package com.centit.framework.servergateway;

import com.centit.framework.security.CloudFilterSecurityInterceptor;
import com.centit.framework.security.DaoAccessDecisionManager;
import com.centit.framework.security.DaoInvocationSecurityMetadataSource;
import javax.servlet.Filter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.web.client.RestTemplate;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:BOOT-INF/classes/com/centit/framework/servergateway/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    RestTemplate restTemplate;

    @Autowired
    protected CsrfTokenRepository csrfTokenRepository;

    @Value("${access.resource.must.be.audited:false}")
    boolean accessResourceMustBeAudited;

    @Value("${http.csrf.enable:false}")
    boolean httpCsrfEnable;

    protected CloudFilterSecurityInterceptor createCentitPowerFilter(DaoAccessDecisionManager daoAccessDecisionManager, DaoInvocationSecurityMetadataSource daoInvocationSecurityMetadataSource) {
        CloudFilterSecurityInterceptor cloudFilterSecurityInterceptor = new CloudFilterSecurityInterceptor();
        cloudFilterSecurityInterceptor.setRestTemplate(this.restTemplate);
        cloudFilterSecurityInterceptor.setAccessDecisionManager(daoAccessDecisionManager);
        cloudFilterSecurityInterceptor.setSecurityMetadataSource(daoInvocationSecurityMetadataSource);
        return cloudFilterSecurityInterceptor;
    }

    protected DaoAccessDecisionManager createCentitAccessDecisionManager() {
        return new DaoAccessDecisionManager();
    }

    protected DaoInvocationSecurityMetadataSource createCentitSecurityMetadataSource() {
        return new DaoInvocationSecurityMetadataSource();
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        if (this.httpCsrfEnable) {
            httpSecurity.csrf().csrfTokenRepository(this.csrfTokenRepository);
        } else {
            httpSecurity.csrf().disable();
        }
        httpSecurity.addFilterBefore((Filter) createCentitPowerFilter(createCentitAccessDecisionManager(), createCentitSecurityMetadataSource()), FilterSecurityInterceptor.class);
    }
}
