package leap.web.api.security;

import leap.core.annotation.Inject;
import leap.lang.path.Paths;
import leap.web.Request;
import leap.web.Response;
import leap.web.api.config.ApiConfigProcessor;
import leap.web.api.config.ApiConfigurator;
import leap.web.api.mvc.ApiErrorHandler;
import leap.web.security.SecurityConfigurator;
import leap.web.security.SecurityContextHolder;
import leap.web.security.SecurityFailureHandler;
import leap.web.security.authz.AuthorizationContext;

/* loaded from: input_file:leap/web/api/security/SecurityConfigProcessor.class */
public class SecurityConfigProcessor implements ApiConfigProcessor {

    @Inject
    protected ApiErrorHandler eh;

    @Inject
    protected SecurityConfigurator sc;

    /* loaded from: input_file:leap/web/api/security/SecurityConfigProcessor$ApiSecurityFailureHandler.class */
    protected final class ApiSecurityFailureHandler implements SecurityFailureHandler {
        protected ApiSecurityFailureHandler() {
        }

        public boolean handleAuthenticationDenied(Request request, Response response, SecurityContextHolder securityContextHolder) throws Throwable {
            SecurityConfigProcessor.this.eh.unauthorized(response);
            return true;
        }

        public boolean handleAuthorizationDenied(Request request, Response response, AuthorizationContext authorizationContext) throws Throwable {
            SecurityConfigProcessor.this.eh.forbidden(response);
            return true;
        }
    }

    @Override // leap.web.api.config.ApiConfigProcessor
    public void preProcess(ApiConfigurator apiConfigurator) {
        this.sc.setPathPrefixFailureHandler(Paths.suffixWithSlash(apiConfigurator.config().getBasePath()), new ApiSecurityFailureHandler());
    }
}
