package org.geoserver.security.filter;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.geoserver.security.config.ExceptionTranslationFilterConfig;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/main-2.4-SNAPSHOT.jar:org/geoserver/security/filter/GeoServerExceptionTranslationFilter.class */
public class GeoServerExceptionTranslationFilter extends GeoServerCompositeFilter {

    /* loaded from: input_file:WEB-INF/lib/main-2.4-SNAPSHOT.jar:org/geoserver/security/filter/GeoServerExceptionTranslationFilter$DynamicAuthenticationEntryPoint.class */
    public static class DynamicAuthenticationEntryPoint implements AuthenticationEntryPoint {
        protected AuthenticationEntryPoint defaultEntryPoint = new Http403ForbiddenEntryPoint();
        protected AuthenticationEntryPoint entryEntryPoint = null;

        public AuthenticationEntryPoint getEntryEntryPoint() {
            return this.entryEntryPoint;
        }

        public void setEntryEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
            this.entryEntryPoint = authenticationEntryPoint;
        }

        @Override // org.springframework.security.web.AuthenticationEntryPoint
        public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
            AuthenticationEntryPoint authenticationEntryPoint = (AuthenticationEntryPoint) httpServletRequest.getAttribute(GeoServerSecurityFilter.AUTHENTICATION_ENTRY_POINT_HEADER);
            if (authenticationEntryPoint != null) {
                httpServletRequest.removeAttribute(GeoServerSecurityFilter.AUTHENTICATION_ENTRY_POINT_HEADER);
            }
            if (getEntryEntryPoint() != null) {
                getEntryEntryPoint().commence(httpServletRequest, httpServletResponse, authenticationException);
            } else if (authenticationEntryPoint != null) {
                authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, authenticationException);
            } else {
                this.defaultEntryPoint.commence(httpServletRequest, httpServletResponse, authenticationException);
            }
        }
    }

    @Override // org.geoserver.security.impl.AbstractGeoServerSecurityService, org.geoserver.security.GeoServerSecurityService
    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        super.initializeFromConfig(securityNamedServiceConfig);
        ExceptionTranslationFilterConfig exceptionTranslationFilterConfig = (ExceptionTranslationFilterConfig) securityNamedServiceConfig;
        DynamicAuthenticationEntryPoint dynamicAuthenticationEntryPoint = new DynamicAuthenticationEntryPoint();
        if (StringUtils.hasLength(exceptionTranslationFilterConfig.getAuthenticationFilterName())) {
            dynamicAuthenticationEntryPoint.setEntryEntryPoint(getSecurityManager().loadFilter(exceptionTranslationFilterConfig.getAuthenticationFilterName()).getAuthenticationEntryPoint());
        }
        HttpSessionRequestCache httpSessionRequestCache = new HttpSessionRequestCache();
        httpSessionRequestCache.setCreateSessionAllowed(false);
        ExceptionTranslationFilter exceptionTranslationFilter = new ExceptionTranslationFilter(dynamicAuthenticationEntryPoint, httpSessionRequestCache);
        if (StringUtils.hasLength(exceptionTranslationFilterConfig.getAccessDeniedErrorPage())) {
            AccessDeniedHandlerImpl accessDeniedHandlerImpl = new AccessDeniedHandlerImpl();
            accessDeniedHandlerImpl.setErrorPage(exceptionTranslationFilterConfig.getAccessDeniedErrorPage());
            exceptionTranslationFilter.setAccessDeniedHandler(accessDeniedHandlerImpl);
        }
        exceptionTranslationFilter.afterPropertiesSet();
        getNestedFilters().add(exceptionTranslationFilter);
    }
}
