package io.github.watertao.veigar.session.filter;

import io.github.watertao.veigar.core.exception.ForbiddenException;
import io.github.watertao.veigar.core.util.HttpRequestHelper;
import io.github.watertao.veigar.session.api.AuthObjHolder;
import io.github.watertao.veigar.session.api.ResourceHolder;
import io.github.watertao.veigar.session.spi.AuthenticationObject;
import io.github.watertao.veigar.session.spi.Resource;
import io.github.watertao.veigar.session.spi.SecurityHandler;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.Ordered;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:io/github/watertao/veigar/session/filter/SecurityFilter.class */
public class SecurityFilter extends GenericFilterBean implements Ordered {

    @Autowired
    private SecurityHandler securityHandler;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String trimRequestContextPath = HttpRequestHelper.trimRequestContextPath(httpServletRequest);
        Resource identifyResource = this.securityHandler.identifyResource(httpServletRequest.getMethod(), trimRequestContextPath, AuthObjHolder.getAuthObj(httpServletRequest));
        if (identifyResource == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        ResourceHolder.setResource(httpServletRequest, identifyResource);
        if (httpServletRequest.getSession() == null) {
            throw new ForbiddenException("未登陆");
        }
        AuthenticationObject authObj = AuthObjHolder.getAuthObj(httpServletRequest);
        if (authObj == null) {
            throw new ForbiddenException("未登录");
        }
        if (!hasAttribute(authObj.getAttributes(), identifyResource.getAttributes())) {
            throw new ForbiddenException("权限不足");
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private boolean hasAttribute(List<String> list, List<String> list2) {
        if (list2 == null || list2.size() == 0 || list == null || list.size() == 0) {
            return false;
        }
        boolean z = false;
        for (String str : list) {
            Iterator<String> it = list2.iterator();
            while (true) {
                if (it.hasNext()) {
                    String next = it.next();
                    if (str != null && str.equals(next)) {
                        z = true;
                        break;
                    }
                }
            }
        }
        return z;
    }

    public int getOrder() {
        return 1030;
    }
}
