package org.springframework.security.web.access;

import java.util.Collection;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.FilterInvocation;
import org.springframework.util.Assert;

/* loaded from: input_file:spg-user-ui-war-3.0.7.war:WEB-INF/lib/spring-security-web-3.1.1.RELEASE.jar:org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.class */
public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPrivilegeEvaluator {
    protected static final Log logger = LogFactory.getLog(DefaultWebInvocationPrivilegeEvaluator.class);
    private final AbstractSecurityInterceptor securityInterceptor;

    public DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor abstractSecurityInterceptor) {
        Assert.notNull(abstractSecurityInterceptor, "SecurityInterceptor cannot be null");
        Assert.isTrue(FilterInvocation.class.equals(abstractSecurityInterceptor.getSecureObjectClass()), "AbstractSecurityInterceptor does not support FilterInvocations");
        Assert.notNull(abstractSecurityInterceptor.getAccessDecisionManager(), "AbstractSecurityInterceptor must provide a non-null AccessDecisionManager");
        this.securityInterceptor = abstractSecurityInterceptor;
    }

    @Override // org.springframework.security.web.access.WebInvocationPrivilegeEvaluator
    public boolean isAllowed(String str, Authentication authentication) {
        return isAllowed(null, str, null, authentication);
    }

    @Override // org.springframework.security.web.access.WebInvocationPrivilegeEvaluator
    public boolean isAllowed(String str, String str2, String str3, Authentication authentication) {
        Assert.notNull(str2, "uri parameter is required");
        FilterInvocation filterInvocation = new FilterInvocation(str, str2, str3);
        Collection<ConfigAttribute> attributes = this.securityInterceptor.obtainSecurityMetadataSource().getAttributes(filterInvocation);
        if (attributes == null) {
            return !this.securityInterceptor.isRejectPublicInvocations();
        }
        if (authentication == null) {
            return false;
        }
        try {
            this.securityInterceptor.getAccessDecisionManager().decide(authentication, filterInvocation, attributes);
            return true;
        } catch (AccessDeniedException e) {
            if (!logger.isDebugEnabled()) {
                return false;
            }
            logger.debug(filterInvocation.toString() + " denied for " + authentication.toString(), e);
            return false;
        }
    }
}
