package org.graylog2.shared.security;

import java.io.IOException;
import javax.annotation.Priority;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.SecurityContext;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Priority(1000)
/* loaded from: input_file:org/graylog2/shared/security/ShiroAuthenticationFilter.class */
public class ShiroAuthenticationFilter implements ContainerRequestFilter {
    private static final Logger LOG = LoggerFactory.getLogger(ShiroAuthenticationFilter.class);

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        SecurityContext securityContext = containerRequestContext.getSecurityContext();
        if (!(securityContext instanceof ShiroSecurityContext)) {
            throw new NotAuthorizedException("Basic realm=\"Graylog Server\"", new Object[0]);
        }
        ShiroSecurityContext shiroSecurityContext = (ShiroSecurityContext) securityContext;
        Subject subject = shiroSecurityContext.getSubject();
        LOG.trace("Authenticating... {}", subject);
        if (subject.isAuthenticated()) {
            return;
        }
        try {
            LOG.trace("Logging in {}", subject);
            shiroSecurityContext.loginSubject();
        } catch (AuthenticationException e) {
            LOG.debug("Unable to authenticate user.", e);
            throw new NotAuthorizedException(e, "Basic realm=\"Graylog Server\"", new Object[0]);
        } catch (LockedAccountException e2) {
            LOG.debug("Unable to authenticate user, account is locked.", e2);
            throw new NotAuthorizedException(e2, "Basic realm=\"Graylog Server\"", new Object[0]);
        }
    }
}
