package com.stormpath.sdk.servlet.filter.account;

import com.stormpath.sdk.lang.Strings;
import com.stormpath.sdk.servlet.account.AccountResolver;
import com.stormpath.sdk.servlet.filter.AccessControlFilter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.expression.Expression;
import org.springframework.expression.spel.SpelCompilerMode;
import org.springframework.expression.spel.SpelParserConfiguration;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;

/* loaded from: input_file:com/stormpath/sdk/servlet/filter/account/AccountAuthorizationFilter.class */
public class AccountAuthorizationFilter extends AccessControlFilter {
    public static final String PATH_CONFIG_INIT_PARAM_NAME = "pathConfig";
    private Expression expression;

    protected String getPathConfig() {
        return getFilterConfig().getInitParameter(PATH_CONFIG_INIT_PARAM_NAME);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.stormpath.sdk.servlet.filter.AccessControlFilter, com.stormpath.sdk.servlet.filter.HttpFilter
    public void onInit() throws ServletException {
        super.onInit();
        String clean = Strings.clean(getPathConfig());
        if (clean != null) {
            try {
                this.expression = createExpression(clean);
            } catch (Exception e) {
                throw new ServletException("Unable to compile authorization expression [" + clean + "]: " + e.getMessage(), e);
            }
        }
        super.onInit();
    }

    protected Expression createExpression(String str) {
        return new SpelExpressionParser(new SpelParserConfiguration(SpelCompilerMode.MIXED, getClass().getClassLoader())).parseExpression(str);
    }

    @Override // com.stormpath.sdk.servlet.filter.AccessControlFilter
    protected boolean isAccessAllowed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (!AccountResolver.INSTANCE.hasAccount(httpServletRequest)) {
            return false;
        }
        if (this.expression == null) {
            return true;
        }
        Object value = this.expression.getValue(new StandardEvaluationContext(new HttpImmutableAccount(AccountResolver.INSTANCE.getRequiredAccount(httpServletRequest), httpServletRequest, httpServletResponse)));
        if (value instanceof Boolean) {
            return ((Boolean) value).booleanValue();
        }
        throw new ServletException("Specified authorization expression [" + getPathConfig() + "] must result in a boolean return value.");
    }

    @Override // com.stormpath.sdk.servlet.filter.AccessControlFilter
    protected boolean onAccessDenied(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        return !AccountResolver.INSTANCE.hasAccount(httpServletRequest) ? getUnauthenticatedHandler().onAuthenticationRequired(httpServletRequest, httpServletResponse) : getUnauthorizedHandler().onUnauthorized(httpServletRequest, httpServletResponse);
    }
}
