package eu.openanalytics;

import eu.openanalytics.auth.AuthenticationConfigurationFactory;
import eu.openanalytics.auth.LogoutHandler;
import eu.openanalytics.services.AppService;
import eu.openanalytics.services.UserService;
import java.util.Arrays;
import javax.inject.Inject;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:eu/openanalytics/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Inject
    LogoutHandler logoutHandler;

    @Inject
    Environment environment;

    @Inject
    AppService appService;

    @Inject
    UserService userService;

    @Configuration
    /* loaded from: input_file:eu/openanalytics/WebSecurityConfig$AuthenticationConfiguration.class */
    protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter {

        @Inject
        private Environment environment;

        protected AuthenticationConfiguration() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
        public void init(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            AuthenticationConfigurationFactory.configure(authenticationManagerBuilder, this.environment);
        }
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers("/css/**").and().ignoring().antMatchers("/webjars/**");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((HttpSecurity) httpSecurity.csrf().disable()).headers().frameOptions().disable();
        if (AuthenticationConfigurationFactory.hasAuth(this.environment)) {
            httpSecurity.authorizeRequests().antMatchers("/login").permitAll();
            for (AppService.ShinyApp shinyApp : this.appService.getApps()) {
                if (shinyApp.getGroups() != null && shinyApp.getGroups().length != 0) {
                    httpSecurity.authorizeRequests().antMatchers("/app/" + shinyApp.getName()).hasAnyRole((String[]) Arrays.stream(shinyApp.getGroups()).map(str -> {
                        return str.toUpperCase();
                    }).toArray(i -> {
                        return new String[i];
                    }));
                }
            }
            httpSecurity.authorizeRequests().antMatchers("/admin").hasAnyRole(this.userService.getAdminRoles());
            httpSecurity.authorizeRequests().anyRequest().fullyAuthenticated();
            ((HttpSecurity) httpSecurity.formLogin().loginPage("/login").and()).logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessHandler(this.logoutHandler).logoutSuccessUrl("/login");
        }
    }
}
