package com.evolveum.midpoint.authentication.impl.filter;

import com.evolveum.midpoint.authentication.api.AuthModule;
import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.AuthenticationModuleState;
import com.evolveum.midpoint.authentication.api.RemoveUnusedSecurityFilterPublisher;
import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.authentication.impl.MidpointProviderManager;
import com.evolveum.midpoint.authentication.impl.factory.channel.AuthChannelRegistryImpl;
import com.evolveum.midpoint.authentication.impl.factory.module.AuthModuleRegistryImpl;
import com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl;
import com.evolveum.midpoint.authentication.impl.module.configurer.ModuleWebSecurityConfigurer;
import com.evolveum.midpoint.authentication.impl.util.AuthModuleImpl;
import com.evolveum.midpoint.authentication.impl.util.AuthSequenceUtil;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.repo.common.SystemObjectCache;
import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModulesType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.6.2-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/filter/MidpointAuthFilter.class */
public class MidpointAuthFilter extends GenericFilterBean {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) MidpointAuthFilter.class);
    private final Map<Class<?>, Object> sharedObjects;

    @Autowired
    private ObjectPostProcessor<Object> objectObjectPostProcessor;

    @Autowired
    private SystemObjectCache systemObjectCache;

    @Autowired
    private AuthModuleRegistryImpl authModuleRegistry;

    @Autowired
    private AuthChannelRegistryImpl authChannelRegistry;

    @Autowired
    private MidpointProviderManager authenticationManager;

    @Autowired
    private TaskManager taskManager;

    @Autowired
    private RemoveUnusedSecurityFilterPublisher removeUnusedSecurityFilterPublisher;
    private volatile AuthenticationsPolicyType defaultAuthenticationPolicy;
    private final PreLogoutFilter preLogoutFilter = new PreLogoutFilter();
    private final Map<String, List<AuthModule>> authModulesOfSpecificSequences = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.6.2-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/filter/MidpointAuthFilter$AuthenticationWrapper.class */
    public class AuthenticationWrapper {
        AuthenticationsPolicyType authenticationsPolicy;
        List<AuthModule> authModules;
        AuthenticationChannel authenticationChannel;
        CredentialsPolicyType credentialsPolicy = null;
        PrismObject<SecurityPolicyType> securityPolicy = null;
        AuthenticationSequenceType sequence = null;

        private AuthenticationWrapper() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.6.2-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/filter/MidpointAuthFilter$VirtualFilterChain.class */
    public static class VirtualFilterChain implements FilterChain {
        private final FilterChain originalChain;
        private final List<Filter> additionalFilters;
        private final int size;
        private int currentPosition = 0;

        private VirtualFilterChain(FilterChain filterChain, List<Filter> list) {
            this.originalChain = filterChain;
            this.additionalFilters = list;
            this.size = list.size();
        }

        @Override // javax.servlet.FilterChain
        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            if (this.currentPosition == this.size) {
                if (MidpointAuthFilter.LOGGER.isDebugEnabled()) {
                    MidpointAuthFilter.LOGGER.debug(UrlUtils.buildRequestUrl((HttpServletRequest) servletRequest) + " reached end of additional filter chain; proceeding with original chain, if url is permit all");
                }
                if (servletResponse.isCommitted()) {
                    return;
                }
                this.originalChain.doFilter(servletRequest, servletResponse);
                return;
            }
            this.currentPosition++;
            Filter filter = this.additionalFilters.get(this.currentPosition - 1);
            if (MidpointAuthFilter.LOGGER.isDebugEnabled()) {
                MidpointAuthFilter.LOGGER.debug(UrlUtils.buildRequestUrl((HttpServletRequest) servletRequest) + " at position " + this.currentPosition + " of " + this.size + " in additional filter chain; firing Filter: '" + filter.getClass().getSimpleName() + "'");
            }
            filter.doFilter(servletRequest, servletResponse, this);
        }
    }

    public MidpointAuthFilter(Map<Class<?>, Object> map) {
        this.sharedObjects = map;
    }

    public PreLogoutFilter getPreLogoutFilter() {
        return this.preLogoutFilter;
    }

    public void createFilterForAuthenticatedRequest() {
        ((ModuleWebSecurityConfigurer) this.objectObjectPostProcessor.postProcess(new ModuleWebSecurityConfigurer(null))).setObjectPostProcessor(this.objectObjectPostProcessor);
    }

    private AuthenticationsPolicyType getDefaultAuthenticationPolicy(List<String> list) throws SchemaException {
        if (this.defaultAuthenticationPolicy == null) {
            this.defaultAuthenticationPolicy = SecurityPolicyUtil.createDefaultAuthenticationPolicy(list, PrismContext.get().getSchemaRegistry());
        }
        return this.defaultAuthenticationPolicy;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doFilterInternal(servletRequest, servletResponse, filterChain);
    }

    private void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        int indexOfActualProcessingModule;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        MidpointAuthentication midpointAuthentication = (MidpointAuthentication) SecurityContextHolder.getContext().getAuthentication();
        if (isPermitAllPage(httpServletRequest) && (midpointAuthentication == null || !midpointAuthentication.isAuthenticated())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        AuthenticationWrapper defineAuthenticationWrapper = defineAuthenticationWrapper();
        if (AuthSequenceUtil.isIgnoredLocalPath(defineAuthenticationWrapper.authenticationsPolicy, httpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        initializeAuthenticationSequence(midpointAuthentication, httpServletRequest, defineAuthenticationWrapper);
        if (defineAuthenticationWrapper.sequence == null) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException(getMessageSequenceIsNull(httpServletRequest, defineAuthenticationWrapper));
            LOGGER.error(illegalArgumentException.getMessage(), (Throwable) illegalArgumentException);
            ((HttpServletResponse) servletResponse).sendError(401, "web.security.provider.invalid");
            return;
        }
        setLogoutPath(servletRequest, servletResponse);
        defineAuthenticationWrapper.authenticationChannel = AuthSequenceUtil.buildAuthChannel(this.authChannelRegistry, defineAuthenticationWrapper.sequence);
        try {
            initAuthenticationModule(midpointAuthentication, defineAuthenticationWrapper, httpServletRequest);
            if (isRequestAuthenticated(midpointAuthentication, defineAuthenticationWrapper)) {
                processingOfAuthenticatedRequest(midpointAuthentication, httpServletRequest, servletResponse, filterChain);
                removingFiltersAfterProcessing(midpointAuthentication, httpServletRequest);
                return;
            }
            if (wasNotFoundAuthModule(defineAuthenticationWrapper)) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug(UrlUtils.buildRequestUrl(httpServletRequest) + "has no authentication module");
                }
                throw new AuthenticationServiceException("Couldn't find authentication module for sequence " + defineAuthenticationWrapper.sequence.getName());
            }
            resolveErrorWithMoreModules(midpointAuthentication, httpServletRequest);
            if (needCreateNewAuthenticationToken(midpointAuthentication, httpServletRequest)) {
                indexOfActualProcessingModule = initNewAuthenticationToken(defineAuthenticationWrapper, httpServletRequest);
                midpointAuthentication = (MidpointAuthentication) SecurityContextHolder.getContext().getAuthentication();
            } else {
                indexOfActualProcessingModule = getIndexOfActualProcessingModule(midpointAuthentication, httpServletRequest);
            }
            setAuthenticationChanel(midpointAuthentication, defineAuthenticationWrapper);
            runFilters(defineAuthenticationWrapper, indexOfActualProcessingModule, filterChain, httpServletRequest, servletResponse);
            removingFiltersAfterProcessing(midpointAuthentication, httpServletRequest);
        } catch (Throwable th) {
            removingFiltersAfterProcessing(midpointAuthentication, httpServletRequest);
            throw th;
        }
    }

    private void removingFiltersAfterProcessing(MidpointAuthentication midpointAuthentication, HttpServletRequest httpServletRequest) {
        if (AuthSequenceUtil.isSpecificSequence(httpServletRequest) || httpServletRequest.getSession(false) != null || midpointAuthentication == null) {
            return;
        }
        this.removeUnusedSecurityFilterPublisher.publishCustomEvent(midpointAuthentication);
    }

    private void clearAuthentication(HttpServletRequest httpServletRequest) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!AuthSequenceUtil.isSpecificSequence(httpServletRequest) && (authentication instanceof MidpointAuthentication)) {
            this.removeUnusedSecurityFilterPublisher.publishCustomEvent((MidpointAuthentication) authentication);
        }
        SecurityContextHolder.getContext().setAuthentication(null);
    }

    private void runFilters(AuthenticationWrapper authenticationWrapper, int i, FilterChain filterChain, HttpServletRequest httpServletRequest, ServletResponse servletResponse) throws ServletException, IOException {
        new VirtualFilterChain(filterChain, ((AuthModuleImpl) authenticationWrapper.authModules.get(i)).getSecurityFilterChain().getFilters()).doFilter(httpServletRequest, servletResponse);
    }

    private void setAuthenticationChanel(MidpointAuthentication midpointAuthentication, AuthenticationWrapper authenticationWrapper) {
        if (midpointAuthentication == null || midpointAuthentication.getAuthenticationChannel() != null) {
            return;
        }
        midpointAuthentication.setAuthenticationChannel(authenticationWrapper.authenticationChannel);
    }

    private int initNewAuthenticationToken(AuthenticationWrapper authenticationWrapper, HttpServletRequest httpServletRequest) {
        if (!AuthSequenceUtil.isSpecificSequence(httpServletRequest)) {
            return restartAuthFlow(httpServletRequest, authenticationWrapper);
        }
        createMpAuthentication(httpServletRequest, authenticationWrapper);
        return 0;
    }

    private boolean needCreateNewAuthenticationToken(MidpointAuthentication midpointAuthentication, HttpServletRequest httpServletRequest) {
        return AuthSequenceUtil.isSpecificSequence(httpServletRequest) || needRestartAuthFlow(getIndexOfActualProcessingModule(midpointAuthentication, httpServletRequest));
    }

    private void setLogoutPath(ServletRequest servletRequest, ServletResponse servletResponse) {
        getPreLogoutFilter().doFilter(servletRequest, servletResponse);
    }

    private boolean wasNotFoundAuthModule(AuthenticationWrapper authenticationWrapper) {
        return authenticationWrapper.authModules == null || authenticationWrapper.authModules.size() == 0;
    }

    private boolean isRequestAuthenticated(MidpointAuthentication midpointAuthentication, AuthenticationWrapper authenticationWrapper) {
        return midpointAuthentication != null && midpointAuthentication.isAuthenticated() && authenticationWrapper.sequence.equals(midpointAuthentication.getSequence());
    }

    private void initAuthenticationModule(MidpointAuthentication midpointAuthentication, AuthenticationWrapper authenticationWrapper, HttpServletRequest httpServletRequest) {
        if (!AuthSequenceUtil.isSpecificSequence(httpServletRequest)) {
            authenticationWrapper.authModules = createAuthenticationModuleBySequence(midpointAuthentication, authenticationWrapper.sequence, httpServletRequest, authenticationWrapper.authenticationsPolicy.getModules(), authenticationWrapper.authenticationChannel, authenticationWrapper.credentialsPolicy);
            return;
        }
        if (!this.authModulesOfSpecificSequences.containsKey(authenticationWrapper.sequence.getName())) {
            authenticationWrapper.authModules = createAuthenticationModuleBySequence(midpointAuthentication, authenticationWrapper.sequence, httpServletRequest, authenticationWrapper.authenticationsPolicy.getModules(), authenticationWrapper.authenticationChannel, authenticationWrapper.credentialsPolicy);
            this.authModulesOfSpecificSequences.put(authenticationWrapper.sequence.getName(), authenticationWrapper.authModules);
            return;
        }
        authenticationWrapper.authModules = this.authModulesOfSpecificSequences.get(authenticationWrapper.sequence.getName());
        if (authenticationWrapper.authModules != null) {
            for (AuthModule authModule : authenticationWrapper.authModules) {
                if (authModule != null && ((AuthModuleImpl) authModule).getConfiguration() != null) {
                    this.authenticationManager.getProviders().clear();
                    Iterator<AuthenticationProvider> it = ((AuthModuleImpl) authModule).getConfiguration().getAuthenticationProviders().iterator();
                    while (it.hasNext()) {
                        this.authenticationManager.getProviders().add(it.next());
                    }
                }
            }
        }
    }

    private String getMessageSequenceIsNull(HttpServletRequest httpServletRequest, AuthenticationWrapper authenticationWrapper) {
        String str = "Couldn't find sequence for URI '" + httpServletRequest.getRequestURI();
        return authenticationWrapper.securityPolicy != null ? str + "' in authentication of Security Policy with oid " + authenticationWrapper.securityPolicy.getOid() : str + "' in default authentication.";
    }

    private AuthenticationWrapper defineAuthenticationWrapper() {
        AuthenticationWrapper authenticationWrapper = new AuthenticationWrapper();
        try {
            authenticationWrapper.securityPolicy = getSecurityPolicy();
            authenticationWrapper.authenticationsPolicy = getAuthenticationPolicy(authenticationWrapper.securityPolicy);
            if (authenticationWrapper.securityPolicy != null) {
                authenticationWrapper.credentialsPolicy = authenticationWrapper.securityPolicy.asObjectable().getCredentials();
            }
        } catch (SchemaException e) {
            LOGGER.error("Couldn't load Authentication policy", (Throwable) e);
            try {
                authenticationWrapper.authenticationsPolicy = getDefaultAuthenticationPolicy(SecurityPolicyUtil.NO_CUSTOM_IGNORED_LOCAL_PATH);
            } catch (SchemaException e2) {
                LOGGER.error("Couldn't get default authentication policy");
                throw new IllegalArgumentException("Couldn't get default authentication policy", e);
            }
        }
        return authenticationWrapper;
    }

    private boolean isPermitAllPage(HttpServletRequest httpServletRequest) {
        return AuthSequenceUtil.isPermitAll(httpServletRequest) && !AuthSequenceUtil.isLoginPage(httpServletRequest);
    }

    private boolean needRestartAuthFlow(int i) {
        return i == -1;
    }

    private int restartAuthFlow(HttpServletRequest httpServletRequest, AuthenticationWrapper authenticationWrapper) {
        createMpAuthentication(httpServletRequest, authenticationWrapper);
        return ((MidpointAuthentication) SecurityContextHolder.getContext().getAuthentication()).resolveParallelModules(httpServletRequest, 0);
    }

    private void createMpAuthentication(HttpServletRequest httpServletRequest, AuthenticationWrapper authenticationWrapper) {
        MidpointAuthentication midpointAuthentication = new MidpointAuthentication(authenticationWrapper.sequence);
        midpointAuthentication.setAuthModules(authenticationWrapper.authModules);
        midpointAuthentication.setSessionId(httpServletRequest.getSession(false) != null ? httpServletRequest.getSession(false).getId() : RandomStringUtils.random(30, true, true).toUpperCase());
        midpointAuthentication.addAuthentications(authenticationWrapper.authModules.get(0).getBaseModuleAuthentication());
        clearAuthentication(httpServletRequest);
        SecurityContextHolder.getContext().setAuthentication(midpointAuthentication);
    }

    private void resolveErrorWithMoreModules(MidpointAuthentication midpointAuthentication, HttpServletRequest httpServletRequest) {
        if (existMoreAsOneAuthModule(midpointAuthentication)) {
            Exception exc = (Exception) httpServletRequest.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
            AuthSequenceUtil.saveException(httpServletRequest, new AuthenticationServiceException((exc == null || !StringUtils.isNotBlank(exc.getMessage())) ? "web.security.flexAuth.restart.flow" : exc.getMessage() + ";" + "web.security.flexAuth.restart.flow"));
        }
    }

    private boolean existMoreAsOneAuthModule(MidpointAuthentication midpointAuthentication) {
        return midpointAuthentication != null && midpointAuthentication.isAuthenticationFailed() && midpointAuthentication.getAuthModules().size() > 1;
    }

    private int getIndexOfActualProcessingModule(MidpointAuthentication midpointAuthentication, HttpServletRequest httpServletRequest) {
        int i = -1;
        if (SecurityContextHolder.getContext().getAuthentication() != null) {
            i = midpointAuthentication.resolveParallelModules(httpServletRequest, midpointAuthentication.getIndexOfProcessingModule(true));
        }
        return i;
    }

    private List<AuthModule> createAuthenticationModuleBySequence(MidpointAuthentication midpointAuthentication, AuthenticationSequenceType authenticationSequenceType, HttpServletRequest httpServletRequest, AuthenticationModulesType authenticationModulesType, AuthenticationChannel authenticationChannel, CredentialsPolicyType credentialsPolicyType) {
        List<AuthModule> authModules;
        if (processingDifferentAuthenticationSequence(midpointAuthentication, authenticationSequenceType)) {
            clearAuthentication(httpServletRequest);
            this.authenticationManager.getProviders().clear();
            authModules = AuthSequenceUtil.buildModuleFilters(this.authModuleRegistry, authenticationSequenceType, httpServletRequest, authenticationModulesType, credentialsPolicyType, this.sharedObjects, authenticationChannel);
        } else {
            authModules = midpointAuthentication.getAuthModules();
        }
        return authModules;
    }

    private boolean processingDifferentAuthenticationSequence(MidpointAuthentication midpointAuthentication, AuthenticationSequenceType authenticationSequenceType) {
        return midpointAuthentication == null || !authenticationSequenceType.equals(midpointAuthentication.getSequence());
    }

    private void initializeAuthenticationSequence(MidpointAuthentication midpointAuthentication, HttpServletRequest httpServletRequest, AuthenticationWrapper authenticationWrapper) {
        if (midpointAuthentication == null || !AuthSequenceUtil.isLoginPage(httpServletRequest)) {
            authenticationWrapper.sequence = AuthSequenceUtil.getSequenceByPath(httpServletRequest, authenticationWrapper.authenticationsPolicy, this.taskManager.getLocalNodeGroups());
        } else if (!midpointAuthentication.getAuthenticationChannel().getChannelId().equals(AuthSequenceUtil.findChannelByRequest(httpServletRequest)) && AuthSequenceUtil.getSequenceByPath(httpServletRequest, authenticationWrapper.authenticationsPolicy, this.taskManager.getLocalNodeGroups()) == null) {
            return;
        } else {
            authenticationWrapper.sequence = midpointAuthentication.getSequence();
        }
        if (isEqualChannelIdForAuthenticatedUser(midpointAuthentication, authenticationWrapper, httpServletRequest)) {
            changeLogoutToNewSequence(midpointAuthentication, authenticationWrapper, httpServletRequest);
            authenticationWrapper.sequence = midpointAuthentication.getSequence();
        }
    }

    private void changeLogoutToNewSequence(MidpointAuthentication midpointAuthentication, AuthenticationWrapper authenticationWrapper, HttpServletRequest httpServletRequest) {
        if (AuthSequenceUtil.isBasePathForSequence(httpServletRequest, authenticationWrapper.sequence)) {
            midpointAuthentication.getAuthenticationChannel().setPathAfterLogout(httpServletRequest.getServletPath());
            ModuleAuthenticationImpl moduleAuthenticationImpl = (ModuleAuthenticationImpl) AuthUtil.getAuthenticatedModule();
            if (moduleAuthenticationImpl != null) {
                moduleAuthenticationImpl.setInternalLogout(true);
            }
        }
    }

    private boolean isEqualChannelIdForAuthenticatedUser(MidpointAuthentication midpointAuthentication, AuthenticationWrapper authenticationWrapper, HttpServletRequest httpServletRequest) {
        return (midpointAuthentication == null || midpointAuthentication.getSequence() == null || midpointAuthentication.getSequence().equals(authenticationWrapper.sequence) || !midpointAuthentication.isAuthenticated() || ((authenticationWrapper.sequence == null || authenticationWrapper.sequence.getChannel() == null || !midpointAuthentication.getAuthenticationChannel().matchChannel(authenticationWrapper.sequence)) && !midpointAuthentication.getAuthenticationChannel().getChannelId().equals(AuthSequenceUtil.findChannelByRequest(httpServletRequest)))) ? false : true;
    }

    private AuthenticationsPolicyType getAuthenticationPolicy(PrismObject<SecurityPolicyType> prismObject) throws SchemaException {
        return (prismObject == null || prismObject.asObjectable().getAuthentication() == null) ? getDefaultAuthenticationPolicy(SecurityPolicyUtil.NO_CUSTOM_IGNORED_LOCAL_PATH) : (prismObject.asObjectable().getAuthentication().getSequence() == null || prismObject.asObjectable().getAuthentication().getSequence().isEmpty()) ? getDefaultAuthenticationPolicy(prismObject.asObjectable().getAuthentication().getIgnoredLocalPath()) : prismObject.asObjectable().getAuthentication();
    }

    private PrismObject<SecurityPolicyType> getSecurityPolicy() throws SchemaException {
        return this.systemObjectCache.getSecurityPolicy();
    }

    private void processingOfAuthenticatedRequest(MidpointAuthentication midpointAuthentication, ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        for (ModuleAuthentication moduleAuthentication : midpointAuthentication.getAuthentications()) {
            if (AuthenticationModuleState.SUCCESSFULLY.equals(moduleAuthentication.getState())) {
                new VirtualFilterChain(filterChain, ((AuthModuleImpl) midpointAuthentication.getAuthModules().get(midpointAuthentication.getIndexOfModule(moduleAuthentication))).getSecurityFilterChain().getFilters()).doFilter(servletRequest, servletResponse);
            }
        }
    }
}
