package it.at7.gemini.auth.api;

import it.at7.gemini.auth.core.NoRedirectStrategy;
import it.at7.gemini.auth.core.TokenAuthenticationFilter;
import it.at7.gemini.auth.core.TokenAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:it/at7/gemini/auth/api/SecurityConfiguration.class */
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private TokenAuthenticationProvider authenticationProvider;
    private static final RequestMatcher PUBLIC_URLS = new OrRequestMatcher(new RequestMatcher[]{new AntPathRequestMatcher(LoginController.LOGIN_PATH), new AntPathRequestMatcher(LoginController.REFRESH_TOKEN_PATH)});
    private static final RequestMatcher PROTECTED_URLS = new NegatedRequestMatcher(PUBLIC_URLS);

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) {
        authenticationManagerBuilder.authenticationProvider(this.authenticationProvider);
    }

    public void configure(WebSecurity webSecurity) {
        webSecurity.ignoring().requestMatchers(new RequestMatcher[]{PUBLIC_URLS});
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().exceptionHandling().defaultAuthenticationEntryPointFor(forbiddenEntryPoint(), PROTECTED_URLS).and().authenticationProvider(this.authenticationProvider).addFilterBefore(restAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class).authorizeRequests().anyRequest()).authenticated().and().cors().and().csrf().disable().formLogin().disable().httpBasic().disable().logout().disable();
    }

    @Bean
    TokenAuthenticationFilter restAuthenticationFilter() throws Exception {
        TokenAuthenticationFilter tokenAuthenticationFilter = new TokenAuthenticationFilter(PROTECTED_URLS);
        tokenAuthenticationFilter.setAuthenticationManager(authenticationManager());
        tokenAuthenticationFilter.setAuthenticationSuccessHandler(successHandler());
        return tokenAuthenticationFilter;
    }

    @Bean
    SimpleUrlAuthenticationSuccessHandler successHandler() {
        SimpleUrlAuthenticationSuccessHandler simpleUrlAuthenticationSuccessHandler = new SimpleUrlAuthenticationSuccessHandler();
        simpleUrlAuthenticationSuccessHandler.setRedirectStrategy(new NoRedirectStrategy());
        return simpleUrlAuthenticationSuccessHandler;
    }

    @Bean
    FilterRegistrationBean disableAutoRegistration(TokenAuthenticationFilter tokenAuthenticationFilter) {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(tokenAuthenticationFilter, new ServletRegistrationBean[0]);
        filterRegistrationBean.setEnabled(false);
        return filterRegistrationBean;
    }

    @Bean
    AuthenticationEntryPoint forbiddenEntryPoint() {
        return new HttpStatusEntryPoint(HttpStatus.FORBIDDEN);
    }
}
