package org.springframework.security.config;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.BeanFactoryAware;
import org.springframework.beans.factory.ListableBeanFactory;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.core.OrderComparator;
import org.springframework.core.Ordered;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.config.ConfigUtils;
import org.springframework.security.config.OrderedFilterBeanDefinitionDecorator;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AnonymousProcessingFilter;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.session.SessionFixationProtectionFilter;
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;

/* loaded from: input_file:org/springframework/security/config/FilterChainProxyPostProcessor.class */
public class FilterChainProxyPostProcessor implements BeanPostProcessor, BeanFactoryAware {
    private Log logger = LogFactory.getLog(getClass());
    private ListableBeanFactory beanFactory;

    public Object postProcessBeforeInitialization(Object obj, String str) throws BeansException {
        if (!BeanIds.FILTER_CHAIN_PROXY.equals(str)) {
            return obj;
        }
        FilterChainProxy filterChainProxy = (FilterChainProxy) obj;
        ArrayList arrayList = new ArrayList(((ConfigUtils.FilterChainList) this.beanFactory.getBean("_filterChainList")).getFilters());
        Collections.sort(arrayList, new OrderComparator());
        this.logger.info("Checking sorted filter chain: " + arrayList);
        for (int i = 0; i < arrayList.size(); i++) {
            Ordered ordered = (Ordered) arrayList.get(i);
            if (i > 0) {
                Ordered ordered2 = (Ordered) arrayList.get(i - 1);
                if (ordered.getOrder() == ordered2.getOrder()) {
                    throw new SecurityConfigurationException("Filters '" + unwrapFilter(ordered) + "' and '" + unwrapFilter(ordered2) + "' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>.");
                }
            }
        }
        this.logger.info("Filter chain...");
        for (int i2 = 0; i2 < arrayList.size(); i2++) {
            Filter unwrapFilter = unwrapFilter(arrayList.get(i2));
            this.logger.info("[" + i2 + "] - " + unwrapFilter);
            arrayList.set(i2, unwrapFilter);
        }
        checkFilterStack(arrayList);
        Map filterChainMap = filterChainProxy.getFilterChainMap();
        filterChainMap.put(filterChainProxy.getMatcher().getUniversalMatchPattern(), arrayList);
        filterChainProxy.setFilterChainMap(filterChainMap);
        checkLoginPageIsntProtected(filterChainProxy);
        this.logger.info("FilterChainProxy: " + filterChainProxy);
        return obj;
    }

    private void checkFilterStack(List<Filter> list) {
        checkForDuplicates(SecurityContextPersistenceFilter.class, list);
        checkForDuplicates(UsernamePasswordAuthenticationProcessingFilter.class, list);
        checkForDuplicates(SessionFixationProtectionFilter.class, list);
        checkForDuplicates(BasicProcessingFilter.class, list);
        checkForDuplicates(SecurityContextHolderAwareRequestFilter.class, list);
        checkForDuplicates(ExceptionTranslationFilter.class, list);
        checkForDuplicates(FilterSecurityInterceptor.class, list);
    }

    private void checkForDuplicates(Class<? extends Filter> cls, List<Filter> list) {
        for (int i = 0; i < list.size(); i++) {
            if (cls.isAssignableFrom(list.get(i).getClass())) {
                for (int i2 = i + 1; i2 < list.size(); i2++) {
                    if (cls.isAssignableFrom(list.get(i2).getClass())) {
                        this.logger.warn("Possible error: Filters at position " + i + " and " + i2 + " are both instances of " + cls.getName());
                        return;
                    }
                }
            }
        }
    }

    private void checkLoginPageIsntProtected(FilterChainProxy filterChainProxy) {
        ExceptionTranslationFilter exceptionTranslationFilter = (ExceptionTranslationFilter) this.beanFactory.getBean(BeanIds.EXCEPTION_TRANSLATION_FILTER);
        if (exceptionTranslationFilter.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint) {
            String loginFormUrl = exceptionTranslationFilter.getAuthenticationEntryPoint().getLoginFormUrl();
            List filters = filterChainProxy.getFilters(loginFormUrl);
            this.logger.info("Checking whether login URL '" + loginFormUrl + "' is accessible with your configuration");
            if (filters == null || filters.isEmpty()) {
                this.logger.debug("Filter chain is empty for the login page");
                return;
            }
            if (loginFormUrl.equals("/spring_security_login") && this.beanFactory.containsBean(BeanIds.DEFAULT_LOGIN_PAGE_GENERATING_FILTER)) {
                this.logger.debug("Default generated login page is in use");
                return;
            }
            FilterSecurityInterceptor filterSecurityInterceptor = (FilterSecurityInterceptor) this.beanFactory.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR);
            DefaultFilterInvocationSecurityMetadataSource securityMetadataSource = filterSecurityInterceptor.getSecurityMetadataSource();
            if (securityMetadataSource.lookupAttributes(loginFormUrl, "POST") == null) {
                this.logger.debug("No access attributes defined for login page URL");
                if (filterSecurityInterceptor.isRejectPublicInvocations()) {
                    this.logger.warn("FilterSecurityInterceptor is configured to reject public invocations. Your login page may not be accessible.");
                    return;
                }
                return;
            }
            if (!this.beanFactory.containsBean(BeanIds.ANONYMOUS_PROCESSING_FILTER)) {
                this.logger.warn("The login page is being protected by the filter chain, but you don't appear to have anonymous authentication enabled. This is almost certainly an error.");
                return;
            }
            AnonymousProcessingFilter anonymousProcessingFilter = (AnonymousProcessingFilter) this.beanFactory.getBean(BeanIds.ANONYMOUS_PROCESSING_FILTER);
            try {
                filterSecurityInterceptor.getAccessDecisionManager().decide(new AnonymousAuthenticationToken("key", anonymousProcessingFilter.getUserAttribute().getPassword(), anonymousProcessingFilter.getUserAttribute().getAuthorities()), new Object(), securityMetadataSource.lookupAttributes(loginFormUrl, "POST"));
            } catch (Exception e) {
                this.logger.warn("Anonymous access to the login page doesn't appear to be enabled. This is almost certainly an error. Please check your configuration allows unauthenticated access to the configured login page. (Simulated access was rejected: " + e + ")");
            }
        }
    }

    private Filter unwrapFilter(Object obj) {
        return obj instanceof OrderedFilterBeanDefinitionDecorator.OrderedFilterDecorator ? ((OrderedFilterBeanDefinitionDecorator.OrderedFilterDecorator) obj).getDelegate() : (Filter) obj;
    }

    public Object postProcessAfterInitialization(Object obj, String str) throws BeansException {
        return obj;
    }

    public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
        this.beanFactory = (ListableBeanFactory) beanFactory;
    }
}
