package org.jsecurity.web.interceptor.authc;

import java.net.InetAddress;
import java.net.UnknownHostException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.jsecurity.JSecurityException;
import org.jsecurity.authc.AuthenticationException;
import org.jsecurity.authc.UsernamePasswordToken;
import org.jsecurity.util.StringUtils;
import org.jsecurity.web.RedirectView;
import org.jsecurity.web.WebUtils;

/* loaded from: input_file:org/jsecurity/web/interceptor/authc/FormAuthenticationWebInterceptor.class */
public class FormAuthenticationWebInterceptor extends AuthenticationWebInterceptor {
    public static final String DEFAULT_ERROR_KEY_ATTRIBUTE_NAME = FormAuthenticationWebInterceptor.class.getName() + "_AUTHC_FAILURE_KEY";
    public static final String DEFAULT_LOGIN_URL = "/login.jsp";
    public static final String DEFAULT_USERNAME_PARAM = "username";
    public static final String DEFAULT_PASSWORD_PARAM = "password";
    public static final String DEFAULT_REMEMBER_ME_PARAM = "rememberMe";
    private String usernameParam = DEFAULT_USERNAME_PARAM;
    private String passwordParam = DEFAULT_PASSWORD_PARAM;
    private String rememberMeParam = "rememberMe";
    private String successUrl = DEFAULT_LOGIN_URL;
    private String failureKeyAtribute = DEFAULT_ERROR_KEY_ATTRIBUTE_NAME;

    public FormAuthenticationWebInterceptor() {
        setUrl(DEFAULT_LOGIN_URL);
    }

    public String getUsernameParam() {
        return this.usernameParam;
    }

    public void setUsernameParam(String str) {
        this.usernameParam = str;
    }

    public String getPasswordParam() {
        return this.passwordParam;
    }

    public void setPasswordParam(String str) {
        this.passwordParam = str;
    }

    public String getRememberMeParam() {
        return this.rememberMeParam;
    }

    public void setRememberMeParam(String str) {
        this.rememberMeParam = str;
    }

    public String getSuccessUrl() {
        return this.successUrl;
    }

    public void setSuccessUrl(String str) {
        this.successUrl = str;
    }

    public String getFailureKeyAtribute() {
        return this.failureKeyAtribute;
    }

    public void setFailureKeyAtribute(String str) {
        this.failureKeyAtribute = str;
    }

    @Override // org.jsecurity.web.interceptor.RedirectingWebInterceptor, org.jsecurity.util.Initializable
    public void init() throws JSecurityException {
        if (this.log.isTraceEnabled()) {
            this.log.trace("Adding default login url to applied paths.");
        }
        this.appliedPaths.put(getUrl(), null);
    }

    @Override // org.jsecurity.web.interceptor.authc.AuthenticationWebInterceptor
    protected boolean onUnauthenticatedRequest(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (!isLoginRequest(servletRequest, servletResponse)) {
            if (this.log.isTraceEnabled()) {
                this.log.trace("Attempting to access a path which requires authentication.  Forwarding to the Authentication url [" + getUrl() + "]");
            }
            issueRedirect(servletRequest, servletResponse);
            return false;
        }
        if (isLoginSubmission(servletRequest, servletResponse)) {
            if (this.log.isTraceEnabled()) {
                this.log.trace("Login submission detected.  Attempting to execute login.");
            }
            return executeLogin(servletRequest, servletResponse);
        }
        if (!this.log.isTraceEnabled()) {
            return true;
        }
        this.log.trace("Login page view.");
        return true;
    }

    protected void saveRequest(ServletRequest servletRequest, ServletResponse servletResponse) {
    }

    protected boolean isLoginSubmission(ServletRequest servletRequest, ServletResponse servletResponse) {
        return toHttp(servletRequest).getMethod().equalsIgnoreCase("POST");
    }

    protected boolean isLoginRequest(ServletRequest servletRequest, ServletResponse servletResponse) {
        return this.pathMatcher.match(getUrl(), WebUtils.getPathWithinApplication(toHttp(servletRequest)));
    }

    protected boolean executeLogin(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        String username = getUsername(servletRequest, servletResponse);
        String password = getPassword(servletRequest, servletResponse);
        try {
            getSubject(servletRequest, servletResponse).login(new UsernamePasswordToken(username, password.toCharArray(), isRememberMe(servletRequest, servletResponse), getInetAddress(servletRequest, servletResponse)));
            issueSuccessRedirect(servletRequest, servletResponse);
            return false;
        } catch (AuthenticationException e) {
            servletRequest.setAttribute(getFailureKeyAtribute(), e.getClass().getName());
            return true;
        }
    }

    protected void issueSuccessRedirect(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        new RedirectView(getSuccessUrl(), isContextRelative(), isHttp10Compatible()).renderMergedOutputModel(getQueryParams(), toHttp(servletRequest), toHttp(servletResponse));
    }

    protected String getUsername(ServletRequest servletRequest, ServletResponse servletResponse) {
        return StringUtils.clean(servletRequest.getParameter(getUsernameParam()));
    }

    protected String getPassword(ServletRequest servletRequest, ServletResponse servletResponse) {
        return StringUtils.clean(servletRequest.getParameter(getPasswordParam()));
    }

    protected boolean isRememberMe(ServletRequest servletRequest, ServletResponse servletResponse) {
        String clean = StringUtils.clean(servletRequest.getParameter(getRememberMeParam()));
        return clean != null && (clean.equalsIgnoreCase("true") || clean.equalsIgnoreCase("t") || clean.equalsIgnoreCase("1") || clean.equalsIgnoreCase("y") || clean.equalsIgnoreCase("yes") || clean.equalsIgnoreCase("on"));
    }

    protected InetAddress getInetAddress(ServletRequest servletRequest, ServletResponse servletResponse) {
        if (!(servletRequest instanceof HttpServletRequest)) {
            return null;
        }
        try {
            return InetAddress.getByName(toHttp(servletRequest).getRemoteAddr());
        } catch (UnknownHostException e) {
            if (!this.log.isTraceEnabled()) {
                return null;
            }
            this.log.trace("Unable to acquire host for HttpServlet request.", e);
            return null;
        }
    }
}
