package io.starter.stackgen.web;

import java.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.context.annotation.PropertySources;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
@Order(101)
@PropertySources({@PropertySource({"classpath:application.properties"})})
/* loaded from: input_file:io/starter/stackgen/web/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    protected static final Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);
    private final String adminContextPath = "";

    @Value("${io.starter.stackgen.CORSOrigins:localhost}")
    public String CORSOrigins;

    @Value("${io.starter.stackgen.CORSMapping:/**}")
    public String CORSMapping;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        savedRequestAwareAuthenticationSuccessHandler.setTargetUrlParameter("redirectTo");
        savedRequestAwareAuthenticationSuccessHandler.setDefaultTargetUrl("/");
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/assets/**"})).permitAll().antMatchers(new String[]{"/index.html"})).permitAll().anyRequest()).authenticated().and().formLogin().loginPage("/index.html").successHandler(savedRequestAwareAuthenticationSuccessHandler).and().logout().logoutUrl("/logout").and().httpBasic().and().cors().and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).ignoringAntMatchers(new String[]{"/instances", "/actuator/**"});
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        logger.warn("SGP-WSC: Initializing CORS Config Origins: CORSOrigins " + this.CORSOrigins);
        logger.warn("SGP-WSC: Initializing CORS Config Mapping: CORSMapping " + this.CORSMapping);
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowedOrigins(Arrays.asList(this.CORSOrigins));
        corsConfiguration.setAllowedMethods(Arrays.asList("GET", "POST", "INSERT", "DELETE", "HEAD", "OPTIONS"));
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        urlBasedCorsConfigurationSource.registerCorsConfiguration(this.CORSMapping, corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }
}
