finallyRequest();
            } catch (ControllerDone e4) {
                sendErrorEmailIfNeeded();
                finallyRequest();
            } catch (Throwable th) {
                GrouperUiUtils.appendErrorToRequest(ExceptionUtils.getFullStackTrace(th));
                LOG.error("UI error", th);
                if (!RequestContainer.retrieveFromRequest().isAjaxRequest()) {
                    grouperRequestWrapper.setAttribute("seriousError", th.getMessage());
                    RequestDispatcher requestDispatcher = grouperRequestWrapper.getRequestDispatcher("/filterError.do");
                    try {
                        if (servletResponse.isCommitted()) {
                            requestDispatcher.include(grouperRequestWrapper, servletResponse);
                        } else {
                            servletResponse.setContentType("text/html");
                            requestDispatcher.forward(grouperRequestWrapper, servletResponse);
                        }
                    } catch (Throwable th2) {
                        LOG.error("Failed to include error page:", th2);
                        ((HttpServletResponse) servletResponse).sendError(500);
                    }
                }
                sendErrorEmailIfNeeded();
                finallyRequest();
            }
        } catch (Throwable th3) {
            sendErrorEmailIfNeeded();
            finallyRequest();
            throw th3;
        }
    }

    private static void ensureUserFolder(Subject subject, HttpServletRequest httpServletRequest) {
        if (subject == null || !GrouperUiConfig.retrieveConfig().propertyValueBoolean("grouperUi.autoCreateUserFolderOnLogin").booleanValue()) {
            return;
        }
        Boolean bool = (Boolean) httpServletRequest.getSession().getAttribute("autoCreatedUserFolderOnLoginDone");
        if (bool == null || !bool.booleanValue()) {
            httpServletRequest.getSession().setAttribute("autoCreatedUserFolderOnLoginDone", true);
            String propertyValueStringRequired = GrouperUiConfig.retrieveConfig().propertyValueStringRequired("grouperUi.autoCreateUserFolderName");
            GrouperSessionResult startRootSessionIfNotStarted = GrouperSession.startRootSessionIfNotStarted();
            GrouperSession grouperSession = startRootSessionIfNotStarted.getGrouperSession();
            try {
                try {
                    HashMap hashMap = new HashMap();
                    hashMap.put("subject", subject);
                    String substituteExpressionLanguage = GrouperUtil.substituteExpressionLanguage(propertyValueStringRequired, hashMap, true, false, false);
                    if (substituteExpressionLanguage.contains("$")) {
                        if (startRootSessionIfNotStarted.isCreated()) {
                            GrouperSession.stopQuietly(grouperSession);
                            return;
                        }
                        return;
                    }
                    if (StemFinder.findByName(grouperSession, substituteExpressionLanguage, false) != null) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Folder " + substituteExpressionLanguage + ", exists for user: " + GrouperUtil.subjectToString(subject));
                        }
                        if (startRootSessionIfNotStarted.isCreated()) {
                            GrouperSession.stopQuietly(grouperSession);
                            return;
                        }
                        return;
                    }
                    Stem save = new StemSave(grouperSession).assignName(substituteExpressionLanguage).assignCreateParentStemsIfNotExist(GrouperUiConfig.retrieveConfig().propertyValueBoolean("grouperUi.autoCreateUserFolderCreateParentFoldersIfNotExist", false)).save();
                    save.grantPriv(subject, NamingPrivilege.CREATE, false);
                    save.grantPriv(subject, NamingPrivilege.STEM, false);
                    save.revokePriv(grouperSession.getSubject(), NamingPrivilege.STEM, false);
                    LOG.warn("Created user folder: " + substituteExpressionLanguage + ", for subject: " + GrouperUtil.subjectToString(subject));
                    if (startRootSessionIfNotStarted.isCreated()) {
                        GrouperSession.stopQuietly(grouperSession);
                    }
                } catch (Exception e) {
                    LOG.error("Cannot create user folder for: " + propertyValueStringRequired + ", " + GrouperUtil.subjectToString(subject), e);
                    if (startRootSessionIfNotStarted.isCreated()) {
                        GrouperSession.stopQuietly(grouperSession);
                    }
                }
            } catch (Throwable th) {
                if (startRootSessionIfNotStarted.isCreated()) {
                    GrouperSession.stopQuietly(grouperSession);
                }
                throw th;
            }
        }
    }

    public static HttpServletRequest retrieveHttpServletRequest() {
        return threadLocalRequest.get();
    }

    public static HttpServlet retrieveHttpServlet() {
        return threadLocalServlet.get();
    }

    public static void assignHttpServlet(HttpServlet httpServlet) {
        threadLocalServlet.set(httpServlet);
        ContextContainer.instance().storeToContext();
    }

    public static HttpServletResponse retrieveHttpServletResponse() {
        return threadLocalResponse.get();
    }

    public void destroy() {
    }

    public void sendErrorEmailIfNeeded() {
        try {
            HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
            String str = retrieveHttpServletRequest == null ? null : (String) retrieveHttpServletRequest.getAttribute("error");
            if (!StringUtils.isBlank(str)) {
                String propertyValueString = GrouperUiConfig.retrieveConfig().propertyValueString("errorMailAddresses");
                if (!StringUtils.isBlank(propertyValueString)) {
                    String str2 = "dont know";
                    try {
                        Subject retrieveSubjectLoggedIn = retrieveSubjectLoggedIn();
                        if (retrieveSubjectLoggedIn == null) {
                            str2 = "none";
                        } else {
                            str2 = retrieveSubjectLoggedIn.getSource().getId() + " - " + retrieveSubjectLoggedIn.getId();
                        }
                    } catch (RuntimeException e) {
                        LOG.error(e);
                    }
                    new GrouperEmail().setTo(propertyValueString).setSubject("grouperUi error").setBody("Server name: " + GrouperUtil.hostname() + "\nIP Address: " + retrieveHttpServletRequest.getRemoteAddr() + "\nUser: " + str2 + "\nURL: " + ((Object) retrieveHttpServletRequest.getRequestURL()) + "\nRequest params: " + GrouperUiUtils.requestParams() + "\n\n\nError: " + str).send();
                }
            }
        } catch (Exception e2) {
            LOG.error("Error sending email", e2);
        }
    }

    static {
        GrouperStatusServlet.registerStartup();
        fileItemFactory = new DiskFileItemFactory(100000, (File) null);
        upload = new ServletFileUpload(fileItemFactory);
        LOG = LogFactory.getLog(GrouperUiFilter.class);
        threadLocalServlet = new ThreadLocal<>();
        threadLocalInInit = new ThreadLocal<>();
        threadLocalRequest = new ThreadLocal<>();
        threadLocalRequestStartMillis = new ThreadLocal<>();
        threadLocalResponse = new ThreadLocal<>();
    }
}
