package com.els.base.auth.web.security.impl;

import com.els.base.auth.exception.InVaildSessionForAnonymousException;
import com.els.base.auth.utils.AnonymousMatcherUtils;
import com.els.base.core.entity.ResponseResult;
import com.els.base.core.utils.ResponseCode;
import com.els.base.utils.http.HttpResponseUtils;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.session.InvalidSessionStrategy;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;

/* loaded from: input_file:com/els/base/auth/web/security/impl/CustomInvalidSessionStrategy.class */
public class CustomInvalidSessionStrategy implements InvalidSessionStrategy {
    private final String destinationUrl;
    private final Log logger = LogFactory.getLog(getClass());
    private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
    private boolean createNewSession = true;

    public CustomInvalidSessionStrategy(String str) {
        Assert.isTrue(UrlUtils.isValidRedirectUrl(str), "url must start with '/' or with 'http(s)'");
        this.destinationUrl = str;
    }

    public void onInvalidSessionDetected(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (AnonymousMatcherUtils.isAnonymousAccess(httpServletRequest) && httpServletRequest.isRequestedSessionIdValid()) {
            throw new InVaildSessionForAnonymousException();
        }
        this.logger.debug("Starting new session (if required) and redirecting to '" + this.destinationUrl + "'");
        if (this.createNewSession) {
            httpServletRequest.getSession();
        }
        HttpResponseUtils.responseResutlAsJson(httpServletResponse, ResponseResult.fail(ResponseCode.Account_No_Login));
    }

    public void setCreateNewSession(boolean z) {
        this.createNewSession = z;
    }
}
