package com.geoway.atlas.map.config;

import com.geoway.atlas.map.auth.bean.CustomOAuth2User;
import com.geoway.atlas.map.base.config.ProjectConfig;
import com.geoway.atlas.map.service.IOAuth2Service;
import java.util.HashSet;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@Configuration
@EnableWebSecurity
@EnableOAuth2Client
/* loaded from: input_file:com/geoway/atlas/map/config/SecurityConfig.class */
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    final ClientRegistrationRepository clientRegistrationRepository;
    final ProjectConfig projectConfig;
    final CasOAuth2Config oAuth2Config;
    final IOAuth2Service oAuth2Service;

    public SecurityConfig(ClientRegistrationRepository clientRegistrationRepository, ProjectConfig projectConfig, CasOAuth2Config casOAuth2Config, IOAuth2Service iOAuth2Service) {
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.projectConfig = projectConfig;
        this.oAuth2Config = casOAuth2Config;
        this.oAuth2Service = iOAuth2Service;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Autowired
    public void config(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        if (this.projectConfig.getLoginModel().equals("none")) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.cors().and().csrf().disable().cors().and().authorizeRequests().antMatchers(new String[]{"/**"})).permitAll().and().headers().frameOptions().disable();
        } else if (this.projectConfig.getLoginModel().equals("cas")) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.cors().and().csrf().disable().authorizeRequests().antMatchers(new String[]{"/"})).permitAll().antMatchers(new String[]{"/ProjectController/shareProject"})).permitAll().antMatchers(new String[]{"/proxy"})).permitAll().antMatchers(new String[]{"/**/*.css", "/**/*.js", "/**/*.json", "/**/*.woff", "/**/*.tff", "/**/*.etf", "/**/*.html", "/**/*.png", "/**/*.ico", "/**/*.gzjs", "/**/*.gzcss"})).permitAll().antMatchers(new String[]{"/login", "/logout"})).permitAll().antMatchers(new String[]{"/resources/dictionary/getDictionary.do", "/mapconfig/**"})).permitAll().antMatchers(new String[]{"/region/**"})).permitAll().antMatchers(new String[]{"/node/**"})).permitAll().antMatchers(new String[]{"/share/**"})).permitAll().antMatchers(new String[]{"/mask/**"})).permitAll().antMatchers(new String[]{"/atlasVtile/**"})).permitAll().anyRequest()).authenticated().and().httpBasic().and().addFilterBefore(new BeforeLoginFilter(), OAuth2LoginAuthenticationFilter.class).oauth2Login().authorizationEndpoint().authorizationRequestResolver(new CustomOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository, "/oauth2/authorization", this.oAuth2Config.getBaseUrl())).and().userInfoEndpoint().userService(initOAuth2UserService()).and().loginPage("/oauth2/authorization/" + this.oAuth2Config.getRegistrationId()).successHandler(new CustomSuccessHandler(this.oAuth2Config.getDefaultSuccessUrl())).and().logout().clearAuthentication(true).invalidateHttpSession(true).addLogoutHandler(new MyLogoutHandler(this.oAuth2Service)).and().exceptionHandling().authenticationEntryPoint(new OAuth2AuthenticationEntryPoint());
        }
    }

    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addAllowedOrigin("*");
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        corsConfiguration.setAllowCredentials(true);
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return new CorsFilter(urlBasedCorsConfigurationSource);
    }

    private OAuth2UserService<OAuth2UserRequest, OAuth2User> initOAuth2UserService() {
        DefaultOAuth2UserService defaultOAuth2UserService = new DefaultOAuth2UserService();
        return oAuth2UserRequest -> {
            Map attributes = defaultOAuth2UserService.loadUser(oAuth2UserRequest).getAttributes();
            String userNameAttributeName = oAuth2UserRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
            HashSet hashSet = new HashSet();
            hashSet.add(new SimpleGrantedAuthority("ROLE_USER"));
            hashSet.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
            return new CustomOAuth2User(hashSet, attributes, userNameAttributeName, oAuth2UserRequest.getAccessToken());
        };
    }
}
