package jodd.joy.auth;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jodd.log.Logger;
import jodd.log.LoggerFactory;
import jodd.madvoc.ActionRequest;
import jodd.madvoc.interceptor.BaseActionInterceptor;
import jodd.servlet.DispatcherUtil;
import jodd.util.URLCoder;

/* loaded from: input_file:jodd/joy/auth/AuthorizationInterceptor.class */
public abstract class AuthorizationInterceptor extends BaseActionInterceptor {
    private static final Logger log = LoggerFactory.getLogger(AuthorizationInterceptor.class);

    public Object intercept(ActionRequest actionRequest) throws Exception {
        HttpServletRequest httpServletRequest = actionRequest.getHttpServletRequest();
        HttpServletResponse httpServletResponse = actionRequest.getHttpServletResponse();
        Object userSession = AuthUtil.getUserSession(httpServletRequest.getSession());
        if (log.isDebugEnabled()) {
            log.debug("authorize user: " + userSession);
        }
        if (authorize(actionRequest, userSession)) {
            if (log.isInfoEnabled()) {
                log.info("access granted for: " + userSession);
            }
            return actionRequest.invoke();
        }
        if (log.isInfoEnabled()) {
            log.info("access denied for: " + userSession);
        }
        httpServletResponse.setStatus(403);
        return userSession != null ? resultAccessDenied() : resultLogin(DispatcherUtil.getUrl(httpServletRequest));
    }

    protected Object resultAccessDenied() {
        return "redirect:<accessDenied>";
    }

    protected Object resultLogin(String str) {
        return "redirect:<login>" + (str == null ? "" : '?' + URLCoder.encodeQueryParam(AuthAction.LOGIN_SUCCESS_PATH) + '=' + URLCoder.encodeQueryParam(str));
    }

    protected abstract boolean authorize(ActionRequest actionRequest, Object obj);
}
