package org.springframework.security.oauth2.provider.authentication;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.util.Assert;

/* loaded from: input_file:lib/spring-security-oauth2-2.0.10.RELEASE.jar:org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter.class */
public class OAuth2AuthenticationProcessingFilter implements Filter, InitializingBean {
    private static final Log logger = LogFactory.getLog(OAuth2AuthenticationProcessingFilter.class);
    private AuthenticationManager authenticationManager;
    private AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
    private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new OAuth2AuthenticationDetailsSource();
    private TokenExtractor tokenExtractor = new BearerTokenExtractor();
    private AuthenticationEventPublisher eventPublisher = new NullEventPublisher();
    private boolean stateless = true;

    /* loaded from: input_file:lib/spring-security-oauth2-2.0.10.RELEASE.jar:org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationProcessingFilter$NullEventPublisher.class */
    private static final class NullEventPublisher implements AuthenticationEventPublisher {
        private NullEventPublisher() {
        }

        @Override // org.springframework.security.authentication.AuthenticationEventPublisher
        public void publishAuthenticationFailure(AuthenticationException authenticationException, Authentication authentication) {
        }

        @Override // org.springframework.security.authentication.AuthenticationEventPublisher
        public void publishAuthenticationSuccess(Authentication authentication) {
        }
    }

    public void setStateless(boolean z) {
        this.stateless = z;
    }

    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationEntryPoint = authenticationEntryPoint;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setTokenExtractor(TokenExtractor tokenExtractor) {
        this.tokenExtractor = tokenExtractor;
    }

    public void setAuthenticationEventPublisher(AuthenticationEventPublisher authenticationEventPublisher) {
        this.eventPublisher = authenticationEventPublisher;
    }

    public void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        Assert.state(this.authenticationManager != null, "AuthenticationManager is required");
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        boolean isDebugEnabled = logger.isDebugEnabled();
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            Authentication extract = this.tokenExtractor.extract(httpServletRequest);
            if (extract == null) {
                if (this.stateless && isAuthenticated()) {
                    if (isDebugEnabled) {
                        logger.debug("Clearing security context.");
                    }
                    SecurityContextHolder.clearContext();
                }
                if (isDebugEnabled) {
                    logger.debug("No token in request, will continue chain.");
                }
            } else {
                httpServletRequest.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, extract.getPrincipal());
                if (extract instanceof AbstractAuthenticationToken) {
                    ((AbstractAuthenticationToken) extract).setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
                }
                Authentication authenticate = this.authenticationManager.authenticate(extract);
                if (isDebugEnabled) {
                    logger.debug("Authentication success: " + authenticate);
                }
                this.eventPublisher.publishAuthenticationSuccess(authenticate);
                SecurityContextHolder.getContext().setAuthentication(authenticate);
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (OAuth2Exception e) {
            SecurityContextHolder.clearContext();
            if (isDebugEnabled) {
                logger.debug("Authentication request failed: " + e);
            }
            this.eventPublisher.publishAuthenticationFailure(new BadCredentialsException(e.getMessage(), e), new PreAuthenticatedAuthenticationToken("access-token", "N/A"));
            this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, new InsufficientAuthenticationException(e.getMessage(), e));
        }
    }

    private boolean isAuthenticated() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return (authentication == null || (authentication instanceof AnonymousAuthenticationToken)) ? false : true;
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
