package org.openhubframework.openhub.admin.config;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.openhubframework.openhub.api.common.Constraints;
import org.openhubframework.openhub.api.configuration.ConfigurableValue;
import org.openhubframework.openhub.api.configuration.ConfigurationItem;
import org.openhubframework.openhub.web.common.WebProps;
import org.openhubframework.openhub.web.config.GlobalSecurityConfig;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:org/openhubframework/openhub/admin/config/AdminSecurityConfig.class */
public class AdminSecurityConfig extends WebSecurityConfigurerAdapter {

    @Configuration
    @Order(UiSecurityConfig.ORDER)
    /* loaded from: input_file:org/openhubframework/openhub/admin/config/AdminSecurityConfig$UiSecurityConfig.class */
    public static class UiSecurityConfig extends AdminSecurityConfig {

        @ConfigurableValue(key = WebProps.SESSION_CONCURRENCY_LIMIT)
        private ConfigurationItem<Integer> sessionConcurrencyLimit;
        public static final int ORDER = 6;
        private static final String LOGIN_PAGE_URL = "/web/admin/login";
        private static final String[] COOKIES_TO_DELETE = {"JSESSIONID"};

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            Constraints.notNull(this.sessionConcurrencyLimit.getValue(), "the sessionConcurrencyLimit must be configured.");
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeRequests().antMatchers(new String[]{"/web/admin/console/**"})).permitAll().antMatchers(new String[]{"/web/admin/login/**"})).permitAll().antMatchers(new String[]{"/web/admin/mgmt/info"})).permitAll().antMatchers(new String[]{"/web/admin/**"})).hasRole(GlobalSecurityConfig.AuthRole.WEB.name()).antMatchers(new String[]{"/web/admin/**/*"})).hasRole(GlobalSecurityConfig.AuthRole.WEB.name()).antMatchers(new String[]{"/monitoring/**"})).hasRole(GlobalSecurityConfig.AuthRole.MONITORING.name()).and().formLogin().loginPage(LOGIN_PAGE_URL).loginProcessingUrl(LOGIN_PAGE_URL).successHandler(AdminSecurityConfig.access$0()).failureHandler((httpServletRequest, httpServletResponse, authenticationException) -> {
                httpServletResponse.setStatus(403);
            }).permitAll().and().logout().permitAll().invalidateHttpSession(true).deleteCookies(COOKIES_TO_DELETE).logoutUrl("/web/admin/logout").logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler(HttpStatus.OK)).and().exceptionHandling().authenticationEntryPoint(AdminSecurityConfig.access$1()).and().sessionManagement().maximumSessions(((Integer) this.sessionConcurrencyLimit.getValue()).intValue()).expiredUrl("/web/admin/console/");
        }
    }

    private static AuthenticationSuccessHandler authenticationSuccessHandler() {
        return new SimpleUrlAuthenticationSuccessHandler() { // from class: org.openhubframework.openhub.admin.config.AdminSecurityConfig.1
            public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
                clearAuthenticationAttributes(httpServletRequest);
            }
        };
    }

    private static AuthenticationEntryPoint unauthorizedEntryPoint() {
        return (httpServletRequest, httpServletResponse, authenticationException) -> {
            if (authenticationException != null) {
                httpServletResponse.setStatus(401);
            }
        };
    }

    static /* synthetic */ AuthenticationSuccessHandler access$0() {
        return authenticationSuccessHandler();
    }

    static /* synthetic */ AuthenticationEntryPoint access$1() {
        return unauthorizedEntryPoint();
    }
}
