package org.molgenis.compute.db;

import java.util.ArrayList;
import java.util.List;
import javax.servlet.Filter;
import org.apache.log4j.Logger;
import org.molgenis.compute.db.controller.HomeController;
import org.molgenis.omx.controller.DataSetsIndexerStatusController;
import org.molgenis.security.MolgenisWebAppSecurityConfig;
import org.molgenis.security.core.utils.SecurityUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.web.access.expression.WebExpressionVoter;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:WEB-INF/classes/org/molgenis/compute/db/WebAppSecurityConfig.class */
public class WebAppSecurityConfig extends MolgenisWebAppSecurityConfig {
    private static final Logger logger = Logger.getLogger(WebAppSecurityConfig.class);

    @Autowired
    private RoleVoter roleVoter;

    @Override // org.molgenis.security.MolgenisWebAppSecurityConfig
    protected void configureUrlAuthorization(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new WebExpressionVoter());
        arrayList.add(new MolgenisAccessDecisionVoter());
        expressionInterceptUrlRegistry.accessDecisionManager(new AffirmativeBased(arrayList));
        expressionInterceptUrlRegistry.antMatchers("/").permitAll();
    }

    @Override // org.molgenis.security.MolgenisWebAppSecurityConfig
    protected List<GrantedAuthority> createAnonymousUserAuthorities() {
        return AuthorityUtils.createAuthorityList(SecurityUtils.getPluginReadAuthority(HomeController.ID));
    }

    @Override // org.molgenis.security.MolgenisWebAppSecurityConfig
    public RoleHierarchy roleHierarchy() {
        RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
        roleHierarchyImpl.setHierarchy("");
        return roleHierarchyImpl;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.molgenis.security.MolgenisWebAppSecurityConfig, org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.addFilterBefore((Filter) anonymousAuthFilter(), AnonymousAuthenticationFilter.class);
        httpSecurity.addFilter((Filter) basicAuthenticationFilter());
        httpSecurity.addFilter((Filter) anonymousAuthFilter());
        httpSecurity.authenticationProvider((AuthenticationProvider) anonymousAuthenticationProvider());
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests = httpSecurity.authorizeRequests();
        configureUrlAuthorization(authorizeRequests);
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) authorizeRequests.antMatchers("/login").permitAll().antMatchers("/account/**").permitAll().antMatchers("/css/**").permitAll().antMatchers("/img/**").permitAll().antMatchers("/js/**").permitAll().antMatchers("/html/**").permitAll().antMatchers("/plugin/void/**").permitAll().antMatchers("/api/**").permitAll().antMatchers("/search").permitAll().antMatchers("/captcha").permitAll().antMatchers(DataSetsIndexerStatusController.URI).authenticated().anyRequest().denyAll().and()).formLogin().loginPage("/login").failureUrl("/login?error").and()).logout().logoutSuccessUrl("/").and()).csrf().disable();
    }

    @Bean
    public BasicAuthenticationFilter basicAuthenticationFilter() throws Exception {
        BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
        basicAuthenticationEntryPoint.setRealmName("computedb-api");
        return new BasicAuthenticationFilter(authenticationManager(), basicAuthenticationEntryPoint);
    }
}
