package cn.gtmap.gtc.sso.config;

import cn.gtmap.gtc.sso.audit.AuditLogProperties;
import cn.gtmap.gtc.sso.config.handler.GtmapAuthenticationFailureHandler;
import cn.gtmap.gtc.sso.config.handler.GtmapAuthenticationSuccessHandler;
import cn.gtmap.gtc.sso.config.handler.GtmapSecurityContextLogoutHandler;
import cn.gtmap.gtc.sso.config.handler.SimpleUrlLogoutEventSuccessHandler;
import cn.gtmap.gtc.sso.manager.MsgManager;
import cn.gtmap.gtc.sso.service.AuthUserDetailsService;
import cn.gtmap.gtc.sso.util.Constant;
import cn.gtmap.gtc.sso.util.GtmapStringUtils;
import org.apache.axis2.Constants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.StandardPasswordEncoder;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.NumberUtils;
import org.springframework.util.StringUtils;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@Order(2147483640)
/* loaded from: input_file:BOOT-INF/classes/cn/gtmap/gtc/sso/config/GtmapSecurityConfig.class */
public class GtmapSecurityConfig extends WebSecurityConfigurerAdapter {
    private static final String REDIRECT_URI_PARAM = "redirect_uri";

    @Value("${system.setting.terminalCountPermit}")
    private String terminalCountPermit;

    @Value("${system.setting.passwordEncoder}")
    private String encoder;

    @Value("${logging.classify.defaulted}")
    private String classify;

    @Value("${system.setting.anonymousEnable}")
    private String anonymousEnable;

    @Value("${system.setting.anonymousPassword}")
    private String anonymousPassword;

    @Autowired
    private AuthUserDetailsService userDetailsService;

    @Autowired
    private GtmapAuthenticationSuccessHandler gtmapAuthenticationSuccessHandler;

    @Autowired
    private GtmapSecurityContextLogoutHandler securityContextLogoutHandler;

    @Autowired
    private SessionInformationExpiredStrategy sessionInformationExpiredStrategy;

    @Autowired
    private AuditLogProperties auditLogProperties;

    @Autowired
    private MsgManager msgManager;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return (StringUtils.isEmpty(this.encoder) || !"standard".equals(this.encoder)) ? new GtPasswordEncoder(new BCryptPasswordEncoder(), this.anonymousEnable, this.anonymousPassword) : new GtPasswordEncoder(new StandardPasswordEncoder(Constant.SECRET_CODE), this.anonymousEnable, this.anonymousPassword);
    }

    private int generateMaximumSessions() {
        int intValue;
        int i = -1;
        if (!GtmapStringUtils.isEmpty(this.terminalCountPermit) && GtmapStringUtils.isNaturalNumeric(this.terminalCountPermit) && (intValue = ((Integer) NumberUtils.parseNumber(this.terminalCountPermit, Integer.class)).intValue()) > 0) {
            i = intValue;
        }
        return i;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        int generateMaximumSessions = generateMaximumSessions();
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.formLogin().loginPage("/login").successHandler(this.gtmapAuthenticationSuccessHandler).failureHandler(gtmapAuthenticationFailureHandler()).and()).authorizeRequests().antMatchers("/login", "/oauth/**", "/error", "/auth/**", "/info", "/health").permitAll().anyRequest().authenticated().and()).csrf().disable()).cors().disable()).headers().xssProtection().disable().contentTypeOptions().disable().frameOptions().disable();
        httpSecurity.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessHandler(logoutSuccessHandler()).addLogoutHandler(this.securityContextLogoutHandler).deleteCookies(Constants.SESSION_COOKIE_JSESSIONID);
        httpSecurity.authorizeRequests().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() { // from class: cn.gtmap.gtc.sso.config.GtmapSecurityConfig.1
            @Override // org.springframework.security.config.annotation.ObjectPostProcessor
            public <O extends FilterSecurityInterceptor> O postProcess(O o) {
                o.setPublishAuthorizationSuccess(GtmapSecurityConfig.this.auditLogProperties.isAuthorizationSuccess());
                return o;
            }
        });
        httpSecurity.exceptionHandling().accessDeniedPage("/accessDenied");
        GtmapSessionManagementConfigurer gtmapSessionManagementConfigurer = new GtmapSessionManagementConfigurer();
        gtmapSessionManagementConfigurer.setMsgManager(this.msgManager);
        SecurityConfigurerAdapter securityConfigurerAdapter = (SecurityConfigurerAdapter) httpSecurity.getConfigurer(gtmapSessionManagementConfigurer.getClass());
        ((GtmapSessionManagementConfigurer) (securityConfigurerAdapter != null ? securityConfigurerAdapter : httpSecurity.apply((HttpSecurity) gtmapSessionManagementConfigurer))).sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).invalidSessionUrl("/login").maximumSessions(generateMaximumSessions).maxSessionsPreventsLogin(false).expiredSessionStrategy(this.sessionInformationExpiredStrategy).sessionRegistry(sessionRegistry());
    }

    SimpleUrlLogoutEventSuccessHandler logoutSuccessHandler() {
        SimpleUrlLogoutEventSuccessHandler simpleUrlLogoutEventSuccessHandler = new SimpleUrlLogoutEventSuccessHandler();
        simpleUrlLogoutEventSuccessHandler.setTargetUrlParameter("redirect_uri");
        simpleUrlLogoutEventSuccessHandler.setApplicationEventPublisher(super.getApplicationContext());
        simpleUrlLogoutEventSuccessHandler.setClassify(this.classify);
        return simpleUrlLogoutEventSuccessHandler;
    }

    @Bean
    GtmapAuthenticationFailureHandler gtmapAuthenticationFailureHandler() {
        GtmapAuthenticationFailureHandler gtmapAuthenticationFailureHandler = new GtmapAuthenticationFailureHandler();
        gtmapAuthenticationFailureHandler.setDefaultFailureUrl("/login?error=true");
        return gtmapAuthenticationFailureHandler;
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers("/custom/**", "/image/**", "/css/**", "/layui/**", "/js/**", "/webjars/**", "/hystrix.stream", "/turbine.stream", "/jolokia", "/info", "/logfile", "/refresh", "/flyway", "/liquibase", "/redirect", "/user-redirect", "/loggers", "/auditevents", "/rest/v1/users/user-verify");
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public SessionRegistry sessionRegistry() {
        return new GtmapSessionRegistryImpl();
    }
}
