package com.atlassian.jira.security;

import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.security.login.LoginManager;
import com.atlassian.jira.startup.JiraStartupChecklist;
import com.atlassian.jira.web.filters.johnson.ServiceUnavailableResponder;
import com.atlassian.sal.api.user.UserRole;
import com.atlassian.seraph.config.SecurityConfigFactory;
import com.atlassian.seraph.filter.SecurityFilter;
import com.atlassian.seraph.util.RedirectUtils;
import java.io.IOException;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/security/JiraSecurityFilter.class */
public class JiraSecurityFilter extends SecurityFilter {
    private static final Logger log = LoggerFactory.getLogger(JiraSecurityFilter.class);

    public void init(FilterConfig filterConfig) {
        log.debug("Initing JIRA security filter");
        init(filterConfig, true);
        log.debug("JIRA security filter inited");
    }

    protected void init(FilterConfig filterConfig, boolean z) {
        if (!z || JiraStartupChecklist.startupOK()) {
            super.init(filterConfig);
        }
    }

    protected String getLoginUrl(HttpServletRequest httpServletRequest, Set<String> set) {
        UserRole userRole = null;
        if (set.contains(Permissions.getShortName(44))) {
            userRole = UserRole.SYSADMIN;
        } else if (set.contains(Permissions.getShortName(0))) {
            userRole = UserRole.ADMIN;
        }
        String loginURL = SecurityConfigFactory.getInstance().getLoginURL(userRole != null, false);
        if (userRole != null) {
            loginURL = loginURL.replaceAll("\\$\\{userRole\\}", userRole.toString());
        }
        return RedirectUtils.getLoginURL(loginURL, httpServletRequest);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (ComponentAccessor.getComponentSafely(LoginManager.class).isPresent()) {
            super.doFilter(servletRequest, servletResponse, filterChain);
        } else {
            rejectWith503((HttpServletRequest) servletRequest, servletResponse);
        }
    }

    private static void rejectWith503(HttpServletRequest httpServletRequest, ServletResponse servletResponse) throws IOException {
        log.warn("Rejecting security-sensitive request that bypassed Johnson filter: {}", httpServletRequest.getRequestURI());
        ServiceUnavailableResponder.respondWithEmpty503(servletResponse);
    }
}
