package com.kuaike.cas.filter.authorize;

import com.kuaike.cas.ac.AppAccessAuthorizationManager;
import com.kuaike.cas.context.AccessControlContext;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/kuaike/cas/filter/authorize/AppAuthorizationFilter.class */
public class AppAuthorizationFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(AppAuthorizationFilter.class);
    private static final String DEFAULT_NO_AUTH = "/noAuth";
    private static final String DEFAULT_LOGOUT = "/logout";

    @Autowired
    private AppAccessAuthorizationManager appAccessAuthorizationManager;
    private volatile String noAuthRedirectPage = DEFAULT_NO_AUTH;
    private volatile String logOutPage = DEFAULT_LOGOUT;
    private volatile boolean ajaxRequestUnReDirect = true;

    public void init(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter("noAuthRedirectPage");
        if (StringUtils.isNotBlank(initParameter)) {
            this.noAuthRedirectPage = initParameter;
        }
        String initParameter2 = filterConfig.getInitParameter("logOutPage");
        if (StringUtils.isNotBlank(initParameter2)) {
            this.logOutPage = initParameter2;
        }
        String initParameter3 = filterConfig.getInitParameter("ajaxRequestUnReDirect");
        if (StringUtils.isNotBlank(initParameter3)) {
            this.ajaxRequestUnReDirect = Boolean.parseBoolean(initParameter3);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!AccessControlContext.mustRequestBeAuthenticated() || canVisitThisApp() || isNoAuthPage(httpServletRequest) || isLogoutPage(httpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        log.info("用户[{}]没有权限访问本系统", AccessControlContext.getLoginAccount().getName());
        if (httpServletRequest.getMethod().equals("POST") && this.ajaxRequestUnReDirect) {
            writeAjaxResponse(httpServletResponse);
        } else {
            redirectOnNoAuth(httpServletResponse);
        }
    }

    private boolean isLogoutPage(HttpServletRequest httpServletRequest) {
        return this.logOutPage.endsWith(httpServletRequest.getRequestURI());
    }

    private boolean canVisitThisApp() {
        return true;
    }

    private boolean isNoAuthPage(HttpServletRequest httpServletRequest) {
        return this.noAuthRedirectPage.endsWith(httpServletRequest.getRequestURI());
    }

    public void destroy() {
    }

    private void redirectOnNoAuth(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendRedirect(this.noAuthRedirectPage);
    }

    private void writeAjaxResponse(HttpServletResponse httpServletResponse) {
        httpServletResponse.setStatus(403);
    }
}
