package org.apache.brooklyn.rest.filter;

import com.google.common.base.Preconditions;
import java.io.IOException;
import java.net.URI;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Response;
import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.config.ConfigKey;
import org.apache.brooklyn.core.config.ConfigKeys;
import org.apache.brooklyn.rest.security.provider.SecurityProvider;
import org.apache.brooklyn.rest.util.ManagementContextProvider;
import org.apache.brooklyn.util.text.Strings;
import org.eclipse.jetty.http.HttpHeader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterJavax.class */
public class BrooklynSecurityProviderFilterJavax implements Filter {
    private static final Logger log = LoggerFactory.getLogger(BrooklynSecurityProviderFilterJavax.class);
    public static final ConfigKey<String> LOGIN_FORM = ConfigKeys.newStringConfigKey("brooklyn.webconsole.security.login.form", "Login form location otherwise use browser popup", "");

    public void init(FilterConfig filterConfig) throws ServletException {
        log.trace("BrooklynSecurityProviderFilterJavax.init");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String str = "";
        try {
            log.trace("BrooklynSecurityProviderFilterJavax.doFilter {}", servletRequest);
            ManagementContext managementContext = new ManagementContextProvider(servletRequest.getServletContext()).getManagementContext();
            str = getLoginPageFromContext(managementContext);
            Preconditions.checkNotNull(managementContext, "Brooklyn management context not available; cannot authenticate");
            new BrooklynSecurityProviderFilterHelper().run((HttpServletRequest) servletRequest, managementContext, null);
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (SecurityProvider.SecurityProviderDeniedAuthentication e) {
            log.trace("BrooklynSecurityProviderFilterJavax.doFilter caught SecurityProviderDeniedAuthentication", e);
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            Response response = e.getResponse();
            if (response == null) {
                response = Response.status(Response.Status.UNAUTHORIZED).build();
            }
            if (response.getStatus() == Response.Status.UNAUTHORIZED.getStatusCode() && Strings.isNonBlank(str)) {
                response = Response.status(Response.Status.FOUND).header(HttpHeader.CACHE_CONTROL.asString(), "no-cache, no-store").location(URI.create("/" + str)).build();
            }
            httpServletResponse.setStatus(response.getStatus());
            response.getHeaders().forEach((str2, list) -> {
                list.forEach(obj -> {
                    httpServletResponse.addHeader(str2, Strings.toString(obj));
                });
            });
            Object entity = response.getEntity();
            if (entity != null) {
                servletResponse.getWriter().write(Strings.toString(entity));
                servletResponse.getWriter().flush();
            }
        }
    }

    private String getLoginPageFromContext(ManagementContext managementContext) {
        return (managementContext == null || managementContext.getConfig() == null) ? "" : (String) managementContext.getConfig().getConfig(LOGIN_FORM);
    }

    public void destroy() {
        log.trace("BrooklynSecurityProviderFilterJavax.destroy");
    }
}
