package cn.gtmap.ias.basic.client.starter.config;

import cn.gtmap.ias.basic.client.starter.property.AppSecurity;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.session.SessionRegistry;

@Configuration
/* loaded from: input_file:BOOT-INF/lib/basic-client-starter-1.0.0.jar:cn/gtmap/ias/basic/client/starter/config/SsoWebSecurityConfiguration.class */
public class SsoWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
    private final Logger logger = LoggerFactory.getLogger((Class<?>) SsoWebSecurityConfiguration.class);
    private final ApplicationContext applicationContext;
    private final AppSecurity appSecurity;

    public SsoWebSecurityConfiguration(ApplicationContext applicationContext, AppSecurity appSecurity) {
        this.applicationContext = applicationContext;
        this.appSecurity = appSecurity;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeRequests().antMatchers("/login").permitAll();
        for (Map.Entry<String, String[]> entry : this.appSecurity.getAuthorities().entrySet()) {
            try {
                if ("permitAll".equalsIgnoreCase(entry.getKey())) {
                    httpSecurity.authorizeRequests().antMatchers(entry.getValue()).permitAll().and();
                } else {
                    httpSecurity.authorizeRequests().antMatchers(entry.getValue()).access(processKey(entry.getKey())).and();
                }
            } catch (Exception e) {
                this.logger.error("app.security.authorities has wrong key or values [{}]", e.getLocalizedMessage());
            }
        }
        httpSecurity.authorizeRequests().anyRequest().authenticated();
        httpSecurity.exceptionHandling().accessDeniedPage("/accessDenied");
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).maximumSessions(-1).expiredSessionStrategy(new GtmapSessionInformationExpiredStrategy()).sessionRegistry(sessionRegistry());
        httpSecurity.cors();
        ((HttpSecurity) httpSecurity.csrf().disable()).headers().contentTypeOptions().disable().frameOptions().disable().cacheControl().disable();
        new SsoSecurityConfigurer(this.applicationContext).configure(httpSecurity);
    }

    private String processKey(String str) {
        return str.indexOf("hasRole") >= 0 ? str.replace("hasRole", "hasRole('").concat("')") : str;
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(WebSecurity webSecurity) throws Exception {
        if (this.appSecurity.getIgnores() == null || this.appSecurity.getIgnores().length == 0) {
            super.configure(webSecurity);
        }
        try {
            webSecurity.ignoring().antMatchers(this.appSecurity.getIgnores());
        } catch (Exception e) {
            this.logger.error("app.security.ignores has wrong values [{}]", e.getLocalizedMessage());
        }
    }

    @Bean
    public SessionRegistry sessionRegistry() {
        return new GtmapSessionRegistryImpl();
    }
}
