package net.gbicc.cloud.shiro.cascmn;

import java.io.IOException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import net.gbicc.cloud.word.config.SystemConfig;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.cas.CasFilter;
import org.apache.shiro.cas.CasToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.util.SavedRequest;
import org.apache.shiro.web.util.WebUtils;
import org.jasig.cas.client.validation.Saml11TicketValidator;
import org.jasig.cas.client.validation.TicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/gbicc/cloud/shiro/cascmn/CmnSimpleCasFilter.class */
public class CmnSimpleCasFilter extends CasFilter {
    private static Logger a = LoggerFactory.getLogger(CmnSimpleCasFilter.class);
    private static final String b = "ticket";
    private String c;
    private TicketValidator d;
    private String e;

    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        return new CasToken(((HttpServletRequest) servletRequest).getParameter(b));
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        SavedRequest savedRequest = WebUtils.getSavedRequest(servletRequest);
        if (savedRequest != null) {
            servletRequest.setAttribute("savedRequestURI", savedRequest);
        }
        SecurityUtils.getSubject().logout();
        return executeLogin(servletRequest, servletResponse);
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        Subject subject = getSubject(servletRequest, servletResponse);
        return subject != null && subject.isAuthenticated();
    }

    public String getCasService() {
        return SystemConfig.getInstance().getString("shiro.cas.service");
    }

    protected TicketValidator ensureTicketValidator() {
        if (this.d == null) {
            this.d = createTicketValidator();
        }
        return this.d;
    }

    public String getValidationProtocol() {
        return this.e;
    }

    public void setValidationProtocol(String str) {
        this.e = str;
    }

    protected TicketValidator createTicketValidator() {
        String casServerUrlPrefix = getCasServerUrlPrefix();
        return "saml".equalsIgnoreCase(getValidationProtocol()) ? new Saml11TicketValidator(casServerUrlPrefix) : new CmnCas20ServiceTicketValidator(casServerUrlPrefix);
    }

    public String getCasServerUrlPrefix() {
        return SystemConfig.getInstance().getString("shiro.cas.serverUrlPrefix");
    }

    protected boolean onLoginSuccess(AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        SavedRequest savedRequest = (SavedRequest) servletRequest.getAttribute("savedRequestURI");
        if (savedRequest != null) {
            ((ShiroHttpServletRequest) servletRequest).getSession().setAttribute("savedRequestURI", savedRequest);
        }
        issueSuccessRedirect(servletRequest, servletResponse);
        return false;
    }

    protected boolean onLoginFailure(AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
        Subject subject = getSubject(servletRequest, servletResponse);
        if (subject.isAuthenticated() || subject.isRemembered()) {
            try {
                issueSuccessRedirect(servletRequest, servletResponse);
                return false;
            } catch (Exception e) {
                a.error("Cannot redirect to the default success url", e);
                return false;
            }
        }
        try {
            WebUtils.issueRedirect(servletRequest, servletResponse, this.c);
            return false;
        } catch (IOException e2) {
            a.error("Cannot redirect to failure url : {}", this.c, e2);
            return false;
        }
    }

    public void setFailureUrl(String str) {
        this.c = str;
    }
}
