package com.centit.framework.servergateway;

import com.centit.framework.config.SecureIgnoreProperties;
import com.centit.framework.config.SecurityProperties;
import com.centit.framework.securityflux.RBACServiceWebFlux;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint;
import org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache;

@EnableConfigurationProperties({SecurityProperties.class})
@Configuration
@EnableWebFluxSecurity
@ConditionalOnProperty(prefix = "security.login.cas", name = {"enabled"})
/* loaded from: input_file:BOOT-INF/classes/com/centit/framework/servergateway/WebSecurityOAuth2Config.class */
public class WebSecurityOAuth2Config extends WebSecurityBaseConfig {

    @Autowired
    private RBACServiceWebFlux rbacServiceWebFlux;

    @Autowired
    private SecureIgnoreProperties secureIgnoreProperties;

    @Autowired
    private WebSessionServerRequestCache webSessionServerRequestCache;
    private static final String[] excludedAuthPages = {"/frame/login", "/frame/currentuser", "/frame/callback", "/frame/logout", "/cas/oauth2.0/authorize", "/cas/oauth2.0/accessToken", "/cas/oauth2.0/profile", "/cas/**"};

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity serverHttpSecurity) {
        new RedirectServerAuthenticationEntryPoint("/frame/login").setRequestCache(this.webSessionServerRequestCache);
        serverHttpSecurity.authorizeExchange().pathMatchers(excludedAuthPages).permitAll().pathMatchers(HttpMethod.OPTIONS).permitAll().and().authorizeExchange().pathMatchers("/**").access(this.rbacServiceWebFlux).anyExchange().authenticated().and().httpBasic().and().formLogin().loginPage("/frame/login").and().csrf().disable().logout().logoutUrl("/frame/logout");
        return serverHttpSecurity.build();
    }
}
