package cn.gtmap.gtcc.starter.gcass.config;

import cn.gtmap.gtcc.properties.security.AppSecurity;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2SsoProperties;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;

@AutoConfigureBefore({OAuth2SsoCustomConfiguration.class})
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Order(2147483640)
/* loaded from: input_file:cn/gtmap/gtcc/starter/gcass/config/SsoWebSecurityConfiguration.class */
public class SsoWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
    final Logger logger = LoggerFactory.getLogger(ResourceSceurityConfiguration.class);
    final ApplicationContext applicationContext;
    final OAuth2SsoProperties sso;
    final AppSecurity appSecurity;

    public SsoWebSecurityConfiguration(ApplicationContext applicationContext, OAuth2SsoProperties oAuth2SsoProperties, AppSecurity appSecurity) {
        this.applicationContext = applicationContext;
        this.sso = oAuth2SsoProperties;
        this.appSecurity = appSecurity;
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        for (Map.Entry entry : this.appSecurity.getAuthorities().entrySet()) {
            try {
                if (entry.getKey() == "permitAll") {
                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers((String[]) entry.getValue())).permitAll().and();
                } else {
                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers((String[]) entry.getValue())).access((String) entry.getKey()).and();
                }
            } catch (Exception e) {
                this.logger.error("app.security.authorities has wrong key or values [{}]", e.getLocalizedMessage());
            }
        }
        httpSecurity.csrf().disable().headers().contentTypeOptions().disable().cacheControl().disable();
        new SsoSecurityConfigurer(this.applicationContext).configure(httpSecurity);
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        try {
            webSecurity.ignoring().antMatchers(this.appSecurity.getIgnores());
        } catch (Exception e) {
            this.logger.error("app.security.ignores has wrong values [{}]", e.getLocalizedMessage());
        }
    }
}
