package com.bstek.bdf2.core.security.metadata;

import com.bstek.bdf2.core.business.IUser;
import com.bstek.bdf2.core.cache.ApplicationCache;
import com.bstek.bdf2.core.config.parser.element.ResourcesElementParser;
import com.bstek.bdf2.core.context.ContextHolder;
import com.bstek.bdf2.core.exception.NoneLoginException;
import com.bstek.bdf2.core.model.Role;
import com.bstek.bdf2.core.model.RoleMember;
import com.bstek.bdf2.core.model.Url;
import com.bstek.bdf2.core.orm.jdbc.JdbcDao;
import com.bstek.bdf2.core.security.attribute.AttributeType;
import com.bstek.bdf2.core.security.attribute.SecurityConfigAttribute;
import com.bstek.bdf2.core.service.IRoleService;
import com.bstek.bdf2.core.service.IUrlService;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.Assert;

/* loaded from: input_file:com/bstek/bdf2/core/security/metadata/UrlMetadataSource.class */
public class UrlMetadataSource extends JdbcDao implements FilterInvocationSecurityMetadataSource, InitializingBean {
    public static final String BEAN_ID = "bdf2.urlMetadataSource";
    private IRoleService roleService;
    private IUrlService urlService;
    private ApplicationCache applicationCache;
    private boolean useConservativeAuthorityStrategy;
    private String urlMetadataCacheKey = "url_metadata_";
    private Map<String, ConfigAttribute> anonymousUrlMetadata = new HashMap();
    private AntPathMatcher matcher = new AntPathMatcher();

    public Collection<ConfigAttribute> getAttributes(Object obj) throws IllegalArgumentException {
        String requestPath = obj instanceof FilterInvocation ? getRequestPath(((FilterInvocation) obj).getRequest()) : (String) obj;
        Collection<ConfigAttribute> anonymousUrlAttributes = getAnonymousUrlAttributes(requestPath);
        if (anonymousUrlAttributes != null) {
            return anonymousUrlAttributes;
        }
        IUser loginUser = ContextHolder.getLoginUser();
        if (loginUser == null) {
            throw new NoneLoginException("Please login first");
        }
        String companyId = loginUser.getCompanyId();
        Assert.hasText(companyId, "current login user[" + ContextHolder.getLoginUser().getUsername() + "] is not specified company ID");
        Map<String, Map<String, List<ConfigAttribute>>> loadMetaData = loadMetaData();
        Map<String, List<ConfigAttribute>> map = null;
        for (String str : companyId.split(ResourcesElementParser.LOCATION_SEPARATOR)) {
            map = loadMetaData.get(str);
            if (map != null) {
                break;
            }
        }
        if (map == null) {
            if (!this.useConservativeAuthorityStrategy || loginUser.isAdministrator()) {
                return CollectionUtils.EMPTY_COLLECTION;
            }
            throw new AccessDeniedException("Access denied");
        }
        if (map.containsKey(requestPath)) {
            List<ConfigAttribute> list = map.get(requestPath);
            if (list.size() > 0) {
                return list;
            }
            if (!this.useConservativeAuthorityStrategy || loginUser.isAdministrator()) {
                return list;
            }
            throw new AccessDeniedException("Access denied");
        }
        String substring = requestPath.substring(1, requestPath.length());
        if (!map.containsKey(substring)) {
            if (!this.useConservativeAuthorityStrategy || loginUser.isAdministrator()) {
                return CollectionUtils.EMPTY_COLLECTION;
            }
            throw new AccessDeniedException("Access denied");
        }
        List<ConfigAttribute> list2 = map.get(substring);
        if (list2.size() > 0) {
            return list2;
        }
        if (!this.useConservativeAuthorityStrategy || loginUser.isAdministrator()) {
            return list2;
        }
        throw new AccessDeniedException("Access denied");
    }

    private Collection<ConfigAttribute> getAnonymousUrlAttributes(String str) {
        ArrayList arrayList = null;
        Iterator<String> it = this.anonymousUrlMetadata.keySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (this.matcher.match(next, str)) {
                arrayList = new ArrayList();
                arrayList.add(this.anonymousUrlMetadata.get(next));
                break;
            }
        }
        return arrayList;
    }

    public Collection<ConfigAttribute> getAllConfigAttributes() {
        return CollectionUtils.EMPTY_COLLECTION;
    }

    public boolean supports(Class<?> cls) {
        return FilterInvocation.class.isAssignableFrom(cls);
    }

    private Map<String, Map<String, List<ConfigAttribute>>> loadMetaData() {
        return (Map) this.applicationCache.getCacheObject(this.urlMetadataCacheKey);
    }

    public void initUrlMetaData() {
        HashMap hashMap = new HashMap();
        for (Role role : this.roleService.loadAllRoles()) {
            role.setRoleMembers(this.roleService.loadRoleMemberByRoleId(role.getId()));
            role.setUrls(this.urlService.loadUrlsByRoleId(role.getId()));
            String companyId = role.getCompanyId();
            Map map = (Map) hashMap.get(companyId);
            if (map == null) {
                map = new HashMap();
                hashMap.put(companyId, map);
            }
            for (Url url : role.getUrls()) {
                String url2 = url.getUrl();
                if (StringUtils.isEmpty(url2)) {
                    url2 = url.getName();
                }
                if (!StringUtils.isEmpty(url2)) {
                    String processUrl = processUrl(url2);
                    List<ConfigAttribute> list = (List) map.get(processUrl);
                    if (list == null) {
                        list = new ArrayList();
                        map.put(processUrl, list);
                    }
                    buildConfigAttributes(role, list);
                }
            }
        }
        this.applicationCache.putCacheObject(this.urlMetadataCacheKey, hashMap);
    }

    private String getRequestPath(HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        if (httpServletRequest.getPathInfo() != null) {
            servletPath = String.valueOf(servletPath) + httpServletRequest.getPathInfo();
        }
        return servletPath;
    }

    private void buildConfigAttributes(Role role, List<ConfigAttribute> list) {
        for (RoleMember roleMember : role.getRoleMembers()) {
            SecurityConfigAttribute securityConfigAttribute = null;
            if (roleMember.getUser() != null) {
                securityConfigAttribute = new SecurityConfigAttribute(AttributeType.user, roleMember.isGranted(), role.getCompanyId());
                securityConfigAttribute.setMember(roleMember.getUser());
            }
            if (roleMember.getDept() != null) {
                securityConfigAttribute = new SecurityConfigAttribute(AttributeType.dept, roleMember.isGranted(), role.getCompanyId());
                securityConfigAttribute.setMember(roleMember.getDept());
            }
            if (roleMember.getPosition() != null) {
                securityConfigAttribute = new SecurityConfigAttribute(AttributeType.position, roleMember.isGranted(), role.getCompanyId());
                securityConfigAttribute.setMember(roleMember.getPosition());
            }
            if (roleMember.getGroup() != null) {
                securityConfigAttribute = new SecurityConfigAttribute(AttributeType.group, roleMember.isGranted(), role.getCompanyId());
                securityConfigAttribute.setMember(roleMember.getGroup());
            }
            list.add(securityConfigAttribute);
        }
    }

    private String processUrl(String str) {
        return str.trim();
    }

    public void afterPropertiesSet() throws Exception {
        initUrlMetaData();
        buildSafeUrlConfigAttributes(getApplicationContext().getBeansOfType(AnonymousUrl.class).values());
    }

    private void buildSafeUrlConfigAttributes(Collection<AnonymousUrl> collection) {
        Iterator<AnonymousUrl> it = collection.iterator();
        while (it.hasNext()) {
            this.anonymousUrlMetadata.put(it.next().getUrlPattern(), new SecurityConfig("IS_AUTHENTICATED_ANONYMOUSLY"));
        }
    }

    public void setRoleService(IRoleService iRoleService) {
        this.roleService = iRoleService;
    }

    public void setUrlService(IUrlService iUrlService) {
        this.urlService = iUrlService;
    }

    public void setApplicationCache(ApplicationCache applicationCache) {
        this.applicationCache = applicationCache;
    }

    public boolean isUseConservativeAuthorityStrategy() {
        return this.useConservativeAuthorityStrategy;
    }

    public void setUseConservativeAuthorityStrategy(boolean z) {
        this.useConservativeAuthorityStrategy = z;
    }
}
