package org.flowable.ui.idm.conf;

import org.flowable.idm.api.IdmIdentityService;
import org.flowable.ui.common.properties.FlowableRestAppProperties;
import org.flowable.ui.common.security.ApiHttpSecurityCustomizer;
import org.flowable.ui.idm.properties.FlowableIdmAppProperties;
import org.flowable.ui.idm.security.UserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

@Configuration(proxyBeanMethods = false)
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
/* loaded from: input_file:WEB-INF/lib/flowable-ui-idm-conf-6.7.1.jar:org/flowable/ui/idm/conf/IdmSecurityConfiguration.class */
public class IdmSecurityConfiguration {

    @Autowired
    protected IdmIdentityService identityService;

    @Autowired
    protected FlowableIdmAppProperties idmAppProperties;

    @Configuration
    @Order(1)
    /* loaded from: input_file:WEB-INF/lib/flowable-ui-idm-conf-6.7.1.jar:org/flowable/ui/idm/conf/IdmSecurityConfiguration$IdmApiWebSecurityConfigurationAdapter.class */
    public static class IdmApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
        protected final FlowableRestAppProperties restAppProperties;
        protected final FlowableIdmAppProperties idmAppProperties;
        protected final ApiHttpSecurityCustomizer apiHttpSecurityCustomizer;

        public IdmApiWebSecurityConfigurationAdapter(FlowableRestAppProperties flowableRestAppProperties, FlowableIdmAppProperties flowableIdmAppProperties, ApiHttpSecurityCustomizer apiHttpSecurityCustomizer) {
            this.restAppProperties = flowableRestAppProperties;
            this.idmAppProperties = flowableIdmAppProperties;
            this.apiHttpSecurityCustomizer = apiHttpSecurityCustomizer;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((HttpSecurity) httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).csrf().disable();
            if (!this.idmAppProperties.isRestEnabled()) {
                httpSecurity.antMatcher("/api/idm/**").authorizeRequests().antMatchers("/api/idm/**").denyAll();
                return;
            }
            if (this.restAppProperties.isVerifyRestApiPrivilege()) {
                httpSecurity.antMatcher("/api/idm/**").authorizeRequests().antMatchers("/api/idm/**").hasAuthority("access-rest-api");
            } else {
                httpSecurity.antMatcher("/api/idm/**").authorizeRequests().antMatchers("/api/idm/**").authenticated();
            }
            this.apiHttpSecurityCustomizer.customize(httpSecurity);
        }
    }

    @Bean
    public UserDetailsService userDetailsService() {
        UserDetailsService userDetailsService = new UserDetailsService();
        userDetailsService.setUserValidityPeriod(this.idmAppProperties.getSecurity().getUserValidityPeriod());
        return userDetailsService;
    }
}
