package com.centit.framework.security;

import java.util.Collection;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.FilterInvocation;

/* loaded from: input_file:WEB-INF/lib/framework-security-4.5.1901.jar:com/centit/framework/security/DaoAccessDecisionManager.class */
public class DaoAccessDecisionManager implements AccessDecisionManager {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) DaoAccessDecisionManager.class);

    @Override // org.springframework.security.access.AccessDecisionManager
    public void decide(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
        if (collection.contains(new SecurityConfig(SecurityContextUtils.FORBIDDEN_ROLE_CODE))) {
            logger.error("资源被禁止访问");
            throw new AccessDeniedException("资源被禁止访问");
        }
        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
        if (authorities != null) {
            Iterator<? extends GrantedAuthority> it = authorities.iterator();
            Iterator<ConfigAttribute> it2 = collection.iterator();
            String attribute = it2.next().getAttribute();
            String authority = it.next().getAuthority();
            while (true) {
                int compareTo = attribute.compareTo(authority);
                if (compareTo == 0) {
                    return;
                }
                if (compareTo < 0) {
                    if (!it2.hasNext()) {
                        break;
                    } else {
                        attribute = it2.next().getAttribute();
                    }
                } else if (!it.hasNext()) {
                    break;
                } else {
                    authority = it.next().getAuthority();
                }
            }
        }
        FilterInvocation filterInvocation = (FilterInvocation) obj;
        String requestUrl = filterInvocation.getRequestUrl();
        StringBuilder sb = new StringBuilder();
        Iterator<ConfigAttribute> it3 = collection.iterator();
        while (it3.hasNext()) {
            sb.append(it3.next().getAttribute().substring(2)).append(" ");
        }
        String str = "无权限访问资源:" + requestUrl + ",需要角色 " + ((Object) sb) + "中的一个。";
        filterInvocation.getRequest().setAttribute("CENTIT_SYSTEM_ERROR_MSG", str);
        logger.error(str);
        throw new AccessDeniedException(str);
    }

    @Override // org.springframework.security.access.AccessDecisionManager
    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    @Override // org.springframework.security.access.AccessDecisionManager
    public boolean supports(Class<?> cls) {
        return true;
    }
}
