package org.ojbc.mondrian.rest;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.ojbc.mondrian.rest.RequestAuthorizer;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.w3c.dom.Document;

@Component
/* loaded from: input_file:WEB-INF/classes/org/ojbc/mondrian/rest/SamlAssertionRequestRoleAuthorizer.class */
public class SamlAssertionRequestRoleAuthorizer extends AbstractSamlAssertionRequestAuthorizer {
    private final Log log = LogFactory.getLog(SamlAssertionRequestRoleAuthorizer.class);

    @Value("${samlAssertionRoleAttributeName:null}")
    private String roleAttributeName;

    public String getRoleAttributeName() {
        return this.roleAttributeName;
    }

    public void setRoleAttributeName(String str) {
        this.roleAttributeName = str;
    }

    @Override // org.ojbc.mondrian.rest.AbstractSamlAssertionRequestAuthorizer
    protected RequestAuthorizer.RequestAuthorizationStatus authorizeAssertion(String str, Document document) {
        RequestAuthorizer.RequestAuthorizationStatus requestAuthorizationStatus = new RequestAuthorizer.RequestAuthorizationStatus();
        requestAuthorizationStatus.authorized = false;
        String assertionAttributeValue = SamlUtils.getAssertionAttributeValue(document, this.roleAttributeName);
        if (assertionAttributeValue != null) {
            requestAuthorizationStatus.authorized = true;
            requestAuthorizationStatus.token = getToken(document);
            requestAuthorizationStatus.mondrianRole = assertionAttributeValue;
            if (assertionAttributeValue.equals(ALL_ACCESS_ROLE_NAME)) {
                requestAuthorizationStatus.mondrianRole = null;
            }
            this.log.info("Authorized token " + getToken(document) + " with role " + assertionAttributeValue);
        } else {
            requestAuthorizationStatus.message = "No role attribute with name " + this.roleAttributeName + " found in assertion with token " + getToken(document);
        }
        return requestAuthorizationStatus;
    }
}
