package org.springframework.security.taglibs.authz;

import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.springframework.core.GenericTypeResolver;
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.ParseException;
import org.springframework.security.access.expression.ExpressionUtils;
import org.springframework.security.access.expression.SecurityExpressionHandler;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
import org.springframework.util.StringUtils;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.springframework.web.servlet.support.WebContentGenerator;

/* loaded from: input_file:spg-user-ui-war-2.1.9.war:WEB-INF/lib/spring-security-taglibs-3.1.1.RELEASE.jar:org/springframework/security/taglibs/authz/AbstractAuthorizeTag.class */
public abstract class AbstractAuthorizeTag {
    private String access;
    private String url;
    private String method = WebContentGenerator.METHOD_GET;
    private String ifAllGranted;
    private String ifAnyGranted;
    private String ifNotGranted;

    protected abstract ServletRequest getRequest();

    protected abstract ServletResponse getResponse();

    protected abstract ServletContext getServletContext();

    public boolean authorize() throws IOException {
        return StringUtils.hasText(getAccess()) ? authorizeUsingAccessExpression() : StringUtils.hasText(getUrl()) ? authorizeUsingUrlCheck() : authorizeUsingGrantedAuthorities();
    }

    public boolean authorizeUsingGrantedAuthorities() {
        boolean hasText = StringUtils.hasText(getIfAllGranted());
        boolean hasText2 = StringUtils.hasText(getIfAnyGranted());
        boolean hasText3 = StringUtils.hasText(getIfNotGranted());
        if (!hasText && !hasText2 && !hasText3) {
            return false;
        }
        Set<String> authoritiesToRoles = authoritiesToRoles(getPrincipalAuthorities());
        if (hasText && !authoritiesToRoles.containsAll(splitRoles(getIfAllGranted()))) {
            return false;
        }
        if (!hasText2 || containsAnyValue(authoritiesToRoles, splitRoles(getIfAnyGranted()))) {
            return (hasText3 && containsAnyValue(splitRoles(getIfNotGranted()), authoritiesToRoles)) ? false : true;
        }
        return false;
    }

    public boolean authorizeUsingAccessExpression() throws IOException {
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            return false;
        }
        SecurityExpressionHandler<FilterInvocation> expressionHandler = getExpressionHandler();
        try {
            return ExpressionUtils.evaluateAsBoolean(expressionHandler.getExpressionParser().parseExpression(getAccess()), createExpressionEvaluationContext(expressionHandler));
        } catch (ParseException e) {
            IOException iOException = new IOException();
            iOException.initCause(e);
            throw iOException;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public EvaluationContext createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation> securityExpressionHandler) {
        return securityExpressionHandler.createEvaluationContext(SecurityContextHolder.getContext().getAuthentication(), new FilterInvocation(getRequest(), getResponse(), new FilterChain() { // from class: org.springframework.security.taglibs.authz.AbstractAuthorizeTag.1
            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
                throw new UnsupportedOperationException();
            }
        }));
    }

    public boolean authorizeUsingUrlCheck() throws IOException {
        return getPrivilegeEvaluator().isAllowed(getRequest().getContextPath(), getUrl(), getMethod(), SecurityContextHolder.getContext().getAuthentication());
    }

    public String getAccess() {
        return this.access;
    }

    public void setAccess(String str) {
        this.access = str;
    }

    public String getUrl() {
        return this.url;
    }

    public void setUrl(String str) {
        this.url = str;
    }

    public String getMethod() {
        return this.method;
    }

    public void setMethod(String str) {
        this.method = str != null ? str.toUpperCase() : null;
    }

    public String getIfAllGranted() {
        return this.ifAllGranted;
    }

    public void setIfAllGranted(String str) {
        this.ifAllGranted = str;
    }

    public String getIfAnyGranted() {
        return this.ifAnyGranted;
    }

    public void setIfAnyGranted(String str) {
        this.ifAnyGranted = str;
    }

    public String getIfNotGranted() {
        return this.ifNotGranted;
    }

    public void setIfNotGranted(String str) {
        this.ifNotGranted = str;
    }

    private Collection<? extends GrantedAuthority> getPrincipalAuthorities() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return null == authentication ? Collections.emptyList() : authentication.getAuthorities();
    }

    private Set<String> splitRoles(String str) {
        String[] strArr = StringUtils.tokenizeToStringArray(str, ",");
        HashSet hashSet = new HashSet(strArr.length);
        for (String str2 : strArr) {
            hashSet.add(str2);
        }
        return hashSet;
    }

    private boolean containsAnyValue(Set<String> set, Collection<String> collection) {
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            if (set.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    private Set<String> authoritiesToRoles(Collection<? extends GrantedAuthority> collection) {
        HashSet hashSet = new HashSet();
        for (GrantedAuthority grantedAuthority : collection) {
            if (null == grantedAuthority.getAuthority()) {
                throw new IllegalArgumentException("Cannot process GrantedAuthority objects which return null from getAuthority() - attempting to process " + grantedAuthority.toString());
            }
            hashSet.add(grantedAuthority.getAuthority());
        }
        return hashSet;
    }

    private SecurityExpressionHandler<FilterInvocation> getExpressionHandler() throws IOException {
        for (SecurityExpressionHandler<FilterInvocation> securityExpressionHandler : WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext()).getBeansOfType(SecurityExpressionHandler.class).values()) {
            if (FilterInvocation.class.equals(GenericTypeResolver.resolveTypeArgument(securityExpressionHandler.getClass(), SecurityExpressionHandler.class))) {
                return securityExpressionHandler;
            }
        }
        throw new IOException("No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.");
    }

    private WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() throws IOException {
        Map beansOfType = WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext()).getBeansOfType(WebInvocationPrivilegeEvaluator.class);
        if (beansOfType.size() == 0) {
            throw new IOException("No visible WebInvocationPrivilegeEvaluator instance could be found in the application context. There must be at least one in order to support the use of URL access checks in 'authorize' tags.");
        }
        return (WebInvocationPrivilegeEvaluator) beansOfType.values().toArray()[0];
    }
}
