package org.flowable.ui.modeler.conf;

import org.flowable.ui.common.properties.FlowableRestAppProperties;
import org.flowable.ui.common.security.ApiHttpSecurityCustomizer;
import org.flowable.ui.modeler.properties.FlowableModelerAppProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;

@Configuration(proxyBeanMethods = false)
@EnableWebSecurity
/* loaded from: input_file:org/flowable/ui/modeler/conf/ModelerSecurityConfiguration.class */
public class ModelerSecurityConfiguration {

    @Configuration
    @Order(3)
    /* loaded from: input_file:org/flowable/ui/modeler/conf/ModelerSecurityConfiguration$ModelerApiWebSecurityConfigurationAdapter.class */
    public static class ModelerApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
        protected final FlowableRestAppProperties restAppProperties;
        protected final FlowableModelerAppProperties modelerAppProperties;
        protected final ApiHttpSecurityCustomizer apiHttpSecurityCustomizer;

        public ModelerApiWebSecurityConfigurationAdapter(FlowableRestAppProperties flowableRestAppProperties, FlowableModelerAppProperties flowableModelerAppProperties, ApiHttpSecurityCustomizer apiHttpSecurityCustomizer) {
            this.restAppProperties = flowableRestAppProperties;
            this.modelerAppProperties = flowableModelerAppProperties;
            this.apiHttpSecurityCustomizer = apiHttpSecurityCustomizer;
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable();
            if (!this.modelerAppProperties.isRestEnabled()) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher("/api/editor/**").authorizeRequests().antMatchers(new String[]{"/api/editor/**"})).denyAll();
                return;
            }
            if (this.restAppProperties.isVerifyRestApiPrivilege()) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher("/api/editor/**").authorizeRequests().antMatchers(new String[]{"/api/editor/**"})).hasAuthority("access-rest-api");
            } else {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher("/api/editor/**").authorizeRequests().antMatchers(new String[]{"/api/editor/**"})).authenticated();
            }
            this.apiHttpSecurityCustomizer.customize(httpSecurity);
        }
    }
}
