package org.graylog2.shared.security;

import java.lang.reflect.Method;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.container.DynamicFeature;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.FeatureContext;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresGuest;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.util.ThreadContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/shared/security/ShiroSecurityBinding.class */
public class ShiroSecurityBinding implements DynamicFeature {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ShiroSecurityBinding.class);

    @Override // javax.ws.rs.container.DynamicFeature
    public void configure(ResourceInfo resourceInfo, FeatureContext featureContext) {
        Class<?> resourceClass = resourceInfo.getResourceClass();
        Method resourceMethod = resourceInfo.getResourceMethod();
        if (resourceMethod.isAnnotationPresent(RequiresAuthentication.class) || resourceClass.isAnnotationPresent(RequiresAuthentication.class)) {
            if (resourceMethod.isAnnotationPresent(RequiresGuest.class)) {
                LOG.debug("Resource method {}#{} is marked as unauthenticated, skipping setting filter.");
            } else {
                LOG.debug("Resource method {}#{} requires an authenticated user.", resourceClass.getCanonicalName(), resourceMethod.getName());
                featureContext.register2(new ShiroAuthenticationFilter());
            }
        }
        if (resourceMethod.isAnnotationPresent(RequiresPermissions.class) || resourceClass.isAnnotationPresent(RequiresPermissions.class)) {
            RequiresPermissions requiresPermissions = (RequiresPermissions) resourceClass.getAnnotation(RequiresPermissions.class);
            if (requiresPermissions == null) {
                requiresPermissions = (RequiresPermissions) resourceMethod.getAnnotation(RequiresPermissions.class);
            }
            LOG.debug("Resource method {}#{} requires an authorization checks.", resourceClass.getCanonicalName(), resourceMethod.getName());
            featureContext.register2(new ShiroAuthorizationFilter(requiresPermissions));
        }
        featureContext.register2(new ContainerResponseFilter() { // from class: org.graylog2.shared.security.ShiroSecurityBinding.1
            @Override // javax.ws.rs.container.ContainerResponseFilter
            public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) {
                ThreadContext.unbindSubject();
            }
        });
    }
}
