package com.gwtincubator.security.server;

import com.google.gwt.user.client.rpc.SerializationException;
import com.google.gwt.user.server.rpc.RPC;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.spi.LocationInfo;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AuthenticationException;
import org.springframework.security.InsufficientAuthenticationException;
import org.springframework.security.SpringSecurityException;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.ui.AccessDeniedHandler;
import org.springframework.security.ui.AccessDeniedHandlerImpl;
import org.springframework.security.ui.ExceptionTranslationFilter;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.ThrowableAnalyzer;
import org.springframework.security.util.ThrowableCauseExtractor;
import org.springframework.security.util.UrlMatcher;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/security-1.0.1.jar:com/gwtincubator/security/server/GWTExceptionTranslationFilter.class */
public class GWTExceptionTranslationFilter extends ExceptionTranslationFilter {
    private UrlMatcher matcher = new AntUrlPathMatcher();
    private Set<String> gwtPaths = new HashSet();
    private boolean forbiddenCodeHttpResponse = false;
    private AccessDeniedHandler accessDeniedHandler = new AccessDeniedHandlerImpl();
    private ThrowableAnalyzer throwableAnalyzer = new DefaultThrowableAnalyzer(null);

    /* loaded from: input_file:WEB-INF/lib/security-1.0.1.jar:com/gwtincubator/security/server/GWTExceptionTranslationFilter$DefaultThrowableAnalyzer.class */
    private static final class DefaultThrowableAnalyzer extends ThrowableAnalyzer {
        private DefaultThrowableAnalyzer() {
        }

        protected void initExtractorMap() {
            super.initExtractorMap();
            registerExtractor(ServletException.class, new ThrowableCauseExtractor() { // from class: com.gwtincubator.security.server.GWTExceptionTranslationFilter.DefaultThrowableAnalyzer.1
                public Throwable extractCause(Throwable th) {
                    ThrowableAnalyzer.verifyThrowableHierarchy(th, ServletException.class);
                    return ((ServletException) th).getRootCause();
                }
            });
        }

        /* synthetic */ DefaultThrowableAnalyzer(DefaultThrowableAnalyzer defaultThrowableAnalyzer) {
            this();
        }
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(getAuthenticationEntryPoint(), "authenticationEntryPoint must be specified");
        Assert.notNull(getPortResolver(), "portResolver must be specified");
        Assert.notNull(getAuthenticationTrustResolver(), "authenticationTrustResolver must be specified");
        Assert.notNull(this.throwableAnalyzer, "throwableAnalyzer must be specified");
        Assert.notNull(this.matcher, "matcher must be specified");
        Assert.notNull(this.gwtPaths, "gwtPaths must be specified");
    }

    public void doFilterHttp(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Chain processed normally");
            }
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            SpringSecurityException springSecurityException = (SpringSecurityException) this.throwableAnalyzer.getFirstThrowableOfType(SpringSecurityException.class, this.throwableAnalyzer.determineCauseChain(e2));
            if (springSecurityException != null) {
                handleException(httpServletRequest, httpServletResponse, filterChain, springSecurityException);
            } else {
                if (e2 instanceof ServletException) {
                    throw e2;
                }
                if (!(e2 instanceof RuntimeException)) {
                    throw new RuntimeException((Throwable) e2);
                }
                throw ((RuntimeException) e2);
            }
        }
    }

    protected boolean matchGWTPath(String str) {
        int indexOf = str.indexOf(LocationInfo.NA);
        if (indexOf != -1) {
            str = str.substring(0, indexOf);
        }
        if (this.matcher.requiresLowerCaseUrl()) {
            str = str.toLowerCase();
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Converted URL to lowercase, from: '" + str + "'; to: '" + str + "'");
            }
        }
        Iterator<String> it = this.gwtPaths.iterator();
        while (it.hasNext()) {
            if (this.matcher.pathMatchesUrl(it.next(), str)) {
                return true;
            }
        }
        return false;
    }

    private void handleException(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain, SpringSecurityException springSecurityException) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (matchGWTPath(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()))) {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if (this.forbiddenCodeHttpResponse) {
                httpServletResponse.sendError(403, "Access denied");
                return;
            }
            try {
                httpServletResponse.getOutputStream().print(RPC.encodeResponseForFailure(null, SecurityExceptionFactory.get(springSecurityException)));
                httpServletResponse.getOutputStream().flush();
                return;
            } catch (SerializationException e) {
                this.logger.error("RPC Serialization exception");
                return;
            }
        }
        if (springSecurityException instanceof AuthenticationException) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Authentication exception occurred; redirecting to authentication entry point", springSecurityException);
            }
            sendStartAuthentication(servletRequest, servletResponse, filterChain, (AuthenticationException) springSecurityException);
        } else if (springSecurityException instanceof AccessDeniedException) {
            if (getAuthenticationTrustResolver().isAnonymous(SecurityContextHolder.getContext().getAuthentication())) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("Access is denied (user is anonymous); redirecting to authentication entry point", springSecurityException);
                }
                sendStartAuthentication(servletRequest, servletResponse, filterChain, new InsufficientAuthenticationException("Full authentication is required to access this resource"));
            } else {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("Access is denied (user is not anonymous); delegating to AccessDeniedHandler", springSecurityException);
                }
                this.accessDeniedHandler.handle(servletRequest, servletResponse, (AccessDeniedException) springSecurityException);
            }
        }
    }

    public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
        Assert.notNull(accessDeniedHandler, "AccessDeniedHandler required");
        this.accessDeniedHandler = accessDeniedHandler;
    }

    public void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer) {
        this.throwableAnalyzer = throwableAnalyzer;
    }

    public UrlMatcher getMatcher() {
        return this.matcher;
    }

    public void setMatcher(UrlMatcher urlMatcher) {
        this.matcher = urlMatcher;
    }

    public Set<String> getGwtPaths() {
        return this.gwtPaths;
    }

    public void setGwtPaths(Set<String> set) {
        this.gwtPaths = set;
    }

    public boolean isForbiddenCodeHttpResponse() {
        return this.forbiddenCodeHttpResponse;
    }

    public void setForbiddenCodeHttpResponse(boolean z) {
        this.forbiddenCodeHttpResponse = z;
    }
}
