package com.evolveum.midpoint.web.security;

import com.evolveum.midpoint.model.common.SystemObjectCache;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.SystemConfigurationTypeUtil;
import com.evolveum.midpoint.security.api.AuthorizationConstants;
import com.evolveum.midpoint.security.api.SecurityContextManager;
import com.evolveum.midpoint.security.enforcer.api.SecurityEnforcer;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.security.factory.channel.AuthChannelRegistryImpl;
import com.evolveum.midpoint.web.security.factory.module.AuthModuleRegistryImpl;
import com.evolveum.midpoint.web.security.filter.MidpointAnonymousAuthenticationFilter;
import com.evolveum.midpoint.web.security.filter.configurers.AuthFilterConfigurer;
import java.util.ArrayList;
import java.util.UUID;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.context.annotation.SessionScope;

@Configuration
@EnableWebSecurity
@Order(2147483641)
/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/security/BasicWebSecurityConfig.class */
public class BasicWebSecurityConfig extends WebSecurityConfigurerAdapter {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) BasicWebSecurityConfig.class);

    @Autowired
    private AuthModuleRegistryImpl authRegistry;

    @Autowired
    AuthChannelRegistryImpl authChannelRegistry;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private SystemObjectCache systemObjectCache;

    @Autowired
    private SessionRegistry sessionRegistry;
    private ObjectPostProcessor<Object> objectObjectPostProcessor;

    public BasicWebSecurityConfig() {
        super(true);
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor) {
        this.objectObjectPostProcessor = objectPostProcessor;
        super.setObjectPostProcessor(objectPostProcessor);
    }

    @Bean
    public MidPointGuiAuthorizationEvaluator accessDecisionManager(SecurityEnforcer securityEnforcer, SecurityContextManager securityContextManager, TaskManager taskManager) {
        return new MidPointGuiAuthorizationEvaluator(securityEnforcer, securityContextManager, taskManager);
    }

    @Bean
    public MidPointAuthenticationSuccessHandler authenticationSuccessHandler() {
        MidPointAuthenticationSuccessHandler midPointAuthenticationSuccessHandler = new MidPointAuthenticationSuccessHandler();
        midPointAuthenticationSuccessHandler.setUseReferer(true);
        midPointAuthenticationSuccessHandler.setDefaultTargetUrl(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL);
        return midPointAuthenticationSuccessHandler;
    }

    @Bean
    public AuditedLogoutHandler logoutHandler() {
        AuditedLogoutHandler auditedLogoutHandler = new AuditedLogoutHandler();
        auditedLogoutHandler.setDefaultTargetUrl("/");
        return auditedLogoutHandler;
    }

    @Bean
    public AuditedAccessDeniedHandler accessDeniedHandler() {
        return (AuditedAccessDeniedHandler) this.objectObjectPostProcessor.postProcess(new AuditedAccessDeniedHandler());
    }

    @Bean
    public AuthenticationEntryPoint authenticationEntryPoint() {
        return new WicketLoginUrlAuthenticationEntryPoint(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL);
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(WebSecurity webSecurity) throws Exception {
        super.configure(webSecurity);
        webSecurity.ignoring().antMatchers("/model/**");
        webSecurity.ignoring().requestMatchers(new RequestMatcher() { // from class: com.evolveum.midpoint.web.security.BasicWebSecurityConfig.1
            @Override // org.springframework.security.web.util.matcher.RequestMatcher
            public boolean matches(HttpServletRequest httpServletRequest) {
                AntPathMatcher antPathMatcher = new AntPathMatcher();
                boolean z = false;
                try {
                    z = SystemConfigurationTypeUtil.isExperimentalCodeEnabled(BasicWebSecurityConfig.this.systemObjectCache.getSystemConfiguration(new OperationResult("Load System Config")).asObjectable());
                } catch (SchemaException e) {
                    BasicWebSecurityConfig.LOGGER.error("Couldn't load system configuration", (Throwable) e);
                }
                return !(z && antPathMatcher.match("/ws/rest/**", httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()))) && antPathMatcher.match("/ws/**", httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()));
            }
        });
        webSecurity.ignoring().antMatchers("/rest/**");
        webSecurity.ignoring().antMatchers("/report");
        webSecurity.ignoring().antMatchers("/js/**");
        webSecurity.ignoring().antMatchers("/css/**");
        webSecurity.ignoring().antMatchers("/img/**");
        webSecurity.ignoring().antMatchers("/fonts/**");
        webSecurity.ignoring().antMatchers("/wro/**");
        webSecurity.ignoring().antMatchers("/static-web/**");
        webSecurity.ignoring().antMatchers("/less/**");
        webSecurity.ignoring().antMatchers("/wicket/resource/**");
        webSecurity.ignoring().antMatchers("/favicon.ico");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        new MidpointAnonymousAuthenticationFilter(this.authRegistry, this.authChannelRegistry, UUID.randomUUID().toString(), AuthorizationConstants.ANONYMOUS_USER_PRINCIPAL, AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
        httpSecurity.setSharedObject(AuthenticationTrustResolverImpl.class, new MidpointAuthenticationTrustResolverImpl());
        ((HttpSecurity) httpSecurity.addFilter((Filter) new WebAsyncManagerIntegrationFilter()).sessionManagement().and()).securityContext();
        httpSecurity.apply((HttpSecurity) new AuthFilterConfigurer());
        httpSecurity.sessionManagement().maximumSessions(-1).sessionRegistry(this.sessionRegistry).maxSessionsPreventsLogin(true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    @SessionScope
    @Bean
    public MidpointAuthenticationManager authenticationManager() throws Exception {
        return new MidpointProviderManager(new ArrayList());
    }

    @Bean
    public ServletListenerRegistrationBean httpSessionEventPublisher() {
        return new ServletListenerRegistrationBean(new HttpSessionEventPublisher());
    }
}
