package io.gravitee.am.management.handlers.management.api.spring.security.filter;

import io.gravitee.am.management.handlers.management.api.authentication.web.WebAuthenticationDetails;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration
/* loaded from: input_file:io/gravitee/am/management/handlers/management/api/spring/security/filter/TokenSecurityConfiguration.class */
public class TokenSecurityConfiguration {
    private static final String REALM_NAME = "Gravitee.io AM Management API";

    @Bean
    @Order(101)
    public SecurityFilterChain tokenSecurityFilterChain(HttpSecurity httpSecurity, AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> authenticationDetailsSource) throws Exception {
        AntPathRequestMatcher antMatcher = AntPathRequestMatcher.antMatcher("/auth/token");
        httpSecurity.securityMatcher(antMatcher).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new RequestMatcher[]{antMatcher})).authenticated();
        }).httpBasic(httpBasicConfigurer -> {
            httpBasicConfigurer.realmName(REALM_NAME).authenticationDetailsSource(authenticationDetailsSource);
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        });
        return (SecurityFilterChain) httpSecurity.build();
    }
}
