package org.apache.brooklyn.rest.filter;

import java.io.IOException;
import java.security.Principal;
import javax.annotation.Priority;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.Context;
import javax.ws.rs.ext.Provider;
import org.apache.brooklyn.api.mgmt.entitlement.EntitlementContext;
import org.apache.brooklyn.core.mgmt.entitlement.Entitlements;
import org.apache.brooklyn.core.mgmt.entitlement.WebEntitlementContext;
import org.apache.brooklyn.util.text.Strings;

@Provider
@Priority(400)
/* loaded from: input_file:org/apache/brooklyn/rest/filter/EntitlementContextFilter.class */
public class EntitlementContextFilter implements ContainerRequestFilter, ContainerResponseFilter {

    @Context
    private HttpServletRequest request;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        HttpSession session;
        String str = null;
        Principal userPrincipal = containerRequestContext.getSecurityContext().getUserPrincipal();
        if (userPrincipal != null) {
            str = userPrincipal.getName();
        } else if (this.request != null && (session = this.request.getSession(false)) != null) {
            str = Strings.toString(session.getAttribute(BrooklynSecurityProviderFilterHelper.AUTHENTICATED_USER_SESSION_ATTRIBUTE));
        }
        if (str != null) {
            EntitlementContext entitlementContext = Entitlements.getEntitlementContext();
            if (entitlementContext != null && !str.equals(entitlementContext.user())) {
                throw new IllegalStateException("Illegal entitement context switch, from user " + entitlementContext.user() + " to " + str);
            }
            Entitlements.setEntitlementContext(new WebEntitlementContext(str, this.request.getRemoteAddr(), this.request.getRequestURI(), RequestTaggingRsFilter.getTag()));
        }
    }

    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        Entitlements.clearEntitlementContext();
    }
}
