package org.springframework.security.web.authentication.preauth;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:spg-user-ui-war-3.0.9.war:WEB-INF/lib/spring-security-web-3.1.1.RELEASE.jar:org/springframework/security/web/authentication/preauth/AbstractPreAuthenticatedProcessingFilter.class */
public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFilterBean implements ApplicationEventPublisherAware {
    private boolean checkForPrincipalChanges;
    private ApplicationEventPublisher eventPublisher = null;
    private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
    private AuthenticationManager authenticationManager = null;
    private boolean continueFilterChainOnUnsuccessfulAuthentication = true;
    private boolean invalidateSessionOnPrincipalChange = true;

    @Override // org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        Assert.notNull(this.authenticationManager, "An AuthenticationManager must be set");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
        }
        if (requiresAuthentication((HttpServletRequest) servletRequest)) {
            doAuthenticate((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void doAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Object preAuthenticatedPrincipal = getPreAuthenticatedPrincipal(httpServletRequest);
        Object preAuthenticatedCredentials = getPreAuthenticatedCredentials(httpServletRequest);
        if (preAuthenticatedPrincipal == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("No pre-authenticated principal found in request");
                return;
            }
            return;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("preAuthenticatedPrincipal = " + preAuthenticatedPrincipal + ", trying to authenticate");
        }
        try {
            PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken = new PreAuthenticatedAuthenticationToken(preAuthenticatedPrincipal, preAuthenticatedCredentials);
            preAuthenticatedAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
            successfulAuthentication(httpServletRequest, httpServletResponse, this.authenticationManager.authenticate(preAuthenticatedAuthenticationToken));
        } catch (AuthenticationException e) {
            unsuccessfulAuthentication(httpServletRequest, httpServletResponse, e);
            if (!this.continueFilterChainOnUnsuccessfulAuthentication) {
                throw e;
            }
        }
    }

    private boolean requiresAuthentication(HttpServletRequest httpServletRequest) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return true;
        }
        if (!this.checkForPrincipalChanges) {
            return false;
        }
        Object preAuthenticatedPrincipal = getPreAuthenticatedPrincipal(httpServletRequest);
        if (authentication.getName().equals(preAuthenticatedPrincipal)) {
            return false;
        }
        this.logger.debug("Pre-authenticated principal has changed to " + preAuthenticatedPrincipal + " and will be reauthenticated");
        if (!this.invalidateSessionOnPrincipalChange) {
            return true;
        }
        SecurityContextHolder.clearContext();
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return true;
        }
        this.logger.debug("Invalidating existing session");
        session.invalidate();
        httpServletRequest.getSession();
        return true;
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Authentication success: " + authentication);
        }
        SecurityContextHolder.getContext().setAuthentication(authentication);
        if (this.eventPublisher != null) {
            this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authentication, getClass()));
        }
    }

    protected void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) {
        SecurityContextHolder.clearContext();
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Cleared security context due to exception", authenticationException);
        }
        httpServletRequest.setAttribute("SPRING_SECURITY_LAST_EXCEPTION", authenticationException);
    }

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.eventPublisher = applicationEventPublisher;
    }

    public void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    protected AuthenticationDetailsSource<HttpServletRequest, ?> getAuthenticationDetailsSource() {
        return this.authenticationDetailsSource;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setContinueFilterChainOnUnsuccessfulAuthentication(boolean z) {
        this.continueFilterChainOnUnsuccessfulAuthentication = z;
    }

    public void setCheckForPrincipalChanges(boolean z) {
        this.checkForPrincipalChanges = z;
    }

    public void setInvalidateSessionOnPrincipalChange(boolean z) {
        this.invalidateSessionOnPrincipalChange = z;
    }

    protected abstract Object getPreAuthenticatedPrincipal(HttpServletRequest httpServletRequest);

    protected abstract Object getPreAuthenticatedCredentials(HttpServletRequest httpServletRequest);
}
