package com.stormpath.spring.filter;

import com.stormpath.sdk.account.Account;
import com.stormpath.sdk.servlet.account.AccountResolver;
import com.stormpath.sdk.servlet.filter.HttpFilter;
import com.stormpath.spring.security.token.ProviderAuthenticationToken;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.Assert;

/* loaded from: input_file:com/stormpath/spring/filter/SpringSecurityResolvedAccountFilter.class */
public class SpringSecurityResolvedAccountFilter extends HttpFilter implements InitializingBean {

    @Autowired
    private AuthenticationProvider authenticationProvider;
    private AccountResolver accountResolver = AccountResolver.INSTANCE;

    protected void filter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws Exception {
        boolean z;
        Account account = this.accountResolver.getAccount(httpServletRequest);
        if (account != null) {
            if (SecurityContextHolder.getContext().getAuthentication() == null || !(SecurityContextHolder.getContext().getAuthentication().getPrincipal() instanceof String)) {
                z = true;
            } else {
                z = !((String) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).equals(account.getHref());
            }
            if (z) {
                Authentication authenticate = this.authenticationProvider.authenticate(new ProviderAuthenticationToken(account));
                SecurityContextHolder.clearContext();
                SecurityContextHolder.getContext().setAuthentication(authenticate);
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public void afterPropertiesSet() throws Exception {
        Assert.state(this.authenticationProvider != null, "AuthenticationProvider is required");
    }
}
