package org.graylog2.security;

import java.io.IOException;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.SecurityContext;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.LockedAccountException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/security/ShiroAuthenticationFilter.class */
public class ShiroAuthenticationFilter implements ContainerRequestFilter {
    private static final Logger LOG = LoggerFactory.getLogger(ShiroAuthenticationFilter.class);

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        SecurityContext securityContext = containerRequestContext.getSecurityContext();
        if (securityContext instanceof ShiroSecurityContext) {
            ShiroSecurityContext shiroSecurityContext = (ShiroSecurityContext) securityContext;
            LOG.trace("Authenticating... {}", shiroSecurityContext.getSubject());
            if (shiroSecurityContext.getSubject().isAuthenticated()) {
                return;
            }
            try {
                LOG.trace("Logging in {}", shiroSecurityContext.getSubject());
                shiroSecurityContext.loginSubject();
            } catch (LockedAccountException e) {
                LOG.debug("Unable to authenticate user, account is locked.", (Throwable) e);
                throw new NotAuthorizedException(e, "Basic realm=\"Graylog2 Server\"", new Object[0]);
            } catch (AuthenticationException e2) {
                LOG.debug("Unable to authenticate user.", (Throwable) e2);
                throw new NotAuthorizedException(e2, "Basic realm=\"Graylog2 Server\"", new Object[0]);
            }
        }
    }
}
