package org.springframework.cloud.skipper.server.config.security;

import javax.servlet.Filter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.common.security.AuthorizationProperties;
import org.springframework.cloud.common.security.OAuthSecurityConfiguration;
import org.springframework.cloud.common.security.support.OnOAuth2SecurityEnabled;
import org.springframework.cloud.common.security.support.SecurityConfigUtils;
import org.springframework.cloud.common.security.support.SecurityStateBean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration(proxyBeanMethods = false)
@Conditional({OnOAuth2SecurityEnabled.class})
/* loaded from: input_file:BOOT-INF/lib/spring-cloud-skipper-server-core-2.11.3.jar:org/springframework/cloud/skipper/server/config/security/SkipperOAuthSecurityConfiguration.class */
public class SkipperOAuthSecurityConfiguration extends OAuthSecurityConfiguration {

    @Autowired
    private SecurityStateBean securityStateBean;

    @Autowired
    private AuthorizationProperties authorizationProperties;

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.cloud.common.security.OAuthSecurityConfiguration, org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
        basicAuthenticationEntryPoint.setRealmName(SecurityConfigUtils.BASIC_AUTH_REALM_NAME);
        basicAuthenticationEntryPoint.afterPropertiesSet();
        if (this.opaqueTokenIntrospector != null) {
            httpSecurity.addFilter((Filter) new BasicAuthenticationFilter(getProviderManager(), basicAuthenticationEntryPoint));
        }
        getAuthorizationProperties().getAuthenticatedPaths().add(dashboard(getAuthorizationProperties(), "/**"));
        getAuthorizationProperties().getAuthenticatedPaths().add(dashboard(getAuthorizationProperties(), ""));
        SecurityConfigUtils.configureSimpleSecurity(httpSecurity.authorizeRequests().antMatchers((String[]) getAuthorizationProperties().getPermitAllPaths().toArray(new String[0])).permitAll().antMatchers((String[]) getAuthorizationProperties().getAuthenticatedPaths().toArray(new String[0])).authenticated(), getAuthorizationProperties()).anyRequest().denyAll();
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.httpBasic().and()).logout().logoutSuccessUrl(dashboard(getAuthorizationProperties(), "/logout-success-oauth.html")).and()).csrf().disable()).exceptionHandling().defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/api/**")).defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/actuator/**"));
        if (getOpaqueTokenIntrospector() != null) {
            httpSecurity.oauth2ResourceServer().opaqueToken().introspector(getOpaqueTokenIntrospector());
        } else if (getoAuth2ResourceServerProperties().getJwt().getJwkSetUri() != null) {
            httpSecurity.oauth2ResourceServer().jwt().jwtAuthenticationConverter(grantedAuthoritiesExtractor());
        }
        getSecurityStateBean().setAuthenticationEnabled(true);
    }
}
