package org.flowable.ui.common.security;

import com.google.common.net.HttpHeaders;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import javax.servlet.Filter;
import org.apache.catalina.authenticator.Constants;
import org.flowable.ui.common.properties.FlowableCommonAppProperties;
import org.springframework.context.ApplicationContext;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
import org.springframework.security.web.PortMapper;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.util.matcher.AndRequestMatcher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.ClassUtils;
import org.springframework.web.accept.ContentNegotiationStrategy;
import org.springframework.web.accept.HeaderContentNegotiationStrategy;

/* loaded from: input_file:WEB-INF/lib/flowable-ui-common-6.7.2.jar:org/flowable/ui/common/security/FlowableUiCustomFormLoginConfigurer.class */
public class FlowableUiCustomFormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<FlowableUiCustomFormLoginConfigurer<H>, H> {
    protected UsernamePasswordAuthenticationFilter authenticationFilter = new UsernamePasswordAuthenticationFilter();
    protected LoginUrlAuthenticationEntryPoint authenticationEntryPoint;

    public FlowableUiCustomFormLoginConfigurer() {
        this.authenticationFilter.setUsernameParameter(Constants.FORM_USERNAME);
        this.authenticationFilter.setPasswordParameter(Constants.FORM_PASSWORD);
        this.authenticationFilter.setAuthenticationSuccessHandler(new AjaxAuthenticationSuccessHandler());
        this.authenticationFilter.setAuthenticationFailureHandler(new AjaxAuthenticationFailureHandler());
        this.authenticationFilter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/app/authentication", "POST"));
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void init(H h) throws Exception {
        super.init((FlowableUiCustomFormLoginConfigurer<H>) h);
        LoginUrlAuthenticationEntryPoint authenticationEntryPoint = getAuthenticationEntryPoint((ApplicationContext) h.getSharedObject(ApplicationContext.class));
        ExceptionHandlingConfigurer exceptionHandlingConfigurer = (ExceptionHandlingConfigurer) h.getConfigurer(ExceptionHandlingConfigurer.class);
        if (exceptionHandlingConfigurer != null) {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put(getAuthenticationEntryPointMatcher(h), postProcess(authenticationEntryPoint));
            DelegatingAuthenticationEntryPoint delegatingAuthenticationEntryPoint = new DelegatingAuthenticationEntryPoint(linkedHashMap);
            delegatingAuthenticationEntryPoint.setDefaultEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
            exceptionHandlingConfigurer.authenticationEntryPoint(delegatingAuthenticationEntryPoint);
            exceptionHandlingConfigurer.addObjectPostProcessor(new ObjectPostProcessor<ExceptionTranslationFilter>() { // from class: org.flowable.ui.common.security.FlowableUiCustomFormLoginConfigurer.1
                @Override // org.springframework.security.config.annotation.ObjectPostProcessor
                public <O extends ExceptionTranslationFilter> O postProcess(O o) {
                    o.setAuthenticationTrustResolver(new FlowableAuthenticationTrustResolver());
                    return o;
                }
            });
        }
    }

    protected RequestMatcher getAuthenticationEntryPointMatcher(H h) {
        ContentNegotiationStrategy contentNegotiationStrategy = (ContentNegotiationStrategy) h.getSharedObject(ContentNegotiationStrategy.class);
        if (contentNegotiationStrategy == null) {
            contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
        }
        MediaTypeRequestMatcher mediaTypeRequestMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, MediaType.TEXT_PLAIN);
        mediaTypeRequestMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
        return new AndRequestMatcher((List<RequestMatcher>) Arrays.asList(new NegatedRequestMatcher(new RequestHeaderRequestMatcher(HttpHeaders.X_REQUESTED_WITH, "XMLHttpRequest")), mediaTypeRequestMatcher));
    }

    protected LoginUrlAuthenticationEntryPoint getAuthenticationEntryPoint(ApplicationContext applicationContext) {
        if (this.authenticationEntryPoint == null) {
            FlowableCommonAppProperties flowableCommonAppProperties = (FlowableCommonAppProperties) applicationContext.getBean(FlowableCommonAppProperties.class);
            if (ClassUtils.isPresent("org.flowable.ui.idm.service.GroupServiceImpl", getClass().getClassLoader())) {
                this.authenticationEntryPoint = (LoginUrlAuthenticationEntryPoint) postProcess(new LoginUrlAuthenticationEntryPoint("/idm/#/login"));
            } else {
                this.authenticationEntryPoint = (LoginUrlAuthenticationEntryPoint) postProcess(new FlowableLoginUrlAuthenticationEntryPoint(flowableCommonAppProperties.determineIdmAppRedirectUrl(), flowableCommonAppProperties.getRedirectOnAuthSuccess()));
            }
        }
        return this.authenticationEntryPoint;
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(H h) throws Exception {
        PortMapper portMapper = (PortMapper) h.getSharedObject(PortMapper.class);
        if (portMapper != null) {
            getAuthenticationEntryPoint((ApplicationContext) h.getSharedObject(ApplicationContext.class)).setPortMapper(portMapper);
        }
        this.authenticationFilter.setAuthenticationManager((AuthenticationManager) h.getSharedObject(AuthenticationManager.class));
        SessionAuthenticationStrategy sessionAuthenticationStrategy = (SessionAuthenticationStrategy) h.getSharedObject(SessionAuthenticationStrategy.class);
        if (sessionAuthenticationStrategy != null) {
            this.authenticationFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
        }
        RememberMeServices rememberMeServices = (RememberMeServices) h.getSharedObject(RememberMeServices.class);
        if (rememberMeServices != null) {
            this.authenticationFilter.setRememberMeServices(rememberMeServices);
        }
        h.addFilter((Filter) postProcess(this.authenticationFilter));
    }
}
