package com.supwisdom.insititute.token.server.oauth2.client.webapi.configure;

import com.supwisdom.insititute.token.server.core.state.StateStore;
import com.supwisdom.insititute.token.server.oauth2.client.domain.web.authentication.OAuth2ClientLoginAuthenticationFilter;
import com.supwisdom.insititute.token.server.oauth2.client.webapi.controller.OAuth2ClientController;
import com.supwisdom.insititute.token.server.security.domain.authentication.TokenAuthenticationEventPublisher;
import com.supwisdom.insititute.token.server.security.domain.core.userdetails.TokenUserConverter;
import com.supwisdom.insititute.token.server.security.domain.validator.AccountStatusValidator;
import com.supwisdom.insititute.token.server.security.domain.web.authentication.IdTokenAuthenticationFilter;
import javax.servlet.Filter;
import oracle.sql.CharacterSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@Order(CharacterSet.KO16TSTSET_CHARSET)
/* loaded from: input_file:BOOT-INF/lib/token-server-oauth2-client-webapi-1.6.6-RELEASE.3.jar:com/supwisdom/insititute/token/server/oauth2/client/webapi/configure/OAuth2ClientApiWebSecurityConfigurerAdapter.class */
public class OAuth2ClientApiWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OAuth2ClientApiWebSecurityConfigurerAdapter.class);

    @Autowired
    private TokenAuthenticationEventPublisher tokenAuthenticationEventPublisher;

    @Autowired
    private MessageSourceAccessor messageSourceAccessor;

    @Autowired
    private AccountStatusValidator accountStatusValidator;

    @Autowired
    private StateStore redisStateStore;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private TokenUserConverter tokenUserConverter;

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        log.debug("OAuth2ClientApiWebSecurityConfigurerAdapter.configure(HttpSecurity)");
        httpSecurity.antMatcher("/oauth2client/**").authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll().anyRequest().permitAll();
        OAuth2ClientLoginAuthenticationFilter oAuth2ClientLoginAuthenticationFilter = new OAuth2ClientLoginAuthenticationFilter(OAuth2ClientController.LOGIN_ENDPOINT);
        oAuth2ClientLoginAuthenticationFilter.setEventPublisher(this.tokenAuthenticationEventPublisher);
        oAuth2ClientLoginAuthenticationFilter.setMessageSourceAccessor(this.messageSourceAccessor);
        oAuth2ClientLoginAuthenticationFilter.setAccountStatusValidator(this.accountStatusValidator);
        oAuth2ClientLoginAuthenticationFilter.setRedisStateStore(this.redisStateStore);
        oAuth2ClientLoginAuthenticationFilter.setUserDetailsService(this.userDetailsService);
        oAuth2ClientLoginAuthenticationFilter.setTokenUserConverter(this.tokenUserConverter);
        httpSecurity.addFilterBefore((Filter) oAuth2ClientLoginAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
        IdTokenAuthenticationFilter idTokenAuthenticationFilter = new IdTokenAuthenticationFilter(authenticationManager());
        idTokenAuthenticationFilter.setMessageSourceAccessor(this.messageSourceAccessor);
        idTokenAuthenticationFilter.setTokenUserConverter(this.tokenUserConverter);
        httpSecurity.addFilter((Filter) idTokenAuthenticationFilter);
        httpSecurity.cors();
        httpSecurity.csrf().disable();
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }
}
