package org.springframework.security.web.session;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:WEB-INF/lib/spring-security-web-4.1.3.RELEASE.jar:org/springframework/security/web/session/ConcurrentSessionFilter.class */
public class ConcurrentSessionFilter extends GenericFilterBean {
    private SessionRegistry sessionRegistry;
    private String expiredUrl;
    private LogoutHandler[] handlers;
    private RedirectStrategy redirectStrategy;

    public ConcurrentSessionFilter(SessionRegistry sessionRegistry) {
        this.handlers = new LogoutHandler[]{new SecurityContextLogoutHandler()};
        this.redirectStrategy = new DefaultRedirectStrategy();
        Assert.notNull(sessionRegistry, "SessionRegistry required");
        this.sessionRegistry = sessionRegistry;
    }

    public ConcurrentSessionFilter(SessionRegistry sessionRegistry, String str) {
        this.handlers = new LogoutHandler[]{new SecurityContextLogoutHandler()};
        this.redirectStrategy = new DefaultRedirectStrategy();
        Assert.notNull(sessionRegistry, "SessionRegistry required");
        Assert.isTrue(str == null || UrlUtils.isValidRedirectUrl(str), str + " isn't a valid redirect URL");
        this.sessionRegistry = sessionRegistry;
        this.expiredUrl = str;
    }

    @Override // org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        Assert.notNull(this.sessionRegistry, "SessionRegistry required");
        Assert.isTrue(this.expiredUrl == null || UrlUtils.isValidRedirectUrl(this.expiredUrl), this.expiredUrl + " isn't a valid redirect URL");
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        SessionInformation sessionInformation;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null && (sessionInformation = this.sessionRegistry.getSessionInformation(session.getId())) != null) {
            if (sessionInformation.isExpired()) {
                doLogout(httpServletRequest, httpServletResponse);
                String determineExpiredUrl = determineExpiredUrl(httpServletRequest, sessionInformation);
                if (determineExpiredUrl != null) {
                    this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, determineExpiredUrl);
                    return;
                } else {
                    httpServletResponse.getWriter().print("This session has been expired (possibly due to multiple concurrent logins being attempted as the same user).");
                    httpServletResponse.flushBuffer();
                    return;
                }
            }
            this.sessionRegistry.refreshLastRequest(sessionInformation.getSessionId());
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    protected String determineExpiredUrl(HttpServletRequest httpServletRequest, SessionInformation sessionInformation) {
        return this.expiredUrl;
    }

    private void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        for (LogoutHandler logoutHandler : this.handlers) {
            logoutHandler.logout(httpServletRequest, httpServletResponse, authentication);
        }
    }

    public void setLogoutHandlers(LogoutHandler[] logoutHandlerArr) {
        Assert.notNull(logoutHandlerArr);
        this.handlers = logoutHandlerArr;
    }

    public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
        this.redirectStrategy = redirectStrategy;
    }
}
