package org.beangle.security.access.intercept;

import org.beangle.commons.bean.Initializing;
import org.beangle.commons.lang.Assert;
import org.beangle.security.access.AccessDeniedException;
import org.beangle.security.access.AuthorityManager;
import org.beangle.security.auth.AuthenticationManager;
import org.beangle.security.core.Authentication;
import org.beangle.security.core.AuthenticationException;
import org.beangle.security.core.context.SecurityContextHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/beangle/security/access/intercept/AbstractSecurityInterceptor.class */
public abstract class AbstractSecurityInterceptor implements Initializing {
    protected static final Logger logger = LoggerFactory.getLogger(AbstractSecurityInterceptor.class);
    private AuthorityManager authorityManager;
    private AuthenticationManager authenticationManager;
    private boolean alwaysReauthenticate = false;
    private boolean rejectPublicInvocations = false;
    private boolean validateConfigAttributes = true;

    protected Object afterInvocation(InterceptorStatusToken interceptorStatusToken, Object obj) {
        if (interceptorStatusToken == null) {
            return obj;
        }
        if (interceptorStatusToken.isContextHolderRefreshRequired()) {
            logger.debug("Reverting to original Authentication: {}", interceptorStatusToken.getAuthentication());
            SecurityContextHolder.getContext().setAuthentication(interceptorStatusToken.getAuthentication());
        }
        return obj;
    }

    public void init() throws Exception {
        Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()", new Object[0]);
        Assert.notNull(this.authenticationManager, "An AuthenticationManager is required", new Object[0]);
        Assert.notNull(this.authorityManager, "An AuthorityManager is required", new Object[0]);
    }

    protected InterceptorStatusToken beforeInvocation(Object obj) {
        Assert.notNull(obj, "Object was null", new Object[0]);
        if (!getSecureObjectClass().isAssignableFrom(obj.getClass())) {
            throw new IllegalArgumentException("Security invocation attempted for object " + obj.getClass().getName() + " but AbstractSecurityInterceptor only configured to support secure objects of type: " + getSecureObjectClass());
        }
        Authentication authenticateIfRequired = authenticateIfRequired();
        if (!this.authorityManager.isAuthorized(authenticateIfRequired, obj)) {
            throw new AccessDeniedException(obj, "access denied");
        }
        logger.debug("Authorization successful");
        return new InterceptorStatusToken(authenticateIfRequired, false, obj);
    }

    private Authentication authenticateIfRequired() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (null == authentication) {
            throw new AuthenticationException();
        }
        if (authentication.isAuthenticated() && !this.alwaysReauthenticate) {
            logger.debug("Previously Authenticated: {}", authentication);
            return authentication;
        }
        Authentication authenticate = this.authenticationManager.authenticate(authentication);
        SecurityContextHolder.getContext().setAuthentication(authenticate);
        return authenticate;
    }

    public AuthorityManager getAuthorityManager() {
        return this.authorityManager;
    }

    public AuthenticationManager getAuthenticationManager() {
        return this.authenticationManager;
    }

    public abstract Class<?> getSecureObjectClass();

    public boolean isAlwaysReauthenticate() {
        return this.alwaysReauthenticate;
    }

    public boolean isRejectPublicInvocations() {
        return this.rejectPublicInvocations;
    }

    public boolean isValidateConfigAttributes() {
        return this.validateConfigAttributes;
    }

    public void setAuthorityManager(AuthorityManager authorityManager) {
        this.authorityManager = authorityManager;
    }

    public void setAlwaysReauthenticate(boolean z) {
        this.alwaysReauthenticate = z;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setRejectPublicInvocations(boolean z) {
        this.rejectPublicInvocations = z;
    }

    public void setValidateConfigAttributes(boolean z) {
        this.validateConfigAttributes = z;
    }
}
