package org.springframework.security.ui.switchuser;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.AuthenticationException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.event.authentication.AuthenticationSwitchUserEvent;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.ui.AuthenticationDetailsSource;
import org.springframework.security.ui.FilterChainOrder;
import org.springframework.security.ui.SpringSecurityFilter;
import org.springframework.security.ui.WebAuthenticationDetailsSource;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsChecker;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.checker.AccountStatusUserDetailsChecker;
import org.springframework.security.util.RedirectUtils;
import org.springframework.util.Assert;

/* loaded from: input_file:jnlp/spring-security-core-2.0.6.RELEASE.jar:org/springframework/security/ui/switchuser/SwitchUserProcessingFilter.class */
public class SwitchUserProcessingFilter extends SpringSecurityFilter implements InitializingBean, ApplicationEventPublisherAware, MessageSourceAware {
    public static final String SPRING_SECURITY_SWITCH_USERNAME_KEY = "j_username";
    public static final String ROLE_PREVIOUS_ADMINISTRATOR = "ROLE_PREVIOUS_ADMINISTRATOR";
    private ApplicationEventPublisher eventPublisher;
    private String targetUrl;
    private String switchFailureUrl;
    private SwitchUserAuthorityChanger switchUserAuthorityChanger;
    private UserDetailsService userDetailsService;
    private boolean useRelativeContext;
    private AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private String exitUserUrl = "/j_spring_security_exit_user";
    private String switchUserUrl = "/j_spring_security_switch_user";
    private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.hasLength(this.switchUserUrl, "switchUserUrl must be specified");
        Assert.hasLength(this.exitUserUrl, "exitUserUrl must be specified");
        Assert.hasLength(this.targetUrl, "targetUrl must be specified");
        Assert.notNull(this.userDetailsService, "authenticationDao must be specified");
        Assert.notNull(this.messages, "A message source must be set");
    }

    protected Authentication attemptExitUser(HttpServletRequest httpServletRequest) throws AuthenticationCredentialsNotFoundException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (null == authentication) {
            throw new AuthenticationCredentialsNotFoundException(this.messages.getMessage("SwitchUserProcessingFilter.noCurrentUser", "No current user associated with this request"));
        }
        Authentication sourceAuthentication = getSourceAuthentication(authentication);
        if (sourceAuthentication == null) {
            this.logger.error("Could not find original user Authentication object!");
            throw new AuthenticationCredentialsNotFoundException(this.messages.getMessage("SwitchUserProcessingFilter.noOriginalAuthentication", "Could not find original Authentication object"));
        }
        UserDetails userDetails = null;
        Object principal = sourceAuthentication.getPrincipal();
        if (principal != null && (principal instanceof UserDetails)) {
            userDetails = (UserDetails) principal;
        }
        if (this.eventPublisher != null) {
            this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent(authentication, userDetails));
        }
        return sourceAuthentication;
    }

    protected Authentication attemptSwitchUser(HttpServletRequest httpServletRequest) throws AuthenticationException {
        String parameter = httpServletRequest.getParameter("j_username");
        if (parameter == null) {
            parameter = "";
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(new StringBuffer().append("Attempt to switch to user [").append(parameter).append("]").toString());
        }
        UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(parameter);
        this.userDetailsChecker.check(loadUserByUsername);
        UsernamePasswordAuthenticationToken createSwitchUserToken = createSwitchUserToken(httpServletRequest, loadUserByUsername);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(new StringBuffer().append("Switch User Token [").append(createSwitchUserToken).append("]").toString());
        }
        if (this.eventPublisher != null) {
            this.eventPublisher.publishEvent(new AuthenticationSwitchUserEvent(SecurityContextHolder.getContext().getAuthentication(), loadUserByUsername));
        }
        return createSwitchUserToken;
    }

    private UsernamePasswordAuthenticationToken createSwitchUserToken(HttpServletRequest httpServletRequest, UserDetails userDetails) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        SwitchUserGrantedAuthority switchUserGrantedAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR, authentication);
        List asList = Arrays.asList(userDetails.getAuthorities());
        if (this.switchUserAuthorityChanger != null) {
            asList = this.switchUserAuthorityChanger.modifyGrantedAuthorities(userDetails, authentication, asList);
        }
        ArrayList arrayList = new ArrayList(asList);
        arrayList.add(switchUserGrantedAuthority);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), (GrantedAuthority[]) arrayList.toArray(new GrantedAuthority[arrayList.size()]));
        usernamePasswordAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
        return usernamePasswordAuthenticationToken;
    }

    @Override // org.springframework.security.ui.SpringSecurityFilter
    public void doFilterHttp(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (requiresSwitchUser(httpServletRequest)) {
            try {
                SecurityContextHolder.getContext().setAuthentication(attemptSwitchUser(httpServletRequest));
                sendRedirect(httpServletRequest, httpServletResponse, this.targetUrl);
                return;
            } catch (AuthenticationException e) {
                redirectToFailureUrl(httpServletRequest, httpServletResponse, e);
                return;
            }
        }
        if (!requiresExitUser(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        SecurityContextHolder.getContext().setAuthentication(attemptExitUser(httpServletRequest));
        sendRedirect(httpServletRequest, httpServletResponse, this.targetUrl);
    }

    private void redirectToFailureUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
        this.logger.debug("Switch User failed", authenticationException);
        if (this.switchFailureUrl != null) {
            sendRedirect(httpServletRequest, httpServletResponse, this.switchFailureUrl);
        } else {
            httpServletResponse.getWriter().print(new StringBuffer().append("Switch user failed: ").append(authenticationException.getMessage()).toString());
            httpServletResponse.flushBuffer();
        }
    }

    protected void sendRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        RedirectUtils.sendRedirect(httpServletRequest, httpServletResponse, str, this.useRelativeContext);
    }

    private Authentication getSourceAuthentication(Authentication authentication) {
        Authentication authentication2 = null;
        GrantedAuthority[] authorities = authentication.getAuthorities();
        for (int i = 0; i < authorities.length; i++) {
            if (authorities[i] instanceof SwitchUserGrantedAuthority) {
                authentication2 = ((SwitchUserGrantedAuthority) authorities[i]).getSource();
                this.logger.debug(new StringBuffer().append("Found original switch user granted authority [").append(authentication2).append("]").toString());
            }
        }
        return authentication2;
    }

    protected boolean requiresExitUser(HttpServletRequest httpServletRequest) {
        return stripUri(httpServletRequest).endsWith(new StringBuffer().append(httpServletRequest.getContextPath()).append(this.exitUserUrl).toString());
    }

    protected boolean requiresSwitchUser(HttpServletRequest httpServletRequest) {
        return stripUri(httpServletRequest).endsWith(new StringBuffer().append(httpServletRequest.getContextPath()).append(this.switchUserUrl).toString());
    }

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) throws BeansException {
        this.eventPublisher = applicationEventPublisher;
    }

    public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) {
        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    public void setExitUserUrl(String str) {
        this.exitUserUrl = str;
    }

    @Override // org.springframework.context.MessageSourceAware
    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }

    public void setSwitchUserUrl(String str) {
        this.switchUserUrl = str;
    }

    public void setTargetUrl(String str) {
        this.targetUrl = str;
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    public void setUseRelativeContext(boolean z) {
        this.useRelativeContext = z;
    }

    public void setSwitchFailureUrl(String str) {
        this.switchFailureUrl = str;
    }

    private static String stripUri(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        int indexOf = requestURI.indexOf(59);
        if (indexOf > 0) {
            requestURI = requestURI.substring(0, indexOf);
        }
        return requestURI;
    }

    public void setSwitchUserAuthorityChanger(SwitchUserAuthorityChanger switchUserAuthorityChanger) {
        this.switchUserAuthorityChanger = switchUserAuthorityChanger;
    }

    @Override // org.springframework.security.ui.SpringSecurityFilter, org.springframework.core.Ordered
    public int getOrder() {
        return FilterChainOrder.SWITCH_USER_FILTER;
    }
}
