package org.springframework.cloud.common.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.cloud.common.security.support.OnSecurityEnabledAndOAuth2Disabled;
import org.springframework.cloud.common.security.support.SecurityConfigUtils;
import org.springframework.cloud.common.security.support.SecurityStateBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.MediaType;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import org.springframework.session.ExpiringSession;
import org.springframework.session.MapSessionRepository;
import org.springframework.session.SessionRepository;
import org.springframework.session.web.http.HeaderHttpSessionStrategy;
import org.springframework.session.web.http.SessionRepositoryFilter;
import org.springframework.web.accept.ContentNegotiationStrategy;

@Configuration
@Conditional({OnSecurityEnabledAndOAuth2Disabled.class})
@EnableWebSecurity
/* loaded from: input_file:org/springframework/cloud/common/security/BasicAuthSecurityConfiguration.class */
public class BasicAuthSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private ContentNegotiationStrategy contentNegotiationStrategy;

    @Autowired
    private SecurityProperties securityProperties;

    @Autowired
    private AuthorizationProperties authorizationProperties;

    @Autowired
    private SecurityStateBean securityStateBean;

    @Bean
    public SessionRepository<ExpiringSession> sessionRepository() {
        return new MapSessionRepository();
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        MediaTypeRequestMatcher mediaTypeRequestMatcher = new MediaTypeRequestMatcher(this.contentNegotiationStrategy, new MediaType[]{MediaType.TEXT_HTML});
        BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
        basicAuthenticationEntryPoint.setRealmName(this.securityProperties.getBasic().getRealm());
        basicAuthenticationEntryPoint.afterPropertiesSet();
        this.authorizationProperties.getAuthenticatedPaths().add("/");
        this.authorizationProperties.getPermitAllPaths().add(this.authorizationProperties.getDashboardUrl());
        this.authorizationProperties.getPermitAllPaths().add(dashboard("/**"));
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry permitAll = ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeRequests().antMatchers((String[]) this.authorizationProperties.getAuthenticatedPaths().toArray(new String[0]))).authenticated().antMatchers((String[]) this.authorizationProperties.getPermitAllPaths().toArray(new String[0]))).permitAll();
        if (this.authorizationProperties.isEnabled()) {
            permitAll = SecurityConfigUtils.configureSimpleSecurity(permitAll, this.authorizationProperties);
        }
        String dashboard = dashboard(this.authorizationProperties.getLoginUrl());
        permitAll.and().formLogin().loginPage(dashboard).loginProcessingUrl(dashboard(this.authorizationProperties.getLoginProcessingUrl())).defaultSuccessUrl(dashboard("/")).permitAll().and().logout().logoutUrl(dashboard(this.authorizationProperties.getLogoutUrl())).logoutSuccessUrl(dashboard(this.authorizationProperties.getLogoutSuccessUrl())).logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()).permitAll().and().httpBasic().and().exceptionHandling().defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint(dashboard), mediaTypeRequestMatcher).defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, AnyRequestMatcher.INSTANCE);
        if (this.authorizationProperties.isEnabled()) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) permitAll.anyRequest()).denyAll();
        } else {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) permitAll.anyRequest()).authenticated();
        }
        SessionRepositoryFilter sessionRepositoryFilter = new SessionRepositoryFilter(sessionRepository());
        sessionRepositoryFilter.setHttpSessionStrategy(new HeaderHttpSessionStrategy());
        httpSecurity.addFilterBefore(sessionRepositoryFilter, ChannelProcessingFilter.class).csrf().disable();
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
        this.securityStateBean.setAuthenticationEnabled(true);
        this.securityStateBean.setAuthorizationEnabled(true);
    }

    private String dashboard(String str) {
        return this.authorizationProperties.getDashboardUrl() + str;
    }
}
