package cn.kduck.kduck.config;

import cn.kduck.kduck.client.UserResourceClient;
import cn.kduck.kduck.module.resource.service.ResourceService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.web.client.RestTemplate;

@EnableWebSecurity
/* loaded from: input_file:cn/kduck/kduck/config/OAuth2ResourceServerSecurityConfiguration.class */
public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    RestTemplate restTemplate;

    @Autowired
    GatewayProperties gatewayProperties;

    @Autowired
    private UserResourceClient userResourceClient;

    @Autowired
    private ResourceService resourceService;

    @Value("${server.servlet.context-path:}")
    private String contextPath;

    /* loaded from: input_file:cn/kduck/kduck/config/OAuth2ResourceServerSecurityConfiguration$MyObjectPostProcessor.class */
    private class MyObjectPostProcessor implements ObjectPostProcessor<FilterSecurityInterceptor> {
        private MyObjectPostProcessor() {
        }

        public <O extends FilterSecurityInterceptor> O postProcess(O o) {
            o.setSecurityMetadataSource(new CustomSecurityMetadataSource(o.getSecurityMetadataSource(), OAuth2ResourceServerSecurityConfiguration.this.resourceService, OAuth2ResourceServerSecurityConfiguration.this.contextPath));
            o.getAccessDecisionManager().getDecisionVoters().add(new ExpressionVoter(OAuth2ResourceServerSecurityConfiguration.this.userResourceClient));
            return o;
        }
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        DefaultBearerTokenResolver defaultBearerTokenResolver = new DefaultBearerTokenResolver();
        defaultBearerTokenResolver.setAllowUriQueryParameter(true);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeRequests().antMatchers(new String[]{"/favicon.ico", "/error", "/actuator/**", "/prometheus"})).permitAll().antMatchers(this.gatewayProperties.getSecurityIgnored())).permitAll().antMatchers(new String[]{"/**/swagger-resources/**", "/**/v2/api-docs/**", "/swagger-ui.html", "/doc.html", "/webjars/**"})).permitAll().withObjectPostProcessor(new MyObjectPostProcessor()).anyRequest()).authenticated().and().oauth2ResourceServer().bearerTokenResolver(defaultBearerTokenResolver).jwt();
    }
}
