package org.jasig.cas.web.support;

import javassist.compiler.TokenId;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.Min;
import javax.validation.constraints.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.support.WebContentGenerator;
import org.springframework.webflow.execution.RequestContext;
import org.springframework.webflow.expression.el.RequestContextELResolver;

/* loaded from: input_file:WEB-INF/lib/cas-server-webapp-support-4.0.0.jar:org/jasig/cas/web/support/AbstractThrottledSubmissionHandlerInterceptorAdapter.class */
public abstract class AbstractThrottledSubmissionHandlerInterceptorAdapter extends HandlerInterceptorAdapter implements InitializingBean {
    private static final int DEFAULT_FAILURE_THRESHOLD = 100;
    private static final int DEFAULT_FAILURE_RANGE_IN_SECONDS = 60;
    private static final String DEFAULT_USERNAME_PARAMETER = "username";
    private static final String SUCCESSFUL_AUTHENTICATION_EVENT = "success";
    protected final Logger logger = LoggerFactory.getLogger(getClass());

    @Min(0)
    private int failureThreshold = 100;

    @Min(0)
    private int failureRangeInSeconds = 60;

    @NotNull
    private String usernameParameter = "username";
    private double thresholdRate;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        this.thresholdRate = this.failureThreshold / this.failureRangeInSeconds;
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public final boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!WebContentGenerator.METHOD_POST.equals(httpServletRequest.getMethod()) || !exceedsThreshold(httpServletRequest)) {
            return true;
        }
        recordThrottle(httpServletRequest);
        httpServletResponse.sendError(TokenId.LongConstant, "Access Denied for user [" + httpServletRequest.getParameter(this.usernameParameter) + " from IP Address [" + httpServletRequest.getRemoteAddr() + "]");
        return false;
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public final void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
        RequestContext requestContext;
        if (!WebContentGenerator.METHOD_POST.equals(httpServletRequest.getMethod()) || (requestContext = (RequestContext) httpServletRequest.getAttribute(RequestContextELResolver.REQUEST_CONTEXT_VARIABLE_NAME)) == null || requestContext.getCurrentEvent() == null || "success".equals(requestContext.getCurrentEvent().getId())) {
            return;
        }
        recordSubmissionFailure(httpServletRequest);
    }

    public final void setFailureThreshold(int i) {
        this.failureThreshold = i;
    }

    public final void setFailureRangeInSeconds(int i) {
        this.failureRangeInSeconds = i;
    }

    public final void setUsernameParameter(String str) {
        this.usernameParameter = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public double getThresholdRate() {
        return this.thresholdRate;
    }

    protected int getFailureThreshold() {
        return this.failureThreshold;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getFailureRangeInSeconds() {
        return this.failureRangeInSeconds;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUsernameParameter() {
        return this.usernameParameter;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void recordThrottle(HttpServletRequest httpServletRequest) {
        this.logger.warn("Throttling submission from {}.  More than {} failed login attempts within {} seconds.", httpServletRequest.getRemoteAddr(), Integer.valueOf(this.failureThreshold), Integer.valueOf(this.failureRangeInSeconds));
    }

    protected abstract void recordSubmissionFailure(HttpServletRequest httpServletRequest);

    protected abstract boolean exceedsThreshold(HttpServletRequest httpServletRequest);
}
