package io.camunda.webapps.controllers;

import io.camunda.webapps.WebappsModuleConfiguration;
import io.camunda.webapps.util.HttpUtils;
import jakarta.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/camunda/webapps/controllers/WebappsRequestForwardManager.class */
public class WebappsRequestForwardManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(WebappsRequestForwardManager.class);
    private static final String LOGIN_RESOURCE = "/api/login";

    @Autowired
    private WebappsModuleConfiguration.WebappsProperties webappsProperties;

    public String forward(HttpServletRequest httpServletRequest, String str) {
        return (this.webappsProperties.loginDelegated() && isNotLoggedIn()) ? saveRequestAndRedirectToLogin(httpServletRequest) : "forward:/" + str;
    }

    private String saveRequestAndRedirectToLogin(HttpServletRequest httpServletRequest) {
        httpServletRequest.getSession(true).setAttribute("requestedUrl", HttpUtils.getRequestedUrl(httpServletRequest));
        LOGGER.warn("Requested path {}, but not authenticated. Redirect to  {} ", httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()), LOGIN_RESOURCE);
        return "forward:/api/login";
    }

    private boolean isNotLoggedIn() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return (authentication instanceof AnonymousAuthenticationToken) || !authentication.isAuthenticated();
    }
}
