package org.pageseeder.bridge.berlioz.servlet;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.pageseeder.bridge.berlioz.auth.AuthSessions;
import org.pageseeder.bridge.berlioz.auth.AuthorizationResult;
import org.pageseeder.bridge.berlioz.auth.LoggedInAuthorizer;
import org.pageseeder.bridge.berlioz.auth.ProtectedRequest;
import org.pageseeder.bridge.berlioz.auth.User;

/* loaded from: input_file:org/pageseeder/bridge/berlioz/servlet/SecurityFilter.class */
public final class SecurityFilter implements Filter {
    public void init(FilterConfig filterConfig) {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doHttpFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    private void doHttpFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpSession session = httpServletRequest.getSession(true);
        Object attribute = session.getAttribute(AuthSessions.USER_ATTRIBUTE);
        if (attribute instanceof User) {
            if (LoggedInAuthorizer.getInstance().isUserAuthorized((User) attribute, httpServletRequest.getRequestURI()) == AuthorizationResult.AUTHORIZED) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            } else {
                httpServletResponse.sendError(403);
                return;
            }
        }
        String requestURI = httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            requestURI = requestURI + '?' + queryString;
        }
        session.setAttribute(AuthSessions.REQUEST_ATTRIBUTE, new ProtectedRequest(requestURI));
        httpServletResponse.setHeader("WWW-Authenticate", "FORM");
        httpServletResponse.sendError(401);
    }
}
