package pl.topteam.dps.config.security;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
import pl.topteam.dps.config.security.services.UserDetailsImpl;
import pl.topteam.dps.model.modul.systemowy.Zdarzenie;
import pl.topteam.dps.service.modul.socjalny.PracownikService;
import pl.topteam.dps.service.modul.systemowy.ZdarzenieService;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:pl/topteam/dps/config/security/WebSecurityConfig.class */
public class WebSecurityConfig {
    private final UserDetailsService userDetailsService;
    private final ZdarzenieService zdarzenieService;

    public WebSecurityConfig(UserDetailsService userDetailsService, ZdarzenieService zdarzenieService) {
        this.userDetailsService = userDetailsService;
        this.zdarzenieService = zdarzenieService;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(10);
    }

    @Bean
    public MethodSecurityExpressionHandler methodSecurityExpressionHandler(PracownikService pracownikService) {
        DefaultMethodSecurityExpressionHandler defaultMethodSecurityExpressionHandler = new DefaultMethodSecurityExpressionHandler() { // from class: pl.topteam.dps.config.security.WebSecurityConfig.1
            public StandardEvaluationContext createEvaluationContextInternal(Authentication authentication, MethodInvocation methodInvocation) {
                StandardEvaluationContext createEvaluationContextInternal = super.createEvaluationContextInternal(authentication, methodInvocation);
                createEvaluationContextInternal.getTypeLocator().registerImport("pl.topteam.dps.model.modul.systemowy");
                return createEvaluationContextInternal;
            }
        };
        defaultMethodSecurityExpressionHandler.setPermissionEvaluator(new CustomPermissionEvaluator(pracownikService));
        return defaultMethodSecurityExpressionHandler;
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        return (SecurityFilterChain) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.cors().and().formLogin().loginProcessingUrl("/api/auth/login").successHandler(new AuthenticationSuccessHandler() { // from class: pl.topteam.dps.config.security.WebSecurityConfig.5
            public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
                WebSecurityConfig.this.zdarzenieService.add(Zdarzenie.TypOperacji.LOGOWANIE, Zdarzenie.TypZasobu.PRACOWNIK, ((UserDetailsImpl) authentication.getPrincipal()).getUuid());
                httpServletResponse.setStatus(HttpStatus.OK.value());
                httpServletResponse.setContentType(MediaType.TEXT_PLAIN.toString());
                httpServletResponse.getWriter().println("OK");
                httpServletResponse.getWriter().flush();
            }
        }).failureHandler(new AuthenticationFailureHandler() { // from class: pl.topteam.dps.config.security.WebSecurityConfig.4
            public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
                httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
                httpServletResponse.setContentType(MediaType.TEXT_PLAIN.toString());
                httpServletResponse.getWriter().println("UNAUTHORIZED");
                httpServletResponse.getWriter().flush();
            }
        }).and().logout().logoutUrl("/api/auth/logout").permitAll().clearAuthentication(true).logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()).invalidateHttpSession(true).deleteCookies(new String[]{"JSESSIONID"}).and().exceptionHandling().authenticationEntryPoint(new AuthenticationEntryPoint() { // from class: pl.topteam.dps.config.security.WebSecurityConfig.3
            public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
                httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
                httpServletResponse.setContentType(MediaType.TEXT_PLAIN.toString());
                httpServletResponse.getWriter().println("DOSTĘP NIEAUTORYZOWANY");
                httpServletResponse.getWriter().flush();
            }
        }).accessDeniedHandler(new AccessDeniedHandler() { // from class: pl.topteam.dps.config.security.WebSecurityConfig.2
            public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException accessDeniedException) throws IOException, ServletException {
                httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
                httpServletResponse.setContentType(MediaType.TEXT_PLAIN.toString());
                httpServletResponse.getWriter().println("DOSTĘP ZABRONIONY");
                httpServletResponse.getWriter().flush();
            }
        }).and().authorizeRequests().antMatchers(new String[]{"/rpc/globals.js"})).permitAll().antMatchers(new String[]{"/api/auth/resetowanie-hasla/wysylanie-tokenu"})).permitAll().antMatchers(new String[]{"/api/auth/resetowanie-hasla/zmiana-hasla"})).permitAll().antMatchers(new String[]{"/api/auth/resetowanie-hasla/czy-skonfigurowano-resetowanie-hasla"})).permitAll().antMatchers(HttpMethod.GET, new String[]{"/api/dane-jednostki"})).permitAll().antMatchers(HttpMethod.GET, new String[]{"/api/manifest/*"})).permitAll().anyRequest()).authenticated().and().csrf().disable().authenticationProvider(authProvider()).build();
    }

    private DaoAuthenticationProvider authProvider() {
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
        daoAuthenticationProvider.setUserDetailsService(this.userDetailsService);
        return daoAuthenticationProvider;
    }
}
