package org.summerclouds.common.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.UUID;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.access.expression.WebExpressionVoter;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.summerclouds.common.core.tool.MSpring;
import org.summerclouds.common.core.tool.MString;
import org.summerclouds.common.security.jwt.DaoJwtAuthenticationProvider;
import org.summerclouds.common.security.jwt.JwtConfigurer;
import org.summerclouds.common.security.permissions.PermSet;
import org.summerclouds.common.security.permissions.ResourceAceVoter;
import org.summerclouds.common.security.permissions.RoleAceVoter;
import org.summerclouds.common.security.realm.RealmManager;

@Configuration
@EnableWebSecurity
@ConditionalOnProperty(name = {"org.summerclouds.security.default.enabled"}, havingValue = "true")
/* loaded from: input_file:org/summerclouds/common/security/DefaultRestWebSecurityConfiguration.class */
public class DefaultRestWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(realmManager());
        authenticationManagerBuilder.authenticationProvider(new DaoJwtAuthenticationProvider(authenticationManagerBuilder.getDefaultUserDetailsService()));
    }

    @Bean
    RealmManager realmManager() {
        return new RealmManager();
    }

    public void configure(WebSecurity webSecurity) throws Exception {
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ArrayList arrayList = new ArrayList();
        String value = MSpring.getValue("spring.security.guest.permissions");
        if (value != null) {
            arrayList.add(new PermSet(value));
        }
        String value2 = MSpring.getValue("spring.security.guest.authorities");
        if (value2 != null) {
            for (String str : value2.split(",")) {
                if (MString.isSetTrim(str)) {
                    arrayList.add(new SimpleGrantedAuthority(str));
                }
            }
        }
        if (arrayList.size() == 0) {
            arrayList.add(new SimpleGrantedAuthority(UUID.randomUUID().toString()));
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().formLogin().disable().logout().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers(new String[]{"/**"})).hasAuthority("ace_web:${method}:${url}").accessDecisionManager(accessDecisionManager()).and().apply(new JwtConfigurer()).and().httpBasic();
    }

    public void addCorsMappings(CorsRegistry corsRegistry) {
        corsRegistry.addMapping("/**").allowedMethods(new String[]{"GET", "POST", "PUT", "DELETE"}).allowedOrigins(new String[]{"*"}).allowedHeaders(new String[]{"*"});
    }

    @Bean
    public AccessDecisionManager accessDecisionManager() {
        return new AffirmativeBased(Arrays.asList(new ResourceAceVoter(), new WebExpressionVoter(), new RoleAceVoter(), new AuthenticatedVoter()));
    }
}
