package com.goldgov.kduck.security.principal.configuration;

import com.goldgov.kduck.dao.DeleteArchiveHandler;
import com.goldgov.kduck.security.principal.KduckSecurityPrincipalProperties;
import com.goldgov.kduck.security.principal.filter.AuthenticatedUserFilter;
import com.goldgov.kduck.security.principal.handler.SecurityDeleteArchiveHandler;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.web.filter.GenericFilterBean;

@EnableConfigurationProperties({KduckSecurityPrincipalProperties.SecurityOauth2ClientProviderProperties.class, KduckSecurityPrincipalProperties.SecurityOauth2ClientRegistrationProperties.class})
@Configuration
@Order(500)
/* loaded from: input_file:com/goldgov/kduck/security/principal/configuration/SecurityPrincipalConfiguration.class */
public class SecurityPrincipalConfiguration extends WebSecurityConfigurerAdapter {

    @Configuration
    @ConditionalOnClass({EnableResourceServer.class})
    @EnableResourceServer
    @ConditionalOnProperty(prefix = "kduck.security.oauth2.resServer", name = {"enabled"}, havingValue = "true")
    /* loaded from: input_file:com/goldgov/kduck/security/principal/configuration/SecurityPrincipalConfiguration$OAuthResourceServerConfiguration.class */
    public class OAuthResourceServerConfiguration extends ResourceServerConfigurerAdapter {
        public OAuthResourceServerConfiguration() {
        }

        public void configure(HttpSecurity httpSecurity) throws Exception {
            httpSecurity.addFilterBefore(SecurityPrincipalConfiguration.this.authenticatedUserFilter(), ExceptionTranslationFilter.class);
        }
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.addFilterAfter(authenticatedUserFilter(), ExceptionTranslationFilter.class);
    }

    @Bean
    public GenericFilterBean authenticatedUserFilter() {
        return new AuthenticatedUserFilter();
    }

    @ConditionalOnMissingBean({DeleteArchiveHandler.class})
    @Bean
    public DeleteArchiveHandler securityDeleteArchiveHandler() {
        return new SecurityDeleteArchiveHandler();
    }
}
