package org.n52.security.service.authentication.servlet;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.axis.wsdl.symbolTable.SymbolTable;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.n52.security.authentication.AuthenticationContext;
import org.n52.security.authentication.AuthenticationContextUtil;
import org.n52.security.decision.DecisionService;
import org.n52.security.decision.PDPRequest;
import org.n52.security.decision.PDPRequestCollection;
import org.n52.security.decision.Target;
import org.n52.security.service.config.SecurityConfig;
import org.n52.security.service.config.ServiceConfig;
import org.n52.security.service.config.support.AbstractSecurityConfigServletFilter;

/* loaded from: input_file:lib/52n-security-wss-2.2-SNAPSHOT.jar:org/n52/security/service/authentication/servlet/AccessDecisionFilter.class */
public class AccessDecisionFilter extends AbstractSecurityConfigServletFilter {
    private static final Log LOG = LogFactory.getLog(AccessDecisionFilter.class);
    private static final String INIT_PARAM_RESOURCE_ID = "resourceIdPrefix";
    private static final String INIT_PARAM_ACTION_ID = "actionId";
    private String m_webappResourceIdPrefix;
    private String m_actionId;
    private DecisionService m_decisionService;

    @Override // org.n52.security.service.config.support.AbstractSecurityConfigServletFilter
    protected void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (isAccessPermitted(httpServletRequest, AuthenticationContextUtil.getCurrentAuthenticationContext())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.sendError(403, "access denied (no rights)");
        }
    }

    private boolean isAccessPermitted(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext) {
        String externalForm;
        if (this.m_webappResourceIdPrefix == null) {
            try {
                externalForm = new URL(httpServletRequest.getScheme(), httpServletRequest.getServerName(), httpServletRequest.getServerPort(), nullsafe(httpServletRequest.getContextPath()) + nullsafe(httpServletRequest.getServletPath()) + nullsafe(httpServletRequest.getPathInfo())).toExternalForm();
            } catch (MalformedURLException e) {
                throw new IllegalStateException("can't create valid access url:" + e, e);
            }
        } else {
            externalForm = this.m_webappResourceIdPrefix + nullsafe(httpServletRequest.getServletPath()) + nullsafe(httpServletRequest.getPathInfo());
        }
        if (LOG.isTraceEnabled()) {
            LOG.trace("check access to resource <" + externalForm + SymbolTable.ANON_TOKEN);
        }
        String method = this.m_actionId == null ? httpServletRequest.getMethod() : this.m_actionId;
        try {
            return this.m_decisionService.request(new PDPRequestCollection().add(new PDPRequest((authenticationContext == null || authenticationContext.getSubject() == null) ? new Target(externalForm, method) : new Target(authenticationContext.getSubject(), externalForm, method)))).iterator().next().isPermit();
        } catch (Throwable th) {
            if (!LOG.isErrorEnabled()) {
                return false;
            }
            LOG.error("error on checking access of ressource <" + externalForm + "> blocking access! Error: " + th, th);
            return false;
        }
    }

    private String nullsafe(String str) {
        return str == null ? "" : str;
    }

    @Override // org.n52.security.service.config.support.AbstractSecurityConfigServletFilter
    protected void init(FilterConfig filterConfig, ServiceConfig serviceConfig, SecurityConfig securityConfig) {
        this.m_webappResourceIdPrefix = (String) parameterLookup(filterConfig, serviceConfig, INIT_PARAM_RESOURCE_ID);
        this.m_actionId = (String) parameterLookup(filterConfig, serviceConfig, INIT_PARAM_ACTION_ID);
        if (this.m_actionId == null || this.m_actionId.length() == 0) {
            this.m_actionId = null;
        }
        if (serviceConfig.getDecisionService() == null) {
            throw new IllegalStateException("no decision service configured for security service <" + getServiceName() + SymbolTable.ANON_TOKEN);
        }
        this.m_decisionService = serviceConfig.getDecisionService();
    }

    @Override // org.n52.security.service.config.support.AbstractSecurityConfigServletFilter, javax.servlet.Filter
    public void destroy() {
        super.destroy();
        this.m_actionId = null;
        this.m_webappResourceIdPrefix = null;
        this.m_decisionService = null;
    }
}
