package com.digiwin.dap.middleware.autoconfigure.config;

import com.digiwin.dap.middleware.auth.handler.Http401UnauthorizedEntryPoint;
import com.digiwin.dap.middleware.constant.GlobalConstants;
import com.digiwin.dap.middleware.support.DapSecuritySupport;
import com.digiwin.dap.middleware.support.DefaultDapSecuritySupport;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

@EnableWebSecurity
@Configuration
/* loaded from: input_file:BOOT-INF/lib/dapware-core-spring-boot-starter-2.3.0.jar:com/digiwin/dap/middleware/autoconfigure/config/DapWebSecurityConfiguration.class */
public class DapWebSecurityConfiguration extends WebSecurityConfigurerAdapter implements ApplicationContextAware {
    private static final String[] AUTH_WHITELIST = {"/", "/*.html", "/**/*.js", "/**/*.css", "/**/*.html", "/favicon.ico", "/env", "/error", "/druid/**", "/**/actuator/**", "/api/dapware/v1/**", "/api/**/v2/env/**", GlobalConstants.INTERNAL_TOKEN_ANALYZE};

    @Value("${spring.application.name:}")
    private String appName;
    private DapSecuritySupport dapSecuritySupport;
    private Http401UnauthorizedEntryPoint http401UnauthorizedEntryPoint;

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.context.ApplicationContextAware
    public void setApplicationContext(ApplicationContext applicationContext) {
        super.setApplicationContext(applicationContext);
        this.http401UnauthorizedEntryPoint = new Http401UnauthorizedEntryPoint(this.appName);
        initDapSecuritySupport(applicationContext);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    public void configure(HttpSecurity httpSecurity) throws Exception {
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.cors().and()).csrf().disable()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll().antMatchers(AUTH_WHITELIST).permitAll().antMatchers(this.dapSecuritySupport.getWhiteList()).permitAll().anyRequest().authenticated().and()).exceptionHandling().authenticationEntryPoint(this.http401UnauthorizedEntryPoint);
        this.dapSecuritySupport.addCustomFilter(httpSecurity, authenticationManager());
    }

    private void initDapSecuritySupport(ApplicationContext applicationContext) {
        try {
            this.dapSecuritySupport = (DapSecuritySupport) applicationContext.getBean(DapSecuritySupport.class);
        } catch (NoSuchBeanDefinitionException e) {
            this.dapSecuritySupport = (DapSecuritySupport) applicationContext.getAutowireCapableBeanFactory().createBean(DefaultDapSecuritySupport.class);
        }
    }
}
