package com.evolveum.midpoint.authentication.impl.filter;

import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.impl.util.AuthSequenceUtil;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.9.3.jar:com/evolveum/midpoint/authentication/impl/filter/RefuseUnauthenticatedRequestFilter.class */
public class RefuseUnauthenticatedRequestFilter extends OncePerRequestFilter {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) RefuseUnauthenticatedRequestFilter.class);

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (AuthSequenceUtil.isPermitAll(httpServletRequest) || AuthSequenceUtil.isLoginPage(httpServletRequest) || ((authentication instanceof MidpointAuthentication) && authentication.isAuthenticated())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            LOGGER.debug("Unauthenticated request");
            throw new AuthenticationServiceException("Unauthenticated request");
        }
    }
}
