package com.els.base.auth.config;

import com.els.base.auth.utils.AnonymousMatcherUtils;
import com.els.base.auth.utils.AuthConstant;
import com.els.base.auth.web.security.impl.CustomAccessDecisionManagerImpl;
import com.els.base.auth.web.security.impl.CustomCaptchaAuthenticationFilter;
import com.els.base.auth.web.security.impl.CustomDaoAuthenticationProvider;
import com.els.base.auth.web.security.impl.CustomFilterInvocationSecurityMetadataSource;
import com.els.base.auth.web.security.impl.InVaildSessionHandlerForAnonymouoseFilter;
import com.els.base.auth.web.security.impl.LocaleChangeAndSaveFilter;
import java.util.Arrays;
import javax.annotation.Resource;
import javax.servlet.Filter;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.session.ConcurrentSessionFilter;
import org.springframework.security.web.session.InvalidSessionStrategy;
import org.springframework.security.web.session.SessionManagementFilter;

@EnableWebSecurity
/* loaded from: input_file:com/els/base/auth/config/SecurityConfiguration.class */
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Resource(name = "customPasswordEncoder")
    PasswordEncoder passwordEncoder;

    @Resource(name = "customUserDetailsService")
    UserDetailsService userDetailsService;

    @Resource(name = "customAuthenticationFailureHandler")
    AuthenticationFailureHandler failureHandler;

    @Resource(name = "customAuthenticationSuccessHandler")
    protected AuthenticationSuccessHandler successHandler;

    @Resource(name = "customAccessDecisionManager")
    protected CustomAccessDecisionManagerImpl customAccessDecisionManager;

    @Resource(name = "customFilterInvocationSecurityMetadataSource")
    protected CustomFilterInvocationSecurityMetadataSource customFilterInvocationSecurityMetadataSource;

    @Resource(name = "accessDeniedHandler")
    protected AccessDeniedHandler accessDeniedHandler;

    @Resource(name = "customInvalidSessionStrategy")
    InvalidSessionStrategy invalidSessionStrategy;

    @Resource(name = "localeChangeAndSaveFilter")
    LocaleChangeAndSaveFilter localeChangeAndSaveFilter;

    @Resource(name = "authenticationEntryPoint")
    AuthenticationEntryPoint authenticationEntryPoint;

    @Resource(name = "customLogoutSuccessHandler")
    LogoutSuccessHandler customLogoutSuccessHandler;

    @Resource(name = "sessionManagementFilter")
    InVaildSessionHandlerForAnonymouoseFilter sessionManagementFilter;

    public void configure(WebSecurity webSecurity) throws Exception {
        ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) ((WebSecurity.IgnoredRequestConfigurer) webSecurity.ignoring().antMatchers(new String[]{"/resources/**", "/swagger/**", "/mobileview/**", "/login.html*"})).antMatchers(new String[]{"/auditevents", "/beans", "/caches", "/conditions", "/configprops", "/env", "/flyway", "/health", "/heapdump", "/httptrace", "/info", "/integrationgraph", "/jolokia", "/logfile", "/loggers", "/liquibase", "/metrics", "/mappings", "/prometheus", "/scheduledtasks", "/sessions", "/shutdown", "/threaddump"})).antMatchers(new String[]{"/captcha/**", "/v2/api-docs", "/sap/**", "/api/applications/**"})).antMatchers(new String[]{"/wxLoginQrCode/service/createQrcodeForLogin", "/wxScanLogin/service/wxScanLogin"});
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.addFilterBefore(this.localeChangeAndSaveFilter, ConcurrentSessionFilter.class).addFilterBefore(getCaptchaAuthenticaionFilter(), UsernamePasswordAuthenticationFilter.class).addFilterBefore(this.sessionManagementFilter, SessionManagementFilter.class).addFilterBefore(getCustomFilterSecurityInterceptor(), FilterSecurityInterceptor.class);
        httpSecurity.sessionManagement().sessionFixation().migrateSession();
        httpSecurity.sessionManagement().invalidSessionStrategy(this.invalidSessionStrategy);
        httpSecurity.sessionManagement().sessionAuthenticationErrorUrl(AuthConstant.DEFAULT_ENTRY_POINT);
        httpSecurity.sessionManagement().maximumSessions(1).maxSessionsPreventsLogin(false).expiredUrl(AuthConstant.DEFAULT_ENTRY_POINT);
        httpSecurity.exceptionHandling().accessDeniedHandler(this.accessDeniedHandler).authenticationEntryPoint(this.authenticationEntryPoint);
        httpSecurity.headers().frameOptions().disable();
        httpSecurity.formLogin().failureHandler(this.failureHandler).and().anonymous().key("anonymousDoesNotMatter").authorities(new String[]{AuthConstant.ANONYMOUS_ROLE.getId()}).and().logout().invalidateHttpSession(true).logoutUrl("/logout").logoutSuccessHandler(this.customLogoutSuccessHandler).and().csrf().disable();
        AnonymousMatcherUtils.configAnonymousMatchers("/*/front/**");
    }

    private Filter getCustomFilterSecurityInterceptor() {
        FilterSecurityInterceptor filterSecurityInterceptor = new FilterSecurityInterceptor();
        filterSecurityInterceptor.setAuthenticationManager(getAuthenticationManager());
        filterSecurityInterceptor.setAccessDecisionManager(this.customAccessDecisionManager);
        filterSecurityInterceptor.setSecurityMetadataSource(this.customFilterInvocationSecurityMetadataSource);
        return filterSecurityInterceptor;
    }

    @Bean({"captchaAuthenticaionFilter"})
    protected Filter getCaptchaAuthenticaionFilter() {
        CustomCaptchaAuthenticationFilter customCaptchaAuthenticationFilter = new CustomCaptchaAuthenticationFilter();
        customCaptchaAuthenticationFilter.setAuthenticationManager(getAuthenticationManager());
        customCaptchaAuthenticationFilter.setAuthenticationFailureHandler(this.failureHandler);
        customCaptchaAuthenticationFilter.setAuthenticationSuccessHandler(this.successHandler);
        customCaptchaAuthenticationFilter.setFilterProcessesUrl("/loginForSpringSecurity");
        return customCaptchaAuthenticationFilter;
    }

    @Bean({"authenticationManager"})
    protected AuthenticationManager getAuthenticationManager() {
        return new ProviderManager(Arrays.asList(getAuthenticationProvider()));
    }

    protected AuthenticationProvider getAuthenticationProvider() {
        CustomDaoAuthenticationProvider customDaoAuthenticationProvider = new CustomDaoAuthenticationProvider();
        customDaoAuthenticationProvider.setPasswordEncoder(this.passwordEncoder);
        customDaoAuthenticationProvider.setUserDetailsService(this.userDetailsService);
        customDaoAuthenticationProvider.setHideUserNotFoundExceptions(true);
        return customDaoAuthenticationProvider;
    }
}
