package com.baomidou.kisso.web.interceptor;

import com.baomidou.kisso.SSOAuthorization;
import com.baomidou.kisso.SSOConfig;
import com.baomidou.kisso.SSOHelper;
import com.baomidou.kisso.SSOToken;
import com.baomidou.kisso.annotation.Action;
import com.baomidou.kisso.annotation.Permission;
import com.baomidou.kisso.common.util.HttpUtil;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:com/baomidou/kisso/web/interceptor/SSOPermissionInterceptor.class */
public class SSOPermissionInterceptor extends HandlerInterceptorAdapter {
    private static final Logger logger = Logger.getLogger("SSOPermissionInterceptor");
    private SSOAuthorization authorization;
    private String illegalUrl;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        SSOToken sSOToken;
        if (!(obj instanceof HandlerMethod) || (sSOToken = (SSOToken) SSOHelper.attrToken(httpServletRequest)) == null || isVerification(httpServletRequest, obj, sSOToken)) {
            return true;
        }
        return unauthorizedAccess(httpServletRequest, httpServletResponse);
    }

    protected boolean isVerification(HttpServletRequest httpServletRequest, Object obj, SSOToken sSOToken) {
        String requestURI;
        if (SSOConfig.getInstance().isPermissionUri() && ((requestURI = httpServletRequest.getRequestURI()) == null || this.authorization.isPermitted(sSOToken, requestURI))) {
            return true;
        }
        Permission permission = (Permission) ((HandlerMethod) obj).getMethod().getAnnotation(Permission.class);
        if (permission == null) {
            return false;
        }
        if (permission.action() == Action.Skip) {
            return true;
        }
        return !"".equals(permission.value()) && this.authorization.isPermitted(sSOToken, permission.value());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean unauthorizedAccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        logger.fine(" request 403 url: " + httpServletRequest.getRequestURI());
        if (HttpUtil.isAjax(httpServletRequest)) {
            HttpUtil.ajaxStatus(httpServletResponse, 403, "ajax Unauthorized access.");
            return false;
        }
        if (this.illegalUrl == null || "".equals(this.illegalUrl)) {
            httpServletResponse.sendError(403, "Forbidden");
            return false;
        }
        httpServletResponse.sendRedirect(this.illegalUrl);
        return false;
    }

    public SSOAuthorization getAuthorization() {
        return this.authorization;
    }

    public void setAuthorization(SSOAuthorization sSOAuthorization) {
        this.authorization = sSOAuthorization;
    }

    public String getIllegalUrl() {
        return this.illegalUrl;
    }

    public void setIllegalUrl(String str) {
        this.illegalUrl = str;
    }
}
