package org.cloudfoundry.multiapps.controller.web.configuration;

import com.sap.cloudfoundry.client.facade.oauth2.TokenFactory;
import javax.inject.Inject;
import javax.servlet.Filter;
import org.cloudfoundry.multiapps.controller.PackageMarker;
import org.cloudfoundry.multiapps.controller.web.security.AuthorizationLoaderFilter;
import org.cloudfoundry.multiapps.controller.web.security.CompositeUriAuthorizationFilter;
import org.cloudfoundry.multiapps.controller.web.security.CsrfHeadersFilter;
import org.cloudfoundry.multiapps.controller.web.security.ExceptionHandlerFilter;
import org.cloudfoundry.multiapps.controller.web.security.RequestSizeFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.switchuser.SwitchUserFilter;
import org.springframework.security.web.csrf.CsrfFilter;

@EnableWebSecurity
@ComponentScan(basePackageClasses = {PackageMarker.class})
/* loaded from: input_file:WEB-INF/classes/org/cloudfoundry/multiapps/controller/web/configuration/SecurityConfiguration.class */
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private final AuthorizationLoaderFilter authorizationLoaderFilter;
    private final CompositeUriAuthorizationFilter compositeUriAuthorizationFilter;
    private final RequestSizeFilter requestSizeFilter;
    private final CsrfHeadersFilter csrfHeadersFilter;
    private final ExceptionHandlerFilter exceptionHandlerFilter;

    @Inject
    public SecurityConfiguration(AuthorizationLoaderFilter authorizationLoaderFilter, CompositeUriAuthorizationFilter compositeUriAuthorizationFilter, RequestSizeFilter requestSizeFilter, CsrfHeadersFilter csrfHeadersFilter, ExceptionHandlerFilter exceptionHandlerFilter) {
        this.authorizationLoaderFilter = authorizationLoaderFilter;
        this.compositeUriAuthorizationFilter = compositeUriAuthorizationFilter;
        this.requestSizeFilter = requestSizeFilter;
        this.csrfHeadersFilter = csrfHeadersFilter;
        this.exceptionHandlerFilter = exceptionHandlerFilter;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((HttpSecurity) ((HttpSecurity) httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and()).authorizeRequests().antMatchers(HttpMethod.GET, "/**").hasAnyAuthority(TokenFactory.SCOPE_CC_READ, TokenFactory.SCOPE_CC_ADMIN).antMatchers(HttpMethod.POST, "/**").hasAnyAuthority(TokenFactory.SCOPE_CC_WRITE, TokenFactory.SCOPE_CC_ADMIN).antMatchers(HttpMethod.PUT, "/**").hasAnyAuthority(TokenFactory.SCOPE_CC_WRITE, TokenFactory.SCOPE_CC_ADMIN).antMatchers(HttpMethod.DELETE, "/**").hasAnyAuthority(TokenFactory.SCOPE_CC_WRITE, TokenFactory.SCOPE_CC_ADMIN).and()).addFilterBefore((Filter) this.authorizationLoaderFilter, AbstractPreAuthenticatedProcessingFilter.class).addFilterBefore((Filter) this.exceptionHandlerFilter, AuthorizationLoaderFilter.class).addFilterAfter((Filter) this.requestSizeFilter, AuthorizationLoaderFilter.class).addFilterAfter((Filter) this.csrfHeadersFilter, CsrfFilter.class).addFilterAfter((Filter) this.compositeUriAuthorizationFilter, SwitchUserFilter.class).exceptionHandling().accessDeniedHandler(accessDeniedHandler());
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(WebSecurity webSecurity) {
        webSecurity.ignoring().antMatchers("/public/**");
    }

    @Bean
    public AccessDeniedHandler accessDeniedHandler() {
        return new CsrfAccessDeniedHandler();
    }
}
