package org.craftercms.engine.util.spring.security;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.engine.util.ConfigUtils;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.access.AccessDeniedHandler;

/* loaded from: input_file:WEB-INF/classes/org/craftercms/engine/util/spring/security/ConfigAwareAccessDeniedHandler.class */
public class ConfigAwareAccessDeniedHandler implements AccessDeniedHandler {
    public static final String ACCESS_DENIED_ERROR_PAGE_URL_KEY = "security.accessDenied.errorPageUrl";

    public String getErrorPage() {
        HierarchicalConfiguration currentConfig = ConfigUtils.getCurrentConfig();
        if (currentConfig == null || !currentConfig.containsKey(ACCESS_DENIED_ERROR_PAGE_URL_KEY)) {
            return null;
        }
        return currentConfig.getString(ACCESS_DENIED_ERROR_PAGE_URL_KEY);
    }

    @Override // org.springframework.security.web.access.AccessDeniedHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        if (httpServletResponse.isCommitted()) {
            return;
        }
        String errorPage = getErrorPage();
        if (!StringUtils.isNotEmpty(errorPage)) {
            httpServletResponse.sendError(403, accessDeniedException.getMessage());
            return;
        }
        httpServletRequest.setAttribute(WebAttributes.ACCESS_DENIED_403, accessDeniedException);
        httpServletResponse.setStatus(403);
        httpServletRequest.getRequestDispatcher(errorPage).forward(httpServletRequest, httpServletResponse);
    }
}
