package org.craftercms.security.authorization.impl;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.craftercms.security.api.RequestContext;
import org.craftercms.security.api.SecurityConstants;
import org.craftercms.security.authentication.BaseHandler;
import org.craftercms.security.authorization.AccessDeniedHandler;
import org.craftercms.security.exception.AccessDeniedException;
import org.craftercms.security.exception.CrafterSecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/crafter-security-provider-2.2.8.jar:org/craftercms/security/authorization/impl/AccessDeniedHandlerImpl.class */
public class AccessDeniedHandlerImpl extends BaseHandler implements AccessDeniedHandler {
    private static final Logger logger = LoggerFactory.getLogger(AccessDeniedHandlerImpl.class);
    protected String errorPageUrl;

    public void setErrorPageUrl(String str) {
        this.errorPageUrl = str;
    }

    @Override // org.craftercms.security.authorization.AccessDeniedHandler
    public void onAccessDenied(AccessDeniedException accessDeniedException, RequestContext requestContext) throws CrafterSecurityException, IOException {
        saveException(accessDeniedException, requestContext);
        if (this.isRedirectRequired && StringUtils.isNotEmpty(this.errorPageUrl)) {
            forwardToErrorPage(requestContext);
        } else {
            sendError(accessDeniedException, requestContext);
        }
    }

    protected void saveException(AccessDeniedException accessDeniedException, RequestContext requestContext) {
        if (logger.isDebugEnabled()) {
            logger.debug("Saving access denied exception in request to use after forward");
        }
        requestContext.getRequest().setAttribute(SecurityConstants.ACCESS_DENIED_EXCEPTION_ATTRIBUTE, accessDeniedException);
    }

    protected void forwardToErrorPage(RequestContext requestContext) throws CrafterSecurityException, IOException {
        HttpServletRequest request = requestContext.getRequest();
        HttpServletResponse response = requestContext.getResponse();
        response.setStatus(403);
        if (logger.isDebugEnabled()) {
            logger.debug("Forwarding to error page at " + this.errorPageUrl + ", with 403 FORBIDDEN status");
        }
        try {
            request.getRequestDispatcher(this.errorPageUrl).forward(request, response);
        } catch (ServletException e) {
            throw new CrafterSecurityException(e.getMessage(), e);
        }
    }

    protected void sendError(AccessDeniedException accessDeniedException, RequestContext requestContext) throws IOException {
        if (logger.isDebugEnabled()) {
            logger.debug("Sending 403 FORBIDDEN error");
        }
        requestContext.getResponse().setContentType("application/json");
        requestContext.getResponse().sendError(403, accessDeniedException.getMessage());
    }

    @Override // org.craftercms.security.authentication.BaseHandler
    public boolean isRedirectRequired() {
        return this.isRedirectRequired;
    }

    @Override // org.craftercms.security.authentication.BaseHandler
    public void setRedirectRequired(boolean z) {
        this.isRedirectRequired = z;
    }
}
