package org.craftercms.security.processors.impl;

import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.craftercms.commons.http.HttpUtils;
import org.craftercms.commons.http.RequestContext;
import org.craftercms.security.authentication.Authentication;
import org.craftercms.security.authentication.AuthenticationManager;
import org.craftercms.security.authentication.LogoutSuccessHandler;
import org.craftercms.security.authentication.RememberMeManager;
import org.craftercms.security.processors.RequestSecurityProcessor;
import org.craftercms.security.processors.RequestSecurityProcessorChain;
import org.craftercms.security.utils.SecurityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:WEB-INF/lib/crafter-security-provider-2.5.10.jar:org/craftercms/security/processors/impl/LogoutProcessor.class */
public class LogoutProcessor implements RequestSecurityProcessor {
    public static final Logger logger = LoggerFactory.getLogger(LogoutProcessor.class);
    public static final String DEFAULT_LOGOUT_URL = "/crafter-security-logout";
    public static final String DEFAULT_LOGOUT_METHOD = "GET";
    protected String logoutUrl = DEFAULT_LOGOUT_URL;
    protected String logoutMethod = "GET";
    protected AuthenticationManager authenticationManager;
    protected LogoutSuccessHandler logoutSuccessHandler;
    protected RememberMeManager rememberMeManager;

    public void setLogoutUrl(String str) {
        this.logoutUrl = str;
    }

    public void setLogoutMethod(String str) {
        this.logoutMethod = str;
    }

    @Required
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Required
    public void setLogoutSuccessHandler(LogoutSuccessHandler logoutSuccessHandler) {
        this.logoutSuccessHandler = logoutSuccessHandler;
    }

    @Required
    public void setRememberMeManager(RememberMeManager rememberMeManager) {
        this.rememberMeManager = rememberMeManager;
    }

    @Override // org.craftercms.security.processors.RequestSecurityProcessor
    public void processRequest(RequestContext requestContext, RequestSecurityProcessorChain requestSecurityProcessorChain) throws Exception {
        if (!isLogoutRequest(requestContext.getRequest())) {
            requestSecurityProcessorChain.processRequest(requestContext);
            return;
        }
        logger.debug("Processing logout request");
        Authentication authentication = SecurityUtils.getAuthentication(requestContext.getRequest());
        if (authentication != null) {
            this.authenticationManager.invalidateAuthentication(authentication);
        }
        onLogoutSuccess(requestContext, authentication);
    }

    protected boolean isLogoutRequest(HttpServletRequest httpServletRequest) {
        return HttpUtils.getRequestUriWithoutContextPath(httpServletRequest).equals(this.logoutUrl) && httpServletRequest.getMethod().equals(this.logoutMethod);
    }

    protected void onLogoutSuccess(RequestContext requestContext, Authentication authentication) throws IOException {
        if (authentication != null) {
            logger.debug("Logout for user '" + authentication.getProfile().getUsername() + "' successful");
            if (authentication.isRemembered()) {
                this.rememberMeManager.disableRememberMe(requestContext);
            }
            SecurityUtils.removeAuthentication(requestContext.getRequest());
            HttpSession session = requestContext.getRequest().getSession();
            if (session != null) {
                try {
                    session.invalidate();
                    requestContext.getRequest().getSession(true);
                } catch (IllegalStateException e) {
                    logger.debug("Http Session was already invalidated");
                }
            }
        } else {
            logger.debug("No logout done: user wasn't authenticated");
        }
        this.logoutSuccessHandler.handle(requestContext);
    }
}
