package org.broadleafcommerce.openadmin.web.filter;

import java.io.IOException;
import java.io.PrintWriter;
import javax.annotation.Resource;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.broadleafcommerce.common.exception.ServiceException;
import org.broadleafcommerce.common.security.handler.SecurityFilter;
import org.broadleafcommerce.common.security.service.StaleStateServiceException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;

/* loaded from: input_file:org/broadleafcommerce/openadmin/web/filter/AdminSecurityFilter.class */
public class AdminSecurityFilter extends SecurityFilter {

    @Resource(name = "blAdminAuthenticationFailureHandler")
    protected AuthenticationFailureHandler failureHandler;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            super.doFilter(servletRequest, servletResponse, filterChain);
        } catch (ServletException e) {
            if (e.getCause() instanceof StaleStateServiceException) {
                e.printStackTrace(new PrintWriter(servletResponse.getWriter()));
                ((HttpServletResponse) servletResponse).setStatus(409);
            } else {
                if (!(e.getCause() instanceof ServiceException)) {
                    throw e;
                }
                HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                if (SecurityContextHolder.getContext().getAuthentication() != null) {
                    throw e;
                }
                httpServletRequest.setAttribute("sessionTimeout", true);
                this.failureHandler.onAuthenticationFailure((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, new SessionAuthenticationException("Session Time Out"));
            }
        }
    }
}
