package org.codehaus.plexus.security.ui.web.interceptor;

import com.opensymphony.xwork.Action;
import com.opensymphony.xwork.ActionContext;
import com.opensymphony.xwork.ActionInvocation;
import com.opensymphony.xwork.interceptor.Interceptor;
import java.util.List;
import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.security.authorization.AuthorizationResult;
import org.codehaus.plexus.security.system.SecuritySession;
import org.codehaus.plexus.security.system.SecuritySystem;
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;

/* loaded from: input_file:org/codehaus/plexus/security/ui/web/interceptor/SecureActionInterceptor.class */
public class SecureActionInterceptor extends AbstractLogEnabled implements Interceptor {
    private static final String REQUIRES_AUTHORIZATION = "requires-authorization";
    private static final String REQUIRES_AUTHENTICATION = "requires-authentication";
    private SecuritySystem securitySystem;

    public void destroy() {
    }

    public void init() {
        getLogger().info(new StringBuffer().append(getClass().getName()).append(" initialized!").toString());
    }

    public String intercept(ActionInvocation actionInvocation) throws Exception {
        ActionContext context = ActionContext.getContext();
        SecureAction secureAction = (Action) context.getActionInvocation().getAction();
        try {
            if (secureAction instanceof SecureAction) {
                SecureAction secureAction2 = secureAction;
                SecureActionBundle secureActionBundle = secureAction2.getSecureActionBundle();
                if (secureActionBundle == null) {
                    getLogger().error("Null bundle detected.");
                    return actionInvocation.invoke();
                }
                if (secureActionBundle == SecureActionBundle.OPEN) {
                    getLogger().debug("Bundle.OPEN detected.");
                    return actionInvocation.invoke();
                }
                SecuritySession securitySession = (SecuritySession) context.getSession().get("securitySession");
                if (secureActionBundle.requiresAuthentication() && (securitySession == null || !securitySession.isAuthenticated())) {
                    getLogger().debug("not authenticated, need to authenticate for this action");
                    return REQUIRES_AUTHENTICATION;
                }
                List<SecureActionBundle.AuthorizationTuple> authorizationTuples = secureActionBundle.getAuthorizationTuples();
                if (authorizationTuples != null && authorizationTuples.size() > 0) {
                    if (securitySession == null) {
                        getLogger().debug("session required for authorization to run");
                        return REQUIRES_AUTHENTICATION;
                    }
                    for (SecureActionBundle.AuthorizationTuple authorizationTuple : authorizationTuples) {
                        getLogger().debug(new StringBuffer().append("checking authz for ").append(authorizationTuple.toString()).toString());
                        AuthorizationResult authorize = this.securitySystem.authorize(securitySession, authorizationTuple.getOperation(), authorizationTuple.getResource());
                        getLogger().debug(new StringBuffer().append("checking the interceptor authz ").append(authorize.isAuthorized()).append(" for ").append(authorizationTuple.toString()).toString());
                        if (authorize.isAuthorized()) {
                            getLogger().debug(new StringBuffer().append(securitySession.getUser().getPrincipal()).append(" is authorized for action ").append(secureAction2.getClass().getName()).append(" by ").append(authorizationTuple.toString()).toString());
                            return actionInvocation.invoke();
                        }
                    }
                    return REQUIRES_AUTHORIZATION;
                }
            }
            getLogger().debug(new StringBuffer().append("not a secure action ").append(secureAction.getClass().getName()).toString());
            String invoke = actionInvocation.invoke();
            getLogger().debug(new StringBuffer().append("Passing invocation up, result is [").append(invoke).append("] on call ").append(actionInvocation.getAction().getClass().getName()).toString());
            return invoke;
        } catch (SecureActionException e) {
            getLogger().error(new StringBuffer().append("can't generate the SecureActionBundle, deny access: ").append(e.getMessage()).toString());
            return REQUIRES_AUTHENTICATION;
        }
    }
}
