package org.springframework.security.taglibs.authz;

import java.io.IOException;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.jsp.JspException;
import org.springframework.expression.ParseException;
import org.springframework.security.access.expression.ExpressionUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
import org.springframework.security.web.access.expression.WebSecurityExpressionHandler;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:WEB-INF/lib/spring-security-taglibs-3.0.3.RELEASE.jar:org/springframework/security/taglibs/authz/AuthorizeTag.class */
public class AuthorizeTag extends LegacyAuthorizeTag {
    private String access;
    private String url;
    private String method;
    private static final FilterChain DUMMY_CHAIN = new FilterChain() { // from class: org.springframework.security.taglibs.authz.AuthorizeTag.1
        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            throw new UnsupportedOperationException();
        }
    };

    @Override // org.springframework.security.taglibs.authz.LegacyAuthorizeTag
    public int doStartTag() throws JspException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return 0;
        }
        return (this.access == null || this.access.length() <= 0) ? (this.url == null || this.url.length() <= 0) ? super.doStartTag() : authorizeUsingUrlCheck(authentication) : authorizeUsingAccessExpression(authentication);
    }

    private int authorizeUsingAccessExpression(Authentication authentication) throws JspException {
        WebSecurityExpressionHandler expressionHandler = getExpressionHandler();
        try {
            return ExpressionUtils.evaluateAsBoolean(expressionHandler.getExpressionParser().parseExpression(this.access), expressionHandler.createEvaluationContext(authentication, new FilterInvocation(this.pageContext.getRequest(), this.pageContext.getResponse(), DUMMY_CHAIN))) ? 1 : 0;
        } catch (ParseException e) {
            throw new JspException(e);
        }
    }

    private int authorizeUsingUrlCheck(Authentication authentication) throws JspException {
        return getPrivilegeEvaluator().isAllowed(this.pageContext.getRequest().getContextPath(), this.url, this.method, authentication) ? 1 : 0;
    }

    public void setAccess(String str) {
        this.access = str;
    }

    public void setUrl(String str) {
        this.url = str;
    }

    public void setMethod(String str) {
        this.method = str;
    }

    WebSecurityExpressionHandler getExpressionHandler() throws JspException {
        Map beansOfType = WebApplicationContextUtils.getRequiredWebApplicationContext(this.pageContext.getServletContext()).getBeansOfType(WebSecurityExpressionHandler.class);
        if (beansOfType.size() == 0) {
            throw new JspException("No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.");
        }
        return (WebSecurityExpressionHandler) beansOfType.values().toArray()[0];
    }

    WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() throws JspException {
        Map beansOfType = WebApplicationContextUtils.getRequiredWebApplicationContext(this.pageContext.getServletContext()).getBeansOfType(WebInvocationPrivilegeEvaluator.class);
        if (beansOfType.size() == 0) {
            throw new JspException("No visible WebInvocationPrivilegeEvaluator instance could be found in the application context. There must be at least one in order to support the use of URL access checks in 'authorize' tags.");
        }
        return (WebInvocationPrivilegeEvaluator) beansOfType.values().toArray()[0];
    }
}
