package com.supwisdom.institute.developer.center.gateway.zuul.security.web.access;

import com.supwisdom.institute.developer.center.gateway.zuul.sa.authn.model.ResourceRoleSet;
import java.util.Collection;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:BOOT-INF/classes/com/supwisdom/institute/developer/center/gateway/zuul/security/web/access/MyAccessDecisionManager.class */
public class MyAccessDecisionManager implements AccessDecisionManager {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) MyAccessDecisionManager.class);

    @Override // org.springframework.security.access.AccessDecisionManager
    public void decide(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
        if (null == collection || collection.size() <= 0) {
            return;
        }
        Iterator<ConfigAttribute> it = collection.iterator();
        while (it.hasNext()) {
            String attribute = it.next().getAttribute();
            if (attribute != null && !attribute.isEmpty()) {
                if (attribute.startsWith("ACCESS_")) {
                    String substring = attribute.substring("ACCESS_".length());
                    log.debug("Access is {}", substring);
                    if ("anonymous".equals(substring)) {
                        if (authentication.isAuthenticated()) {
                            throw new AccessDeniedException("no right");
                        }
                        return;
                    } else if (ResourceRoleSet.ACCESS_AUTHENTICATE.equals(substring)) {
                        if (!authentication.isAuthenticated()) {
                            throw new AccessDeniedException("no right");
                        }
                        return;
                    } else {
                        if (ResourceRoleSet.ACCESS_PERMIT_ALL.equals(substring)) {
                            return;
                        }
                        if (!ResourceRoleSet.ACCESS_DENY_ALL.equals(substring)) {
                            throw new AccessDeniedException("no right");
                        }
                        throw new AccessDeniedException("no right");
                    }
                }
                Iterator<? extends GrantedAuthority> it2 = authentication.getAuthorities().iterator();
                while (it2.hasNext()) {
                    if (attribute.trim().equals(it2.next().getAuthority())) {
                        return;
                    }
                }
            }
        }
        throw new AccessDeniedException("no right");
    }

    @Override // org.springframework.security.access.AccessDecisionManager
    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    @Override // org.springframework.security.access.AccessDecisionManager
    public boolean supports(Class<?> cls) {
        return true;
    }
}
