package org.apache.qpid.server.management.plugin.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
import org.apache.qpid.server.management.plugin.HttpManagementUtil;
import org.apache.qpid.server.model.Broker;

/* loaded from: input_file:org/apache/qpid/server/management/plugin/filter/RedirectingAuthorisationFilter.class */
public class RedirectingAuthorisationFilter implements Filter {
    public static String DEFAULT_LOGIN_URL = "login.html";
    public static String INIT_PARAM_LOGIN_URL = "login-url";
    private String _loginUrl = DEFAULT_LOGIN_URL;
    private Broker _broker;
    private HttpManagementConfiguration _managementConfiguration;

    public void destroy() {
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(INIT_PARAM_LOGIN_URL);
        if (initParameter != null) {
            this._loginUrl = initParameter;
        }
        ServletContext servletContext = filterConfig.getServletContext();
        this._broker = HttpManagementUtil.getBroker(servletContext);
        this._managementConfiguration = HttpManagementUtil.getManagementConfiguration(servletContext);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            HttpManagementUtil.checkRequestAuthenticatedAndAccessAuthorized((HttpServletRequest) servletRequest, this._broker, this._managementConfiguration);
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (SecurityException e) {
            httpServletResponse.sendRedirect(this._loginUrl);
        }
    }
}
