package org.cloudfoundry.multiapps.controller.web.security;

import java.io.IOException;
import javax.inject.Named;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.cloudfoundry.multiapps.controller.web.Constants;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.web.filter.OncePerRequestFilter;

@Named("csrfHeadersFilter")
/* loaded from: input_file:WEB-INF/classes/org/cloudfoundry/multiapps/controller/web/security/CsrfHeadersFilter.class */
public class CsrfHeadersFilter extends OncePerRequestFilter {
    private static final String SPRING_SECURITY_CSRF_SESSION_ATTRIBUTE = "_csrf";

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        filterChain.doFilter(httpServletRequest, httpServletResponse);
        CsrfToken csrfToken = (CsrfToken) httpServletRequest.getAttribute("_csrf");
        if (csrfToken == null || httpServletResponse.isCommitted()) {
            return;
        }
        httpServletResponse.setHeader(Constants.CSRF_HEADER_NAME, csrfToken.getHeaderName());
        httpServletResponse.setHeader(Constants.CSRF_PARAM_NAME, csrfToken.getParameterName());
        httpServletResponse.setHeader("X-CSRF-TOKEN", csrfToken.getToken());
    }
}
