package leap.web.security;

import leap.core.annotation.Inject;
import leap.core.security.Authentication;
import leap.core.security.Authorization;
import leap.lang.http.HTTP;
import leap.lang.intercepting.State;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.web.Request;
import leap.web.Response;
import leap.web.security.authc.AuthenticationManager;
import leap.web.security.authz.AuthorizationManager;
import leap.web.security.login.LoginManager;
import leap.web.security.logout.LogoutManager;
import leap.web.security.path.SecuredPath;

/* loaded from: input_file:leap/web/security/DefaultSecurityHandler.class */
public class DefaultSecurityHandler implements SecurityHandler {
    private static final Log log = LogFactory.get((Class<?>) DefaultSecurityHandler.class);

    @Inject
    protected SecurityConfig config;

    @Inject
    protected AuthenticationManager authcManager;

    @Inject
    protected AuthorizationManager authzManager;

    @Inject
    protected LoginManager loginManager;

    @Inject
    protected LogoutManager logoutManager;

    @Override // leap.web.security.SecurityHandler
    public Authentication resolveAuthentication(Request request, Response response, SecurityContextHolder securityContextHolder) throws Throwable {
        return this.authcManager.resolveAuthentication(request, response, securityContextHolder);
    }

    @Override // leap.web.security.SecurityHandler
    public Authorization resolveAuthorization(Request request, Response response, SecurityContextHolder securityContextHolder) throws Throwable {
        return this.authzManager.resolveAuthorization(request, response, securityContextHolder);
    }

    @Override // leap.web.security.SecurityHandler
    public boolean checkAuthentication(Request request, Response response, SecurityContextHolder securityContextHolder) throws Throwable {
        SecuredPath securedPath = securityContextHolder.getSecuredPath();
        if (null != securedPath) {
            return securedPath.checkAuthentication(securityContextHolder);
        }
        return true;
    }

    @Override // leap.web.security.SecurityHandler
    public boolean checkAuthorization(Request request, Response response, SecurityContextHolder securityContextHolder) throws Throwable {
        SecuredPath securedPath = securityContextHolder.getSecuredPath();
        if (!this.authzManager.checkAuthorization(request, response, securityContextHolder)) {
            return false;
        }
        if (null != securedPath) {
            return securedPath.checkAuthorization(securityContextHolder);
        }
        return true;
    }

    @Override // leap.web.security.SecurityHandler
    public void handleAuthenticationDenied(Request request, Response response, SecurityContextHolder securityContextHolder) throws Throwable {
        SecuredPath securedPath = securityContextHolder.getSecuredPath();
        if (null == securedPath || null == securedPath.getFailureHandler() || !securedPath.getFailureHandler().handleAuthenticationDenied(request, response, securityContextHolder)) {
            for (SecurityInterceptor securityInterceptor : this.config.getInterceptors()) {
                if (State.isIntercepted(securityInterceptor.onAuthenticationDenied(request, response, securityContextHolder))) {
                    return;
                }
            }
            this.loginManager.promoteLogin(request, response, securityContextHolder.getLoginContext());
            if (response.getStatus() >= HTTP.SC_MULTIPLE_CHOICES || response.getStatus() < HTTP.SC_OK) {
                return;
            }
            response.setStatus(HTTP.SC_UNAUTHORIZED);
        }
    }

    @Override // leap.web.security.SecurityHandler
    public void handleAuthorizationDenied(Request request, Response response, SecurityContextHolder securityContextHolder) throws Throwable {
        SecuredPath securedPath = securityContextHolder.getSecuredPath();
        if (null == securedPath || null == securedPath.getFailureHandler() || !securedPath.getFailureHandler().handleAuthorizationDenied(request, response, securityContextHolder)) {
            for (SecurityInterceptor securityInterceptor : this.config.getInterceptors()) {
                if (State.isIntercepted(securityInterceptor.onAuthorizationDenied(request, response, securityContextHolder))) {
                    return;
                }
            }
            if (request.isAjax()) {
                response.setStatus(HTTP.SC_FORBIDDEN);
            } else {
                response.sendError(HTTP.SC_FORBIDDEN);
            }
        }
    }

    @Override // leap.web.security.SecurityHandler
    public boolean handleLoginRequest(Request request, Response response, SecurityContextHolder securityContextHolder) throws Throwable {
        return this.loginManager.handleLoginRequest(request, response, securityContextHolder.getLoginContext());
    }

    @Override // leap.web.security.SecurityHandler
    public boolean handleLogoutRequest(Request request, Response response, SecurityContextHolder securityContextHolder) throws Throwable {
        return this.logoutManager.handleLogoutRequest(request, response, securityContextHolder.getLogoutContext());
    }
}
