package io.buildrun.security;

import io.buildrun.security.exception.RestAccessDeniedHandler;
import io.buildrun.security.exception.RestAuthenticationEntryPoint;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:io/buildrun/security/ServiceWebSecurityConfigurerAdapter.class */
public class ServiceWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
    private String[] defaultIgnorePaths = {"/favicon.ico", "/public/**", "/choerodon/**", "/", "/dis/**", "/env-config.js", "/actuator/**", "/prometheus"};

    @Value("${buildrun.resource.jwt.ignore:}")
    private String ignorePaths;

    @Autowired
    private RestAccessDeniedHandler accessDeniedHandler;

    @Autowired
    private RestAuthenticationEntryPoint unauthorizedHandler;

    public void configure(HttpSecurity httpSecurity) throws Exception {
        if (this.ignorePaths != null && !"".equals(this.ignorePaths)) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(this.ignorePaths.replaceAll("\\s*", "").split(","))).permitAll();
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.cors().and().csrf().disable().authorizeRequests().antMatchers(this.defaultIgnorePaths)).permitAll().anyRequest()).access("@accessChecker.check(request)").and().exceptionHandling().accessDeniedHandler(this.accessDeniedHandler).authenticationEntryPoint(this.unauthorizedHandler).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }
}
