package cn.gtmap.secondaryMarket.common.security;

import cn.gtmap.secondaryMarket.common.constants.CommonConst;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.util.PathMatcher;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
import org.springframework.web.util.UrlPathHelper;

/* loaded from: input_file:cn/gtmap/secondaryMarket/common/security/SecContextInterceptor.class */
public class SecContextInterceptor implements HandlerInterceptor {
    private String[] excludes;
    private String[] needLogins;
    private String redirectUrl;
    protected UrlPathHelper urlPathHelper = RequestUtils.URL_PATH_HELPER;
    protected PathMatcher pathMatcher = RequestUtils.PATH_MATCHER;
    private String[] strArr = {CommonConst.StringValue.QUOTE, CommonConst.StringValue.PERCENT, "--", "create", "drop", "delete", "update", "insert", "union", "alert", "iframe", "script"};

    public void setNeedLogins(String[] strArr) {
        this.needLogins = strArr;
    }

    public void setRedirectUrl(String str) {
        this.redirectUrl = str;
    }

    public void setExcludes(String[] strArr) {
        this.excludes = strArr;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (RequestUtils.matchAny(httpServletRequest, this.urlPathHelper, this.pathMatcher, this.excludes)) {
            return true;
        }
        boolean isLogin = SecUtil.isLogin(httpServletRequest);
        String header = httpServletRequest.getHeader("X-Requested-With");
        if (!RequestUtils.matchAny(httpServletRequest, this.urlPathHelper, this.pathMatcher, this.needLogins) || this.redirectUrl == null || isLogin) {
            return true;
        }
        if ("XMLHttpRequest".equalsIgnoreCase(header)) {
            httpServletResponse.setHeader("REDIRECT", "REDIRECT");
            httpServletResponse.setHeader("CONTENTPATH", String.valueOf(this.redirectUrl) + (this.redirectUrl.contains("?") ? "&" : "?") + "url=" + checkUrl(ServletUriComponentsBuilder.fromRequest(httpServletRequest).build().encode().toString()));
            httpServletResponse.setStatus(403);
            return false;
        }
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setHeader("Content-type", "text/html;charset=UTF-8");
        PrintWriter writer = httpServletResponse.getWriter();
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("<script type=\"text/javascript\">");
        stringBuffer.append("alert('请先登录！');");
        stringBuffer.append("window.top.location.href='");
        stringBuffer.append(String.valueOf(this.redirectUrl) + (this.redirectUrl.contains("?") ? "&" : "?") + "url=" + checkUrl(ServletUriComponentsBuilder.fromRequest(httpServletRequest).build().encode().toString()));
        stringBuffer.append("';");
        stringBuffer.append("</script>");
        writer.print(stringBuffer.toString());
        return false;
    }

    private String checkUrl(String str) {
        for (String str2 : this.strArr) {
            if (str.contains(str2)) {
                str = str.replace(str2, CommonConst.StringValue.EMPTY);
            }
        }
        return str;
    }

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
        if (RequestUtils.matchAny(httpServletRequest, this.urlPathHelper, this.pathMatcher, this.excludes)) {
            SecurityContext.clearContext();
        }
    }
}
