package com.baijia.cas.client.filter;

import com.baijia.cas.ac.dto.RoleDto;
import com.baijia.cas.client.ac.AccessControl;
import com.baijia.cas.client.ac.AccessControlImpl;
import com.baijia.cas.client.util.AccessControlContext;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/baijia/cas/client/filter/CanVisitThisAppFilter.class */
public class CanVisitThisAppFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger(CanVisitThisAppFilter.class);
    private static final String DEFAULT_NO_AUTH = "/noAuth";
    private static final String DEFAULT_LOGOUT = "/logout";
    private AccessControl ac = AccessControlImpl.getInstance();
    private String noAuthRedirectPage = DEFAULT_NO_AUTH;
    private String logOutPage = DEFAULT_LOGOUT;
    private boolean ajaxRequestUnReDirect = true;

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("noAuthRedirectPage");
        if (StringUtils.isNotBlank(initParameter)) {
            this.noAuthRedirectPage = initParameter;
        }
        String initParameter2 = filterConfig.getInitParameter("logOutPage");
        if (StringUtils.isNotBlank(initParameter2)) {
            this.logOutPage = initParameter2;
        }
        String initParameter3 = filterConfig.getInitParameter("ajaxRequestUnReDirect");
        if (StringUtils.isNotBlank(initParameter3)) {
            this.ajaxRequestUnReDirect = Boolean.parseBoolean(initParameter3);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        logger.debug("Visiting {}", httpServletRequest.getRequestURI());
        if (canVisitThisApp() || isNoAuthPage(httpServletRequest) || isLogoutPage(httpServletRequest) || isSysAdmin()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        logger.info("No auth to visit this app ...");
        if (httpServletRequest.getMethod().equals("POST") && this.ajaxRequestUnReDirect) {
            writeAjaxResponse(httpServletResponse);
        } else {
            redirectOnNoAuth(httpServletResponse);
        }
    }

    protected boolean isSysAdmin() {
        RoleDto currentRole = AccessControlContext.getCurrentRole();
        if (currentRole != null) {
            return this.ac.isAdmin(currentRole.getTag());
        }
        return false;
    }

    protected boolean isLogoutPage(HttpServletRequest httpServletRequest) {
        return this.logOutPage.endsWith(httpServletRequest.getRequestURI());
    }

    protected boolean canVisitThisApp() {
        return this.ac.canVisitThisApp();
    }

    protected boolean isNoAuthPage(HttpServletRequest httpServletRequest) {
        return this.noAuthRedirectPage.endsWith(httpServletRequest.getRequestURI());
    }

    public void destroy() {
    }

    private void redirectOnNoAuth(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendRedirect(this.noAuthRedirectPage);
    }

    private void writeAjaxResponse(HttpServletResponse httpServletResponse) {
        httpServletResponse.setStatus(403);
    }
}
