package grails.plugin.springsecurity.web.access;

import grails.plugin.springsecurity.ReflectionUtils;
import grails.plugin.springsecurity.SpringSecurityUtils;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.PortResolver;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/classes/grails/plugin/springsecurity/web/access/AjaxAwareAccessDeniedHandler.class */
public class AjaxAwareAccessDeniedHandler implements AccessDeniedHandler, InitializingBean {
    protected String errorPage;
    protected String ajaxErrorPage;
    protected PortResolver portResolver;
    protected AuthenticationTrustResolver authenticationTrustResolver;
    protected RequestCache requestCache;
    private final Logger log = LoggerFactory.getLogger(getClass());
    protected boolean useForward = true;

    @Override // org.springframework.security.web.access.AccessDeniedHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        String str;
        if (accessDeniedException != null && isLoggedIn() && this.authenticationTrustResolver.isRememberMe(getAuthentication())) {
            this.requestCache.saveRequest(httpServletRequest, httpServletResponse);
        }
        if (httpServletResponse.isCommitted()) {
            this.log.trace("response is committed");
            return;
        }
        boolean z = this.ajaxErrorPage != null && SpringSecurityUtils.isAjax(httpServletRequest);
        if (this.errorPage == null && !z) {
            this.log.trace("Sending 403 for non-Ajax request without errorPage specified");
            httpServletResponse.sendError(403, accessDeniedException.getMessage());
            return;
        }
        if (this.useForward && (this.errorPage != null || z)) {
            this.log.trace("Forwarding to error page");
            httpServletRequest.setAttribute(WebAttributes.ACCESS_DENIED_403, accessDeniedException);
            httpServletResponse.setStatus(403);
            httpServletRequest.getRequestDispatcher(z ? this.ajaxErrorPage : this.errorPage).forward(httpServletRequest, httpServletResponse);
            return;
        }
        String grailsServerURL = ReflectionUtils.getGrailsServerURL();
        if (grailsServerURL == null) {
            boolean z2 = true;
            String scheme = httpServletRequest.getScheme();
            String serverName = httpServletRequest.getServerName();
            int serverPort = this.portResolver.getServerPort(httpServletRequest);
            String contextPath = httpServletRequest.getContextPath();
            boolean equals = "http".equals(scheme.toLowerCase());
            boolean equals2 = "https".equals(scheme.toLowerCase());
            if (equals && serverPort == 80) {
                z2 = false;
            } else if (equals2 && serverPort == 443) {
                z2 = false;
            }
            str = scheme + "://" + serverName + (z2 ? ":" + serverPort : "") + contextPath;
        } else {
            str = grailsServerURL;
        }
        if (z) {
            str = str + this.ajaxErrorPage;
        } else if (this.errorPage != null) {
            str = str + this.errorPage;
        }
        String encodeRedirectURL = httpServletResponse.encodeRedirectURL(str);
        this.log.trace("Redirecting to {}", encodeRedirectURL);
        httpServletResponse.sendRedirect(encodeRedirectURL);
    }

    protected Authentication getAuthentication() {
        if (SecurityContextHolder.getContext() == null) {
            return null;
        }
        return SecurityContextHolder.getContext().getAuthentication();
    }

    protected boolean isLoggedIn() {
        Authentication authentication = getAuthentication();
        return (authentication == null || this.authenticationTrustResolver.isAnonymous(authentication)) ? false : true;
    }

    public void setErrorPage(String str) {
        Assert.isTrue(str == null || str.startsWith("/"), "ErrorPage must begin with '/'");
        this.errorPage = str;
    }

    public void setAjaxErrorPage(String str) {
        Assert.isTrue(str == null || str.startsWith("/"), "Ajax ErrorPage must begin with '/'");
        this.ajaxErrorPage = str;
    }

    public void setPortResolver(PortResolver portResolver) {
        this.portResolver = portResolver;
    }

    public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
        this.authenticationTrustResolver = authenticationTrustResolver;
    }

    public void setUseForward(boolean z) {
        this.useForward = z;
    }

    public void setRequestCache(RequestCache requestCache) {
        this.requestCache = requestCache;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        Assert.notNull(this.portResolver, "portResolver is required");
        Assert.notNull(this.authenticationTrustResolver, "authenticationTrustResolver is required");
        Assert.notNull(this.requestCache, "requestCache is required");
    }
}
