package com.baomidou.kisso.web.interceptor;

import com.baomidou.kisso.SSOAuthorization;
import com.baomidou.kisso.SSOConfig;
import com.baomidou.kisso.SSOHelper;
import com.baomidou.kisso.annotation.Action;
import com.baomidou.kisso.annotation.Permission;
import com.baomidou.kisso.common.util.HttpUtil;
import com.baomidou.kisso.common.util.StringPool;
import com.baomidou.kisso.security.token.SSOToken;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:com/baomidou/kisso/web/interceptor/SSOPermissionInterceptor.class */
public class SSOPermissionInterceptor extends HandlerInterceptorAdapter {
    private static final Logger log = LoggerFactory.getLogger(SSOPermissionInterceptor.class);
    private SSOAuthorization authorization;
    private String illegalUrl;
    private boolean nothingAnnotationPass = false;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        SSOToken attrToken;
        if (!(obj instanceof HandlerMethod) || (attrToken = SSOHelper.attrToken(httpServletRequest)) == null || isVerification(httpServletRequest, obj, attrToken)) {
            return true;
        }
        return unauthorizedAccess(httpServletRequest, httpServletResponse);
    }

    protected boolean isVerification(HttpServletRequest httpServletRequest, Object obj, SSOToken sSOToken) {
        String requestURI;
        if (SSOConfig.getInstance().isPermissionUri() && ((requestURI = httpServletRequest.getRequestURI()) == null || getAuthorization().isPermitted(sSOToken, requestURI))) {
            return true;
        }
        Permission permission = (Permission) ((HandlerMethod) obj).getMethod().getAnnotation(Permission.class);
        if (permission == null) {
            return isNothingAnnotationPass();
        }
        if (permission.action() == Action.Skip) {
            return true;
        }
        return !StringPool.EMPTY.equals(permission.value()) && getAuthorization().isPermitted(sSOToken, permission.value());
    }

    protected boolean unauthorizedAccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        log.debug(" request 403 url: " + httpServletRequest.getRequestURI());
        if (HttpUtil.isAjax(httpServletRequest)) {
            HttpUtil.ajaxStatus(httpServletResponse, 403, "ajax Unauthorized access.");
            return false;
        }
        if (getIllegalUrl() == null || StringPool.EMPTY.equals(getIllegalUrl())) {
            httpServletResponse.sendError(403, "Forbidden");
            return false;
        }
        httpServletResponse.sendRedirect(getIllegalUrl());
        return false;
    }

    public SSOAuthorization getAuthorization() {
        return this.authorization;
    }

    public void setAuthorization(SSOAuthorization sSOAuthorization) {
        this.authorization = sSOAuthorization;
    }

    public String getIllegalUrl() {
        return this.illegalUrl;
    }

    public void setIllegalUrl(String str) {
        this.illegalUrl = str;
    }

    public boolean isNothingAnnotationPass() {
        return this.nothingAnnotationPass;
    }

    public void setNothingAnnotationPass(boolean z) {
        this.nothingAnnotationPass = z;
    }
}
