package cern.c2mon.web.ui.config;

import cern.c2mon.client.common.service.SessionService;
import cern.c2mon.web.ui.controller.ConfigLoaderController;
import cern.c2mon.web.ui.security.DefaultAccessDecisionManager;
import cern.c2mon.web.ui.security.DefaultAuthenticationProvider;
import cern.c2mon.web.ui.security.RbacAuthenticationProvider;
import cern.c2mon.web.ui.security.RbacDecisionManager;
import java.util.HashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;

@EnableConfigurationProperties({C2monWebUIProperties.class})
@EnableWebSecurity
@Configuration
/* loaded from: input_file:WEB-INF/classes/cern/c2mon/web/ui/config/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) WebSecurityConfig.class);

    @Autowired
    private Environment environment;

    @Autowired
    private C2monWebUIProperties properties;

    @Autowired
    private ApplicationContext appContext;

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers("/static/**").antMatchers("/css/**").antMatchers("/js/**").antMatchers("/img/**");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        if (!this.properties.isSecurityEnabled() || !this.environment.containsProperty("c2mon.web.rbac.admin")) {
            ((HttpSecurity) httpSecurity.authorizeRequests().anyRequest().permitAll().and()).csrf().disable();
        } else {
            httpSecurity.authenticationProvider(authenticationProvider());
            ((HttpSecurity) ((HttpSecurity) httpSecurity.authorizeRequests().accessDecisionManager(accessDecisionManager()).antMatchers(ConfigLoaderController.CONFIG_LOADER_PROGRESS_REPORT_URL, "/process/**", "/commandviewer/**").hasRole("ADMIN").anyRequest().anonymous().and()).formLogin().loginPage(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL).loginProcessingUrl(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL).failureUrl("/login?error=true").permitAll().and()).csrf().disable();
        }
    }

    @Bean
    public AccessDecisionManager accessDecisionManager() {
        if (!this.properties.isSecurityEnabled() || sessionService() == null) {
            log.info("Using DefaultAccessDecisionManager");
            return new DefaultAccessDecisionManager();
        }
        HashMap hashMap = new HashMap();
        hashMap.put("configloader/progress", this.environment.getProperty("c2mon.web.rbac.admin"));
        hashMap.put("process", this.environment.getProperty("c2mon.web.rbac.user"));
        hashMap.put("commandviewer", this.environment.getProperty("c2mon.web.rbac.user"));
        log.info("Using RbacDecisionManager");
        return new RbacDecisionManager(sessionService(), hashMap);
    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        if (!this.properties.isSecurityEnabled() || sessionService() == null) {
            log.info("Using DefaultAuthenticationProvider");
            return new DefaultAuthenticationProvider();
        }
        log.info("Using RbacAuthenticationProvider");
        return new RbacAuthenticationProvider(sessionService());
    }

    private SessionService sessionService() {
        try {
            return (SessionService) this.appContext.getBean(SessionService.class);
        } catch (NoSuchBeanDefinitionException e) {
            log.debug("No SessionService registered");
            return null;
        }
    }
}
