package nl._42.restzilla.web.security;

import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.expression.EvaluationContext;
import org.springframework.security.access.expression.ExpressionUtils;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;

/* loaded from: input_file:nl/_42/restzilla/web/security/SpelSecurityProvider.class */
public class SpelSecurityProvider implements SecurityProvider {
    private DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();

    @Override // nl._42.restzilla.web.security.SecurityProvider
    public boolean isAuthorized(String[] strArr, HttpServletRequest httpServletRequest) {
        if (strArr.length > 0) {
            EvaluationContext createEvaluationContext = this.handler.createEvaluationContext(getAuthentication(httpServletRequest), new FilterInvocation(httpServletRequest.getServletPath(), httpServletRequest.getMethod()));
            for (String str : strArr) {
                if (StringUtils.isNotBlank(str) && !ExpressionUtils.evaluateAsBoolean(this.handler.getExpressionParser().parseExpression(str), createEvaluationContext)) {
                    return false;
                }
            }
        }
        return true;
    }

    private Authentication getAuthentication(HttpServletRequest httpServletRequest) {
        Authentication userPrincipal = httpServletRequest.getUserPrincipal();
        if (userPrincipal instanceof Authentication) {
            return userPrincipal;
        }
        AnonymousAuthenticationToken authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            authentication = annonymous();
        }
        return authentication;
    }

    private AnonymousAuthenticationToken annonymous() {
        return new AnonymousAuthenticationToken("anonymousUser", "anonymousUser", AuthorityUtils.createAuthorityList(new String[]{"ROLE_ANONYMOUS"}));
    }

    @Autowired(required = false)
    public void setHandler(DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler) {
        this.handler = defaultWebSecurityExpressionHandler;
    }
}
