package com.goldgov.origin.security;

import com.goldgov.origin.security.authentication.OriginAuthenticationProvider;
import com.goldgov.origin.security.authentication.remote.RemoteAuthenticationProvider;
import com.goldgov.origin.security.filter.remote.RemoteAuthenticationFilter;
import freemarker.ext.beans.BeansWrapper;
import freemarker.template.Configuration;
import java.util.ArrayList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Configurable;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.support.ErrorPageFilter;
import org.springframework.context.ApplicationListener;
import org.springframework.context.annotation.Bean;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer;

@Configurable
@EnableGlobalMethodSecurity(securedEnabled = true)
/* loaded from: input_file:com/goldgov/origin/security/WebSecurityConfiguration.class */
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter implements ApplicationListener<ContextRefreshedEvent> {

    @Value("${security.enable-csrf:true}")
    private boolean enableCsrf;

    @Autowired(required = false)
    private OriginAuthenticationProvider authenticationProvider;

    @Autowired(required = false)
    private AccessDecisionManager accessDecisionManager;

    @Value("${security.http.default-success-url:/main}")
    private String defaultSuccessUrl;

    @Value("${security.http.failure-url:/login?error}")
    private String failureUrl;

    @Value("${security.http.default-success-url.always-use:true}")
    private boolean alwaysUse;

    @Autowired(required = false)
    private RememberMeUserDetailsService rememberMeUserDetailsService;

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        if (this.authenticationProvider == null) {
            authenticationManagerBuilder.authenticationProvider(defaultAuthenticationProvider());
        } else {
            authenticationManagerBuilder.authenticationProvider(this.authenticationProvider);
        }
        authenticationManagerBuilder.authenticationProvider(new RemoteAuthenticationProvider());
    }

    @ConditionalOnMissingBean({OriginAuthenticationProvider.class})
    @Bean
    public AuthenticationProvider defaultAuthenticationProvider() {
        return new DefaultAuthenticationProvider();
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().requestMatchers(new RequestMatcher[]{new InternalRequestMatcher()});
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        if (!this.enableCsrf) {
            httpSecurity.csrf().disable();
        }
        httpSecurity.headers().frameOptions().disable();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated().and().formLogin().loginPage("/login").defaultSuccessUrl(this.defaultSuccessUrl, this.alwaysUse).failureUrl(this.failureUrl).usernameParameter("username").passwordParameter("password").permitAll().successHandler(new SaveAuthenticationSessionSuccessHandler()).and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET")).permitAll();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/**"})).access("IS_AUTHENTICATED_ANONYMOUSLY");
        if (this.accessDecisionManager != null) {
            httpSecurity.authorizeRequests().accessDecisionManager(this.accessDecisionManager);
        }
        if (this.rememberMeUserDetailsService != null) {
            httpSecurity.rememberMe().rememberMeParameter("remember-me").userDetailsService(this.rememberMeUserDetailsService);
        }
        httpSecurity.addFilterAfter(new RemoteAuthenticationFilter(), RememberMeAuthenticationFilter.class);
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    public void onApplicationEvent(ContextRefreshedEvent contextRefreshedEvent) {
        FreeMarkerConfigurer freeMarkerConfigurer = (FreeMarkerConfigurer) contextRefreshedEvent.getApplicationContext().getBean(FreeMarkerConfigurer.class);
        freeMarkerConfigurer.getTaglibFactory().setObjectWrapper(new BeansWrapper(Configuration.VERSION_2_3_25));
        ArrayList arrayList = new ArrayList();
        arrayList.add("/META-INF/security.tld");
        freeMarkerConfigurer.getTaglibFactory().setClasspathTlds(arrayList);
    }

    @Bean
    public ErrorPageFilter errorPageFilter() {
        return new ErrorPageFilter();
    }

    @Bean
    public FilterRegistrationBean disableSpringBootErrorFilter(ErrorPageFilter errorPageFilter) {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(errorPageFilter);
        filterRegistrationBean.setEnabled(false);
        return filterRegistrationBean;
    }
}
