package com.centit.framework.security;

import com.centit.framework.appclient.HttpReceiveJSON;
import com.centit.framework.security.model.CentitUserDetails;
import com.centit.framework.security.model.JsonCentitUserDetails;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:BOOT-INF/classes/com/centit/framework/security/CloudFilterSecurityInterceptor.class */
public class CloudFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
    private static String AUTHORIZE_SERVICE_URL = "http://AUTHORIZE-SERVICE";
    private static CentitUserDetails anonymousUser = AnonymousUserDetails.createAnonymousUser();
    private RestTemplate restTemplate;
    private FilterInvocationSecurityMetadataSource securityMetadataSource;

    public void setRestTemplate(RestTemplate restTemplate) {
        this.restTemplate = restTemplate;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        invoke(new FilterInvocation(servletRequest, servletResponse, filterChain));
    }

    public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
        return this.securityMetadataSource;
    }

    @Override // org.springframework.security.access.intercept.AbstractSecurityInterceptor
    public Class<? extends Object> getSecureObjectClass() {
        return FilterInvocation.class;
    }

    public void invoke(FilterInvocation filterInvocation) throws IOException, ServletException {
        CentitUserDetails centitUserDetails;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        boolean z = false;
        if (authentication == null || "anonymousUser".equals(authentication.getName())) {
            String parameter = filterInvocation.getHttpRequest().getParameter("accessToken");
            if (StringUtils.isBlank(parameter)) {
                parameter = filterInvocation.getHttpRequest().getHeader("Authorization");
            }
            if (StringUtils.isNotBlank(parameter)) {
                try {
                    centitUserDetails = (CentitUserDetails) HttpReceiveJSON.valueOfJson((String) this.restTemplate.getForObject(AUTHORIZE_SERVICE_URL + "/user/" + parameter, String.class, new Object[0])).getDataAsObject(JsonCentitUserDetails.class);
                } catch (Exception e) {
                    centitUserDetails = null;
                }
                if (centitUserDetails != null) {
                    z = isAlwaysReauthenticate();
                    if (z) {
                        setAlwaysReauthenticate(false);
                    }
                    SecurityContextHolder.getContext().setAuthentication(centitUserDetails);
                } else if (authentication == null) {
                    z = isAlwaysReauthenticate();
                    if (z) {
                        setAlwaysReauthenticate(false);
                    }
                    SecurityContextHolder.getContext().setAuthentication(anonymousUser);
                }
            }
        }
        InterceptorStatusToken beforeInvocation = super.beforeInvocation(filterInvocation);
        try {
            filterInvocation.getChain().doFilter(filterInvocation.getRequest(), filterInvocation.getResponse());
            super.afterInvocation(beforeInvocation, null);
            if (z) {
                setAlwaysReauthenticate(true);
            }
        } catch (Throwable th) {
            super.afterInvocation(beforeInvocation, null);
            throw th;
        }
    }

    @Override // org.springframework.security.access.intercept.AbstractSecurityInterceptor
    public SecurityMetadataSource obtainSecurityMetadataSource() {
        return this.securityMetadataSource;
    }

    public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource) {
        this.securityMetadataSource = filterInvocationSecurityMetadataSource;
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }
}
