package org.rdlinux.ezsecurity.shiro.security.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.web.filter.PathMatchingFilter;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:org/rdlinux/ezsecurity/shiro/security/filter/CorsFilter.class */
public class CorsFilter extends PathMatchingFilter {
    public static final String name = "cors";

    protected boolean onPreHandle(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        String header = http.getHeader("Origin");
        if (header != null && !header.isEmpty()) {
            http2.setHeader("Access-control-Allow-Origin", header);
            String header2 = http.getHeader("Access-Control-Request-Method");
            if (header2 == null || header2.isEmpty()) {
                header2 = "*";
            }
            http2.setHeader("Access-Control-Allow-Methods", header2);
            String header3 = http.getHeader("access-control-request-headers");
            if (header3 == null || header3.isEmpty()) {
                header3 = "*";
            }
            http2.setHeader("Access-Control-Allow-Headers", header3);
            if (obj != null) {
                http2.setHeader("Access-Control-Expose-Headers", String.join(",", (String[]) obj));
            }
            http2.setHeader("Access-Control-Allow-Credentials", "true");
            http2.setHeader("Access-Control-Max-Age", "3600");
        }
        if (!http.getMethod().equalsIgnoreCase("OPTIONS")) {
            return super.preHandle(servletRequest, servletResponse);
        }
        http2.setStatus(200);
        return false;
    }
}
