package org.flowable.app.conf;

import org.flowable.app.security.AjaxAuthenticationFailureHandler;
import org.flowable.app.security.AjaxAuthenticationSuccessHandler;
import org.flowable.app.security.AjaxLogoutSuccessHandler;
import org.flowable.app.security.ClearFlowableCookieLogoutHandler;
import org.flowable.app.security.CustomDaoAuthenticationProvider;
import org.flowable.app.security.CustomLdapAuthenticationProvider;
import org.flowable.app.security.CustomPersistentRememberMeServices;
import org.flowable.app.security.Http401UnauthorizedEntryPoint;
import org.flowable.app.web.CustomFormLoginConfig;
import org.flowable.idm.api.IdmIdentityService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.RememberMeAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
/* loaded from: input_file:org/flowable/app/conf/SecurityConfiguration.class */
public class SecurityConfiguration {
    private static final Logger logger = LoggerFactory.getLogger(SecurityConfiguration.class);

    @Autowired
    protected IdmIdentityService identityService;

    @Autowired
    protected Environment env;

    @Configuration
    @Order(1)
    /* loaded from: input_file:org/flowable/app/conf/SecurityConfiguration$ApiWebSecurityConfigurationAdapter.class */
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable().antMatcher("/api/**").authorizeRequests().antMatchers(new String[]{"/api/**"})).authenticated().and().httpBasic();
        }
    }

    @Configuration
    @Order(10)
    /* loaded from: input_file:org/flowable/app/conf/SecurityConfiguration$FormLoginWebSecurityConfigurerAdapter.class */
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        private Environment env;

        @Autowired
        private AjaxAuthenticationSuccessHandler ajaxAuthenticationSuccessHandler;

        @Autowired
        private AjaxAuthenticationFailureHandler ajaxAuthenticationFailureHandler;

        @Autowired
        private AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;

        @Autowired
        private Http401UnauthorizedEntryPoint authenticationEntryPoint;

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().rememberMe().rememberMeServices(rememberMeServices()).key(this.env.getProperty("security.rememberme.key")).and().logout().logoutUrl("/app/logout").logoutSuccessHandler(this.ajaxLogoutSuccessHandler).addLogoutHandler(new ClearFlowableCookieLogoutHandler()).permitAll().and().csrf().disable().headers().frameOptions().sameOrigin().addHeaderWriter(new XXssProtectionHeaderWriter()).and().authorizeRequests().antMatchers(new String[]{"/*"})).permitAll().antMatchers(new String[]{"/app/rest/authenticate"})).permitAll().antMatchers(new String[]{"/app/**"})).hasAuthority("access-idm");
            CustomFormLoginConfig customFormLoginConfig = new CustomFormLoginConfig();
            ((CustomFormLoginConfig) ((CustomFormLoginConfig) ((CustomFormLoginConfig) customFormLoginConfig.loginProcessingUrl("/app/authentication")).successHandler(this.ajaxAuthenticationSuccessHandler)).failureHandler(this.ajaxAuthenticationFailureHandler)).usernameParameter("j_username").passwordParameter("j_password").permitAll();
            httpSecurity.apply(customFormLoginConfig);
        }

        @Bean
        public RememberMeServices rememberMeServices() {
            return new CustomPersistentRememberMeServices(this.env, userDetailsService());
        }

        @Bean
        public RememberMeAuthenticationProvider rememberMeAuthenticationProvider() {
            return new RememberMeAuthenticationProvider(this.env.getProperty("security.rememberme.key"));
        }
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) {
        if (((Boolean) this.env.getProperty("ldap.enabled", Boolean.class, false)).booleanValue()) {
            try {
                authenticationManagerBuilder.authenticationProvider(ldapAuthenticationProvider());
                return;
            } catch (Exception e) {
                logger.error("Could not configure ldap authentication mechanism:", e);
                return;
            }
        }
        try {
            authenticationManagerBuilder.authenticationProvider(dbAuthenticationProvider());
        } catch (Exception e2) {
            logger.error("Could not configure authentication mechanism:", e2);
        }
    }

    @Bean
    public UserDetailsService userDetailsService() {
        org.flowable.app.security.UserDetailsService userDetailsService = new org.flowable.app.security.UserDetailsService();
        userDetailsService.setUserValidityPeriod(((Long) this.env.getProperty("cache.users.recheck.period", Long.class, 30000L)).longValue());
        return userDetailsService;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }

    @Bean(name = {"dbAuthenticationProvider"})
    public AuthenticationProvider dbAuthenticationProvider() {
        CustomDaoAuthenticationProvider customDaoAuthenticationProvider = new CustomDaoAuthenticationProvider();
        customDaoAuthenticationProvider.setUserDetailsService(userDetailsService());
        customDaoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
        return customDaoAuthenticationProvider;
    }

    @Bean(name = {"ldapAuthenticationProvider"})
    public AuthenticationProvider ldapAuthenticationProvider() {
        return new CustomLdapAuthenticationProvider(userDetailsService(), this.identityService);
    }
}
