package org.jasig.cas.web.support;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.inspektr.common.ioc.annotation.GreaterThan;
import org.inspektr.common.ioc.annotation.NotNull;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.support.WebContentGenerator;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-3.3.5-fixed.jar:org/jasig/cas/web/support/AbstractThrottledSubmissionHandlerInterceptorAdapter.class */
public abstract class AbstractThrottledSubmissionHandlerInterceptorAdapter extends HandlerInterceptorAdapter {
    private static final int DEFAULT_FAILURE_THRESHOLD = 100;
    private static final int DEFAULT_FAILURE_RANGE_IN_SECONDS = 60;
    private static final String DEFAULT_USERNAME_PARAMETER = "username";
    protected final Log log = LogFactory.getLog(getClass());

    @GreaterThan(0)
    private int failureThreshold = 100;

    @GreaterThan(0)
    private int failureRangeInSeconds = 60;

    @NotNull
    private String usernameParameter = "username";

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public final boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!WebContentGenerator.METHOD_POST.equals(httpServletRequest.getMethod()) || findCount(httpServletRequest, this.usernameParameter, this.failureRangeInSeconds) < this.failureThreshold) {
            return true;
        }
        updateCount(httpServletRequest, this.usernameParameter);
        this.log.warn("*** Possible Hacking Attempt from [" + httpServletRequest.getRemoteAddr() + "].  More than " + this.failureThreshold + " failed login attempts within " + this.failureRangeInSeconds + " seconds.");
        httpServletResponse.sendError(403, "Access Denied for user [" + httpServletRequest.getParameter(this.usernameParameter) + " from IP Address [" + httpServletRequest.getRemoteAddr() + "]");
        return false;
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public final void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
        if (WebContentGenerator.METHOD_POST.equals(httpServletRequest.getMethod()) && "casLoginView".equals(modelAndView.getViewName())) {
            updateCount(httpServletRequest, this.usernameParameter);
        }
    }

    protected abstract int findCount(HttpServletRequest httpServletRequest, String str, int i);

    protected abstract void updateCount(HttpServletRequest httpServletRequest, String str);

    public final void setFailureThreshold(int i) {
        this.failureThreshold = i;
    }

    public final void setFailureRangeInSeconds(int i) {
        this.failureRangeInSeconds = i;
    }

    public final void setUsernameParameter(String str) {
        this.usernameParameter = str;
    }
}
