package org.september.simpleweb.auth;

import com.alibaba.fastjson.JSONObject;
import java.io.IOException;
import java.io.PrintWriter;
import java.lang.reflect.Method;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.september.simpleweb.model.ResponseVo;
import org.september.simpleweb.utils.SessionHelper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.filter.CharacterEncodingFilter;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;

/* loaded from: input_file:org/september/simpleweb/auth/SimpleWebSecurityConfiguration.class */
public class SimpleWebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private AjaxAuthenticationEntryPoint ajaxAuthenticationEntryPoint;

    @Autowired
    protected WebApplicationContext applicationContext;

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers(new String[]{"/assets/**"});
        webSecurity.ignoring().antMatchers(new String[]{"/login"});
        webSecurity.ignoring().antMatchers(new String[]{"/favicon.ico"});
        for (Map.Entry entry : ((RequestMappingHandlerMapping) this.applicationContext.getBean(RequestMappingHandlerMapping.class)).getHandlerMethods().entrySet()) {
            RequestMappingInfo requestMappingInfo = (RequestMappingInfo) entry.getKey();
            Method method = ((HandlerMethod) entry.getValue()).getMethod();
            PublicMethod publicMethod = (PublicMethod) method.getDeclaringClass().getAnnotation(PublicMethod.class);
            if (publicMethod == null) {
                publicMethod = (PublicMethod) method.getAnnotation(PublicMethod.class);
            }
            if (publicMethod != null) {
                webSecurity.ignoring().antMatchers(new String[]{(String) requestMappingInfo.getPatternsCondition().getPatterns().iterator().next()});
            }
        }
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.formLogin().and().sessionManagement().maximumSessions(3).and().and().logout().logoutUrl("/logout").and().formLogin().loginPage("/login?forward=true").successHandler(new AuthenticationSuccessHandler() { // from class: org.september.simpleweb.auth.SimpleWebSecurityConfiguration.1
            public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
                ResponseVo code = ResponseVo.BUILDER().setData(SessionHelper.getLoginReturnData()).setCode(0);
                httpServletResponse.setContentType("application/json;charset=utf-8");
                SessionHelper.setSessionUser(authentication.getPrincipal());
                PrintWriter writer = httpServletResponse.getWriter();
                writer.write(JSONObject.toJSONString(code));
                writer.flush();
                writer.close();
            }
        }).failureHandler(new AuthenticationFailureHandler() { // from class: org.september.simpleweb.auth.SimpleWebSecurityConfiguration.2
            public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
                httpServletResponse.setContentType("application/json;charset=utf-8");
                ResponseVo code = ResponseVo.BUILDER().setDesc(authenticationException.getMessage()).setCode(-1);
                PrintWriter writer = httpServletResponse.getWriter();
                writer.write(JSONObject.toJSONString(code));
                writer.flush();
                writer.close();
            }
        }).loginProcessingUrl("/doLogin").and().logout().logoutUrl("/logout").and().exceptionHandling().defaultAuthenticationEntryPointFor(this.ajaxAuthenticationEntryPoint, new RequestMatcher() { // from class: org.september.simpleweb.auth.SimpleWebSecurityConfiguration.3
            public boolean matches(HttpServletRequest httpServletRequest) {
                return "XMLHttpRequest".equals(httpServletRequest.getHeader("X-Requested-With"));
            }
        }).and();
        httpSecurity.csrf().disable();
        httpSecurity.headers().frameOptions().disable();
        CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
        characterEncodingFilter.setEncoding("UTF-8");
        characterEncodingFilter.setForceEncoding(true);
        httpSecurity.addFilterBefore(characterEncodingFilter, CsrfFilter.class);
    }
}
