package io.dialob.boot.security;

import io.dialob.common.Permissions;
import io.dialob.security.spring.AuthenticationStrategy;
import io.dialob.security.spring.tenant.TenantAccessEvaluator;
import org.springframework.http.HttpMethod;
import org.springframework.lang.NonNull;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.cors.CorsConfiguration;

/* loaded from: input_file:BOOT-INF/classes/io/dialob/boot/security/AbstractApiSecurityConfigurer.class */
public abstract class AbstractApiSecurityConfigurer extends AbstractWebSecurityConfigurer {
    public static final CorsConfiguration PERMIT_ALL = new CorsConfiguration().applyPermitDefaultValues();
    public static final CorsConfiguration ALLOW_SAME_ORIGIN = new CorsConfiguration();
    public static final RequestMatcher SESSION_EXISTS_MATCHER = httpServletRequest -> {
        return httpServletRequest.getSession(false) != null;
    };

    public AbstractApiSecurityConfigurer(String str, TenantAccessEvaluator tenantAccessEvaluator, @NonNull AuthenticationStrategy authenticationStrategy) {
        super(str, tenantAccessEvaluator, authenticationStrategy);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // io.dialob.boot.security.AbstractWebSecurityConfigurer
    protected HttpSecurity configurePermissions(HttpSecurity httpSecurity) throws Exception {
        return (HttpSecurity) httpSecurity.securityMatcher(requestMatcher()).authorizeHttpRequests().requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.GET, getContextPath() + "/questionnaires/**")).hasAuthority(Permissions.QUESTIONNAIRES_GET).requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.HEAD, getContextPath() + "/questionnaires/**")).hasAuthority(Permissions.QUESTIONNAIRES_GET).requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.POST, getContextPath() + "/questionnaires/**")).hasAuthority(Permissions.QUESTIONNAIRES_POST).requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.PUT, getContextPath() + "/questionnaires/**")).hasAuthority(Permissions.QUESTIONNAIRES_PUT).requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.DELETE, getContextPath() + "/questionnaires/**")).hasAuthority(Permissions.QUESTIONNAIRES_DELETE).requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.GET, getContextPath() + "/forms/**")).hasAuthority(Permissions.FORMS_GET).requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.HEAD, getContextPath() + "/forms/**")).hasAuthority(Permissions.FORMS_GET).requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.POST, getContextPath() + "/forms/**")).hasAuthority(Permissions.FORMS_POST).requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.PUT, getContextPath() + "/forms/**")).hasAuthority(Permissions.FORMS_PUT).requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.DELETE, getContextPath() + "/forms/**")).hasAuthority(Permissions.FORMS_DELETE).requestMatchers(AntPathRequestMatcher.antMatcher(HttpMethod.GET, getContextPath() + "/tenants/**")).authenticated().anyRequest().denyAll().and();
    }

    @Override // io.dialob.boot.security.AbstractWebSecurityConfigurer
    @NonNull
    protected RequestMatcher getTenantRequiredMatcher() {
        return new NegatedRequestMatcher(AntPathRequestMatcher.antMatcher(getContextPath() + "/tenants/**"));
    }
}
