package com.supwisdom.infras.security.configure.cas;

import com.supwisdom.infras.security.web.access.intercept.InfrasFilterSecurityInterceptor;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.session.ConcurrentSessionFilter;
import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy;

@EnableConfigurationProperties({CasProperties.class})
@Configuration
/* loaded from: input_file:com/supwisdom/infras/security/configure/cas/CasSecurityConfiguration.class */
public class CasSecurityConfiguration {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private CasProperties casProperties;

    @Configuration
    @ConditionalOnProperty(name = {"infras.security.cas.enabled"}, havingValue = "true")
    @Order(5)
    /* loaded from: input_file:com/supwisdom/infras/security/configure/cas/CasSecurityConfiguration$CASLoginWebSecurityConfigurerAdapter.class */
    public static class CASLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
        private static final Logger logger = LoggerFactory.getLogger(CASLoginWebSecurityConfigurerAdapter.class);

        @Autowired
        private InfrasFilterSecurityInterceptor infrasFilterSecurityInterceptor;

        @Autowired
        private CasAuthenticationProvider casAuthenticationProvider;

        @Autowired
        private CasAuthenticationEntryPoint casAuthenticationEntryPoint;

        @Autowired
        private CasAuthenticationFilter casAuthenticationFilter;

        @Autowired
        private LogoutFilter logoutFilter;

        @Autowired
        private SingleSignOutFilter singleSignOutFilter;

        @Autowired
        private ConcurrentSessionFilter sessionInfomationExpiredStategy;

        protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            super.configure(authenticationManagerBuilder);
            authenticationManagerBuilder.authenticationProvider(this.casAuthenticationProvider);
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            logger.debug("CASLoginWebSecurityConfigurerAdapter.configure");
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher("/web/**").authorizeRequests().antMatchers(new String[]{"/web/index", "/web/login"})).permitAll().antMatchers(new String[]{"/web/**"})).authenticated().anyRequest()).authenticated().and().formLogin().loginPage("/web/login").permitAll().and().logout().logoutUrl("/web/logout").permitAll();
            httpSecurity.csrf().disable();
            httpSecurity.exceptionHandling().authenticationEntryPoint(this.casAuthenticationEntryPoint);
            httpSecurity.addFilterAt(this.casAuthenticationFilter, CasAuthenticationFilter.class);
            httpSecurity.addFilterAt(this.singleSignOutFilter, CasAuthenticationFilter.class);
            httpSecurity.addFilterAt(this.sessionInfomationExpiredStategy, ConcurrentSessionFilter.class);
            httpSecurity.addFilterAt(this.logoutFilter, LogoutFilter.class);
            if (this.infrasFilterSecurityInterceptor != null) {
                httpSecurity.addFilterBefore(this.infrasFilterSecurityInterceptor, FilterSecurityInterceptor.class);
            }
        }
    }

    @Bean
    public HttpSessionEventPublisher httpSessionEventPublisher() {
        return new HttpSessionEventPublisher();
    }

    @Bean
    public SessionRegistry sessionRegistry() {
        return new SessionRegistryImpl();
    }

    @Bean
    public ConcurrentSessionFilter sessionInfomationExpiredStategy() {
        return new ConcurrentSessionFilter(sessionRegistry());
    }

    @Bean
    public SimpleRedirectInvalidSessionStrategy simpleRedirectInvalidSessionStrategy() {
        return new SimpleRedirectInvalidSessionStrategy("/web/login?error");
    }

    @Bean
    public ServiceProperties serviceProperties() {
        ServiceProperties serviceProperties = new ServiceProperties();
        serviceProperties.setService(this.casProperties.getAppServerUrl() + this.casProperties.getAppLoginUrl());
        serviceProperties.setAuthenticateAllArtifacts(true);
        return serviceProperties;
    }

    @Bean
    public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
        CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
        casAuthenticationEntryPoint.setLoginUrl(this.casProperties.getCasServerLoginUrl());
        casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
        return casAuthenticationEntryPoint;
    }

    @Bean
    public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
        CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
        casAuthenticationFilter.setAuthenticationManager(this.authenticationManager);
        casAuthenticationFilter.setFilterProcessesUrl(this.casProperties.getAppLoginUrl());
        casAuthenticationFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler());
        casAuthenticationFilter.setAuthenticationSuccessHandler(new SavedRequestAwareAuthenticationSuccessHandler());
        casAuthenticationFilter.setServiceProperties(serviceProperties());
        casAuthenticationFilter.setAuthenticationDetailsSource(new ServiceAuthenticationDetailsSource(serviceProperties()));
        return casAuthenticationFilter;
    }

    @Bean
    public CasAuthenticationProvider casAuthenticationProvider() {
        CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
        casAuthenticationProvider.setUserDetailsService(this.userDetailsService);
        casAuthenticationProvider.setServiceProperties(serviceProperties());
        casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
        casAuthenticationProvider.setKey("casAuthenticationProviderKey");
        return casAuthenticationProvider;
    }

    @Bean
    public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
        return new Cas20ServiceTicketValidator(this.casProperties.getCasServerUrl());
    }

    @Bean
    public SingleSignOutFilter singleSignOutFilter() {
        SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
        singleSignOutFilter.setCasServerUrlPrefix(this.casProperties.getCasServerUrl());
        singleSignOutFilter.setIgnoreInitConfiguration(true);
        return singleSignOutFilter;
    }

    @Bean
    public LogoutFilter logoutFilter() {
        LogoutFilter logoutFilter = new LogoutFilter(this.casProperties.getCasServerLogoutUrl(), new LogoutHandler[]{new SecurityContextLogoutHandler()});
        logoutFilter.setFilterProcessesUrl(this.casProperties.getAppLogoutUrl());
        return logoutFilter;
    }
}
