package com.evolveum.midpoint.authentication.impl.configuration;

import com.evolveum.midpoint.authentication.impl.MidpointAuthenticationTrustResolverImpl;
import com.evolveum.midpoint.authentication.impl.MidpointProviderManager;
import com.evolveum.midpoint.authentication.impl.MidpointSecurityContext;
import com.evolveum.midpoint.authentication.impl.authorization.evaluator.MidPointGuiAuthorizationEvaluator;
import com.evolveum.midpoint.authentication.impl.entry.point.WicketLoginUrlAuthenticationEntryPoint;
import com.evolveum.midpoint.authentication.impl.factory.channel.AuthChannelRegistryImpl;
import com.evolveum.midpoint.authentication.impl.filter.configurers.AuthFilterConfigurer;
import com.evolveum.midpoint.authentication.impl.handler.AuditedAccessDeniedHandler;
import com.evolveum.midpoint.authentication.impl.handler.AuditedLogoutHandler;
import com.evolveum.midpoint.authentication.impl.handler.MidPointAuthenticationSuccessHandler;
import com.evolveum.midpoint.authentication.impl.session.SessionAndRequestScope;
import com.evolveum.midpoint.authentication.impl.util.AuthSequenceUtil;
import com.evolveum.midpoint.security.api.SecurityContextManager;
import com.evolveum.midpoint.security.enforcer.api.SecurityEnforcer;
import com.evolveum.midpoint.task.api.TaskManager;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
import org.springframework.security.web.session.HttpSessionEventPublisher;

@DependsOn({"initialSecurityConfiguration"})
@Configuration
@EnableWebSecurity
@Order(2147483641)
/* loaded from: input_file:WEB-INF/lib/authentication-impl-4.6-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/configuration/MidpointWebSecurityConfigurerAdapter.class */
public class MidpointWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    @Autowired
    private AuthChannelRegistryImpl authChannelRegistry;

    @Autowired
    private SessionRegistry sessionRegistry;
    private ObjectPostProcessor<Object> objectObjectPostProcessor;

    public MidpointWebSecurityConfigurerAdapter() {
        super(true);
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    @Autowired
    public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor) {
        this.objectObjectPostProcessor = objectPostProcessor;
        super.setObjectPostProcessor(objectPostProcessor);
    }

    @Bean
    public MidPointGuiAuthorizationEvaluator accessDecisionManager(SecurityEnforcer securityEnforcer, SecurityContextManager securityContextManager, TaskManager taskManager) {
        return new MidPointGuiAuthorizationEvaluator(securityEnforcer, securityContextManager, taskManager);
    }

    @Bean
    public MidPointAuthenticationSuccessHandler authenticationSuccessHandler() {
        MidPointAuthenticationSuccessHandler midPointAuthenticationSuccessHandler = new MidPointAuthenticationSuccessHandler();
        midPointAuthenticationSuccessHandler.setUseReferer(true);
        midPointAuthenticationSuccessHandler.setDefaultTargetUrl(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL);
        return midPointAuthenticationSuccessHandler;
    }

    @Bean
    public AuditedLogoutHandler logoutHandler() {
        AuditedLogoutHandler auditedLogoutHandler = new AuditedLogoutHandler();
        auditedLogoutHandler.setDefaultTargetUrl("/");
        return auditedLogoutHandler;
    }

    @Bean
    public AuditedAccessDeniedHandler accessDeniedHandler() {
        return (AuditedAccessDeniedHandler) this.objectObjectPostProcessor.postProcess(new AuditedAccessDeniedHandler());
    }

    @Bean
    public AuthenticationEntryPoint authenticationEntryPoint() {
        return new WicketLoginUrlAuthenticationEntryPoint(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    @SessionAndRequestScope
    @Bean
    public MidpointProviderManager authenticationManager() throws Exception {
        return new MidpointProviderManager();
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(WebSecurity webSecurity) throws Exception {
        super.configure(webSecurity);
        webSecurity.ignoring().antMatchers("/model/**");
        webSecurity.ignoring().antMatchers("/report");
        webSecurity.ignoring().antMatchers("/js/**");
        webSecurity.ignoring().antMatchers("/css/**");
        webSecurity.ignoring().antMatchers("/img/**");
        webSecurity.ignoring().antMatchers("/fonts/**");
        webSecurity.ignoring().antMatchers("/static/**");
        webSecurity.ignoring().antMatchers("/static-web/**");
        webSecurity.ignoring().antMatchers("/less/**");
        webSecurity.ignoring().antMatchers("/wicket/resource/**");
        webSecurity.ignoring().antMatchers("/favicon.ico");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.setSharedObject(AuthenticationTrustResolverImpl.class, new MidpointAuthenticationTrustResolverImpl());
        ((HttpSecurity) httpSecurity.addFilter((Filter) new WebAsyncManagerIntegrationFilter()).sessionManagement().and()).securityContext();
        httpSecurity.apply((HttpSecurity) new AuthFilterConfigurer());
        createSessionContextRepository(httpSecurity);
        httpSecurity.sessionManagement().maximumSessions(-1).sessionRegistry(this.sessionRegistry).maxSessionsPreventsLogin(true);
    }

    private void createSessionContextRepository(HttpSecurity httpSecurity) {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository() { // from class: com.evolveum.midpoint.authentication.impl.configuration.MidpointWebSecurityConfigurerAdapter.1
            @Override // org.springframework.security.web.context.HttpSessionSecurityContextRepository, org.springframework.security.web.context.SecurityContextRepository
            public void saveContext(SecurityContext securityContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
                if (AuthSequenceUtil.isRecordSessionLessAccessChannel(httpServletRequest)) {
                    return;
                }
                super.saveContext(securityContext, httpServletRequest, httpServletResponse);
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.springframework.security.web.context.HttpSessionSecurityContextRepository
            public SecurityContext generateNewContext() {
                return new MidpointSecurityContext(super.generateNewContext());
            }
        };
        httpSessionSecurityContextRepository.setDisableUrlRewriting(true);
        AuthenticationTrustResolver authenticationTrustResolver = (AuthenticationTrustResolver) httpSecurity.getSharedObject(AuthenticationTrustResolver.class);
        if (authenticationTrustResolver != null) {
            httpSessionSecurityContextRepository.setTrustResolver(authenticationTrustResolver);
        }
        httpSecurity.setSharedObject(SecurityContextRepository.class, httpSessionSecurityContextRepository);
    }

    @Bean
    public ServletListenerRegistrationBean httpSessionEventPublisher() {
        return new ServletListenerRegistrationBean(new HttpSessionEventPublisher());
    }
}
