package eu.openanalytics;

import eu.openanalytics.components.LogoutHandler;
import eu.openanalytics.services.AppService;
import javax.inject.Inject;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:eu/openanalytics/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Inject
    LogoutHandler logoutHandler;

    @Inject
    AppService appService;

    @Configuration
    /* loaded from: input_file:eu/openanalytics/WebSecurityConfig$AuthenticationConfiguration.class */
    protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter {

        @Inject
        private Environment environment;

        protected AuthenticationConfiguration() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
        public void init(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            if (null != this.environment.getProperty("shiny.proxy.ldap.manager-dn")) {
                authenticationManagerBuilder.ldapAuthentication().userDnPatterns("uid={0}").groupSearchBase(this.environment.getProperty("shiny.proxy.ldap.group-search-base")).contextSource().url(this.environment.getProperty("shiny.proxy.ldap.url")).managerPassword(this.environment.getProperty("shiny.proxy.ldap.manager-password")).managerDn(this.environment.getProperty("shiny.proxy.ldap.manager-dn"));
            } else {
                authenticationManagerBuilder.ldapAuthentication().userDnPatterns("uid={0}").contextSource().url(this.environment.getProperty("shiny.proxy.ldap.url"));
            }
        }
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers("/css/**").and().ignoring().antMatchers("/webjars/**");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
        httpSecurity.authorizeRequests().antMatchers("/login").permitAll();
        for (AppService.ShinyApp shinyApp : this.appService.getApps()) {
            httpSecurity.authorizeRequests().antMatchers("/app/" + shinyApp.getName()).hasAnyRole(this.appService.getAppRoles(shinyApp.getName()));
        }
        httpSecurity.authorizeRequests().anyRequest().fullyAuthenticated();
        ((HttpSecurity) ((HttpSecurity) httpSecurity.formLogin().loginPage("/login").and()).logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessHandler(this.logoutHandler).logoutSuccessUrl("/login").and()).headers().frameOptions().sameOrigin();
    }
}
