package com.evolveum.midpoint.web.security;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.security.web.csrf.MissingCsrfTokenException;

/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/security/MidPointAccessDeniedHandler.class */
public class MidPointAccessDeniedHandler implements AccessDeniedHandler {
    private AccessDeniedHandler defaultHandler = new AccessDeniedHandlerImpl();

    @Override // org.springframework.security.web.access.AccessDeniedHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        if (httpServletResponse.isCommitted()) {
            return;
        }
        if (isLoginLogoutRequest(httpServletRequest) && (accessDeniedException instanceof MissingCsrfTokenException)) {
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath());
        } else {
            this.defaultHandler.handle(httpServletRequest, httpServletResponse, accessDeniedException);
        }
    }

    private boolean isLoginLogoutRequest(HttpServletRequest httpServletRequest) {
        if (!"post".equalsIgnoreCase(httpServletRequest.getMethod())) {
            return false;
        }
        String requestURI = httpServletRequest.getRequestURI();
        return createUri(httpServletRequest, "/j_spring_security_logout").equals(requestURI) || createUri(httpServletRequest, "/spring_security_login").equals(requestURI);
    }

    private String createUri(HttpServletRequest httpServletRequest, String str) {
        StringBuilder sb = new StringBuilder();
        String contextPath = httpServletRequest.getServletContext().getContextPath();
        if (StringUtils.isNotEmpty(contextPath)) {
            sb.append(contextPath);
        }
        sb.append(str);
        return sb.toString();
    }
}
