package com.manydesigns.portofino.dispatcher.security;

import java.io.IOException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.ConstrainedTo;
import javax.ws.rs.RuntimeType;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.aop.MethodInvocation;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor;
import org.apache.shiro.authz.aop.AuthenticatedAnnotationMethodInterceptor;
import org.apache.shiro.authz.aop.GuestAnnotationMethodInterceptor;
import org.apache.shiro.authz.aop.RoleAnnotationMethodInterceptor;
import org.apache.shiro.authz.aop.UserAnnotationMethodInterceptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
@ConstrainedTo(RuntimeType.SERVER)
/* loaded from: input_file:com/manydesigns/portofino/dispatcher/security/ShiroResourceFilter.class */
public class ShiroResourceFilter implements ContainerRequestFilter {

    @Context
    protected ResourceInfo resourceInfo;

    @Context
    protected HttpServletResponse response;
    protected static final Logger logger = LoggerFactory.getLogger(ShiroResourceFilter.class);
    protected static final AuthChecker AUTH_CHECKER = new AuthChecker();

    /* loaded from: input_file:com/manydesigns/portofino/dispatcher/security/ShiroResourceFilter$AuthChecker.class */
    public static final class AuthChecker extends AnnotationsAuthorizingMethodInterceptor {
        public AuthChecker() {
            this.methodInterceptors = new ArrayList(5);
            this.methodInterceptors.add(new RoleAnnotationMethodInterceptor());
            this.methodInterceptors.add(new ResourceMethodInterceptor());
            this.methodInterceptors.add(new AuthenticatedAnnotationMethodInterceptor());
            this.methodInterceptors.add(new UserAnnotationMethodInterceptor());
            this.methodInterceptors.add(new GuestAnnotationMethodInterceptor());
        }

        public void assertAuthorized(final Object obj, final Method method) throws AuthorizationException {
            super.assertAuthorized(new MethodInvocation() { // from class: com.manydesigns.portofino.dispatcher.security.ShiroResourceFilter.AuthChecker.1
                public Object proceed() throws Throwable {
                    return null;
                }

                public Method getMethod() {
                    return method;
                }

                public Object[] getArguments() {
                    return new Object[method.getParameterTypes().length];
                }

                public Object getThis() {
                    return obj;
                }
            });
        }
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        UriInfo uriInfo = containerRequestContext.getUriInfo();
        if (uriInfo.getMatchedResources().isEmpty()) {
            logger.debug("No resources matched {}", uriInfo.getPath());
        } else if (this.resourceInfo == null || this.resourceInfo.getResourceClass() == null) {
            logger.debug("No resource info: {}", this.resourceInfo);
        } else {
            checkAuthorizations(containerRequestContext, uriInfo.getMatchedResources().get(0));
        }
    }

    protected void checkAuthorizations(ContainerRequestContext containerRequestContext, Object obj) {
        try {
            AUTH_CHECKER.assertAuthorized(obj, this.resourceInfo.getResourceMethod());
            logger.debug("Security check passed.");
        } catch (AuthorizationException e) {
            logger.warn("Method invocation not authorized", e);
            if (SecurityUtils.getSubject().isAuthenticated()) {
                containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
            } else {
                containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
            }
        }
    }
}
