package tp.ms.cas.security.config;

import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.util.matcher.RegexRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import tp.ms.cas.security.permission.entity.RoleEnum;
import tp.ms.cas.security.permission.filter.JwtAuthenticationTokenFilter;

@Configuration
@EnableWebSecurity
@AutoConfigureAfter({MsSecurityBeanConfiguration.class})
@ComponentScan({"tp.ms.cas.security.*"})
/* loaded from: input_file:tp/ms/cas/security/config/MsWebSecurityConfig.class */
public class MsWebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AuthenticationEntryPoint authenticationEntryPoint;

    @Autowired
    private AuthenticationProvider authenticationProvider;

    @Autowired
    private SingleSignOutFilter singleSignOutFilter;

    @Autowired
    private LogoutFilter logoutFilter;

    @Autowired
    private AccessDeniedHandler msAccessDeniedHandler;

    @Autowired
    AuthenticationManager authenticationManager;

    @Autowired
    JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/login/cas"})).permitAll().and().csrf().requireCsrfProtectionMatcher(new RequestMatcher() { // from class: tp.ms.cas.security.config.MsWebSecurityConfig.1
            private Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
            private RegexRequestMatcher unprotectedMatcher = new RegexRequestMatcher("^/rest/.*", (String) null);

            public boolean matches(HttpServletRequest httpServletRequest) {
                return (this.allowedMethods.matcher(httpServletRequest.getMethod()).matches() || httpServletRequest.getServletPath().contains("/druid") || this.unprotectedMatcher.matches(httpServletRequest)) ? false : true;
            }
        }).and().csrf().disable().cors().and().authorizeRequests().antMatchers(new String[]{"/index"})).hasAnyRole(new String[]{RoleEnum.USER.toString()}).and().authorizeRequests().antMatchers(new String[]{"/connector/.*"})).hasAnyRole(new String[]{RoleEnum.USER.toString()}).and().authorizeRequests().antMatchers(new String[]{"/abc/[\\d]*"})).hasAnyRole(new String[]{RoleEnum.OUTSIDE_USER.toString(), RoleEnum.USER.toString()}).and().authorizeRequests().anyRequest()).authenticated().and().httpBasic().authenticationEntryPoint(this.authenticationEntryPoint).and().logout().logoutSuccessUrl("/logout").and().addFilterBefore(this.singleSignOutFilter, CasAuthenticationFilter.class).addFilterBefore(this.logoutFilter, LogoutFilter.class).addFilterBefore(this.jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class).exceptionHandling().accessDeniedHandler(this.msAccessDeniedHandler);
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.authenticationProvider(this.authenticationProvider);
    }

    protected AuthenticationManager authenticationManager() throws Exception {
        return this.authenticationManager;
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers(new String[]{"/v2/api-docs", "/swagger-resources/configuration/ui", "/swagger-resources", "/swagger-resources/configuration/security", "/webjars/**"});
        super.configure(webSecurity);
    }
}
