package com.supermap.services.security;

import com.supermap.services.rest.HttpException;
import com.supermap.services.util.ProductTypeUtil;
import java.io.IOException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/security/SecurityAuthorizationFilter.class */
public class SecurityAuthorizationFilter extends PermissionsAuthorizationFilter {
    public String getLoginUrl() {
        String loginUrl = super.getLoginUrl();
        if ("/login.jsp".equalsIgnoreCase(loginUrl)) {
            loginUrl = ProductTypeUtil.isPortal() ? "/web/login" : "/services/security/login";
        }
        if (Manager.getInstance().isSecurityEnabled()) {
            CasRealm casRealm = ShiroUtil.getCasRealm();
            if (casRealm != null && casRealm.isEnabled() && !casRealm.isReserveSystemAccount() && StringUtils.isNotBlank(casRealm.getLoginURL(null))) {
                loginUrl = casRealm.getLoginURL(null);
            }
            if (Manager.getInstance().getKeycloakConfig().isEnable()) {
                loginUrl = "/keycloak-login";
            }
        }
        return loginUrl;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        Subject subject = getSubject(servletRequest, servletResponse);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpSession session = httpServletRequest.getSession();
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        if (session != null && requestURL != null) {
            session.setAttribute(Constant.PAC4J_LOGIN_REFERER, requestURL.toString());
        }
        if (subject.isPermitted(SecurityConstants.PERMISSION_GUEST_ONLY) || subject.getPrincipal() == null || !subject.isAuthenticated()) {
            if (!isHtml(httpServletRequest)) {
                throw new HttpException(401, "need more permission to do current action");
            }
            saveRequestAndRedirectToLogin(servletRequest, servletResponse);
            return false;
        }
        String unauthorizedUrl = getUnauthorizedUrl();
        if (org.apache.shiro.util.StringUtils.hasText(unauthorizedUrl)) {
            WebUtils.issueRedirect(servletRequest, servletResponse, unauthorizedUrl);
            return false;
        }
        KeycloakConfig keycloakConfig = Manager.getInstance().getKeycloakConfig();
        if (isHtml(httpServletRequest)) {
            if (ShiroUtil.isCasRealmEnabled() || keycloakConfig.isEnable()) {
                WebUtils.issueRedirect(servletRequest, servletResponse, "/services/security/error");
                return false;
            }
            String[] split = StringUtils.split(httpServletRequest.getRequestURI(), '/');
            if (split.length > 1 && "manager".equalsIgnoreCase(split[1])) {
                saveRequestAndRedirectToLogin(servletRequest, servletResponse);
                return false;
            }
        }
        throw new HttpException(401, "need more permission to do current action");
    }

    protected void saveRequestAndRedirectToLogin(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        if (getSubject(servletRequest, servletResponse).isPermitted(SecurityConstants.PERMISSION_GUEST_ONLY)) {
            ShiroUtil.removeLogoutFlag((HttpServletRequest) servletRequest);
        }
        ShiroUtil.a((HttpServletRequest) servletRequest);
        redirectToLogin(servletRequest, servletResponse);
    }

    public static boolean isHtml(HttpServletRequest httpServletRequest) {
        int lastIndexOf;
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI == null || (lastIndexOf = requestURI.lastIndexOf(46)) == -1) {
            return true;
        }
        if (requestURI.lastIndexOf(47) > lastIndexOf) {
            return false;
        }
        String trim = requestURI.substring(lastIndexOf + 1).trim();
        return "html".equalsIgnoreCase(trim) || trim.length() == 0;
    }
}
