package cn.gtmap.onemap.security.web;

import cn.gtmap.onemap.core.ex.NoPermissonException;
import cn.gtmap.onemap.core.support.spring.ConfigurableInterceptor;
import cn.gtmap.onemap.model.Operation;
import cn.gtmap.onemap.security.SecHelper;
import com.google.common.collect.Maps;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import oracle.jdbc.OracleConnection;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/onemap-common-1.1.9.jar:cn/gtmap/onemap/security/web/AuthorizationInterceptor.class */
public class AuthorizationInterceptor extends ConfigurableInterceptor {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AuthorizationInterceptor.class);
    private String rootPath;
    private Map<String, Collection<String>> privileges = Maps.newLinkedHashMap();
    private Map<String, Collection<String>> whitelist = Maps.newLinkedHashMap();

    public void setRootPath(String str) {
        this.rootPath = str;
    }

    public void setPrivileges(Map<String, String> map) {
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String value = entry.getValue();
            if (StringUtils.isEmpty(value)) {
                value = Operation.VIEW;
            }
            this.privileges.put(entry.getKey(), Arrays.asList(StringUtils.split(value, ',')));
        }
    }

    public void setWhitelist(Map<String, String> map) {
        for (Map.Entry<String, String> entry : map.entrySet()) {
            this.whitelist.put(entry.getKey(), Arrays.asList(StringUtils.split(entry.getValue(), ',')));
        }
    }

    @Override // cn.gtmap.onemap.core.support.spring.ConfigurableInterceptor
    public boolean internalPreHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        String header = httpServletRequest.getHeader("x-forwarded-for");
        if (header == null || header.length() == 0 || OracleConnection.CONNECTION_PROPERTY_THIN_VSESSION_TERMINAL_DEFAULT.equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("Proxy-Client-IP");
        }
        if (header == null || header.length() == 0 || OracleConnection.CONNECTION_PROPERTY_THIN_VSESSION_TERMINAL_DEFAULT.equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("WL-Proxy-Client-IP");
        }
        if (header == null || header.length() == 0 || OracleConnection.CONNECTION_PROPERTY_THIN_VSESSION_TERMINAL_DEFAULT.equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("HTTP_CLIENT_IP");
        }
        if (header == null || header.length() == 0 || OracleConnection.CONNECTION_PROPERTY_THIN_VSESSION_TERMINAL_DEFAULT.equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("HTTP_X_FORWARDED_FOR");
        }
        if (header == null || header.length() == 0 || OracleConnection.CONNECTION_PROPERTY_THIN_VSESSION_TERMINAL_DEFAULT.equalsIgnoreCase(header)) {
            header = httpServletRequest.getRemoteAddr();
        }
        boolean z = false;
        if (this.whitelist.size() > 0) {
            Iterator<Map.Entry<String, Collection<String>>> it = this.whitelist.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (StringUtils.equals(header, it.next().getKey())) {
                    z = true;
                    break;
                }
            }
        } else {
            z = true;
        }
        if (!z) {
            LOG.warn("请注意，地址：" + header + "正在企图访问oms！");
            return false;
        }
        String lookupPathForRequest = this.urlPathHelper.getLookupPathForRequest(httpServletRequest);
        for (Map.Entry<String, Collection<String>> entry : this.privileges.entrySet()) {
            String key = entry.getKey();
            if (this.pathMatcher.match(key, lookupPathForRequest)) {
                if (SecHelper.isAdmin() || SecHelper.isPermitted(this.rootPath + ":" + key, entry.getValue())) {
                    return true;
                }
                throw new NoPermissonException(lookupPathForRequest);
            }
        }
        return true;
    }
}
