package com.github.apetrelli.gwtintegration.spring.security;

import com.github.apetrelli.gwtintegration.requestfactory.server.RequestFactoryServlet;
import com.github.apetrelli.gwtintegration.spring.context.server.requestfactory.CustomServiceLayerDecorator;
import com.google.web.bindery.requestfactory.server.ExceptionHandler;
import com.google.web.bindery.requestfactory.server.ServiceLayerDecorator;
import com.google.web.bindery.requestfactory.server.SimpleRequestProcessor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;

/* loaded from: input_file:com/github/apetrelli/gwtintegration/spring/security/SecureRequestFactoryServlet.class */
public class SecureRequestFactoryServlet extends RequestFactoryServlet {
    private static final long serialVersionUID = 1;
    private SessionAuthenticationStrategy strategy;
    private AuthenticationTrustResolver authenticationTrustResolver;

    public SecureRequestFactoryServlet() {
        this(new SpringSecurityLoggingExceptionHandler(), new CustomServiceLayerDecorator());
    }

    public SecureRequestFactoryServlet(ExceptionHandler exceptionHandler, ServiceLayerDecorator... serviceLayerDecoratorArr) {
        super(exceptionHandler, serviceLayerDecoratorArr);
        this.strategy = new SessionFixationProtectionStrategy();
        this.authenticationTrustResolver = new AuthenticationTrustResolverImpl();
    }

    protected String process(SimpleRequestProcessor simpleRequestProcessor, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        Authentication authentication;
        Authentication authentication2 = SecurityContextHolder.getContext().getAuthentication();
        boolean z = (authentication2 == null || this.authenticationTrustResolver.isAnonymous(authentication2)) ? false : true;
        String process = simpleRequestProcessor.process(str);
        if (!z && (authentication = SecurityContextHolder.getContext().getAuthentication()) != null && !this.authenticationTrustResolver.isAnonymous(authentication)) {
            this.strategy.onAuthentication(authentication, httpServletRequest, httpServletResponse);
        }
        return process;
    }
}
