package org.openthinclient.web;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.openthinclient.service.apacheds.DirectoryServiceConfiguration;
import org.openthinclient.service.common.home.ManagerHome;
import org.openthinclient.web.security.VaadinTokenBasedRememberMeServices;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.embedded.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.search.LdapUserSearch;
import org.springframework.security.ldap.userdetails.LdapUserDetailsService;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.web.filter.OncePerRequestFilter;
import org.vaadin.spring.http.HttpService;
import org.vaadin.spring.security.annotation.EnableVaadinSharedSecurity;
import org.vaadin.spring.security.shared.VaadinAuthenticationSuccessHandler;
import org.vaadin.spring.security.shared.VaadinUrlAuthenticationSuccessHandler;
import org.vaadin.spring.security.web.VaadinRedirectStrategy;

@EnableVaadinSharedSecurity
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, proxyTargetClass = true)
/* loaded from: input_file:org/openthinclient/web/WebApplicationSecurityConfiguration.class */
public class WebApplicationSecurityConfiguration extends WebSecurityConfigurerAdapter {
    private static final Logger LOG = LoggerFactory.getLogger(WebApplicationSecurityConfiguration.class);

    @Autowired
    private ManagerHome managerHome;

    @Value("${vaadin.servlet.urlMapping}")
    private String vaadinServletUrlMapping;

    @Bean
    public FilterRegistrationBean redirectToDashboardUIFilter() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.addUrlPatterns(new String[]{"/"});
        filterRegistrationBean.addUrlPatterns(new String[]{WebUtil.getServletMappingRoot(this.vaadinServletUrlMapping) + "first-start"});
        filterRegistrationBean.setFilter(new OncePerRequestFilter() { // from class: org.openthinclient.web.WebApplicationSecurityConfiguration.1
            protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
                httpServletResponse.sendRedirect(WebUtil.getServletMappingRoot(WebApplicationSecurityConfiguration.this.vaadinServletUrlMapping) + "welcome");
            }
        });
        return filterRegistrationBean;
    }

    public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        DirectoryServiceConfiguration directoryServiceConfiguration = (DirectoryServiceConfiguration) this.managerHome.getConfiguration(DirectoryServiceConfiguration.class);
        String createLdapURL = createLdapURL(directoryServiceConfiguration);
        LOG.info("Configuring authentication for LDAP: {}", createLdapURL);
        LdapAuthenticationProviderConfigurer ldapAuthentication = authenticationManagerBuilder.ldapAuthentication();
        ldapAuthentication.contextSource().url(createLdapURL).managerDn(directoryServiceConfiguration.getContextSecurityPrincipal()).managerPassword(directoryServiceConfiguration.getContextSecurityCredentials());
        ldapAuthentication.userDnPatterns(new String[]{"cn={0},ou=users"}).contextSource();
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
        String servletMappingRoot = WebUtil.getServletMappingRoot(this.vaadinServletUrlMapping);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).permitAll();
        httpSecurity.httpBasic().disable();
        httpSecurity.formLogin().disable();
        httpSecurity.logout().logoutUrl(servletMappingRoot + "logout").logoutSuccessUrl(servletMappingRoot).deleteCookies(new String[]{"JSESSIONID"}).permitAll();
        httpSecurity.rememberMe().rememberMeServices(rememberMeServices()).key("openthinclient-manager");
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers(new String[]{"/VAADIN/**"});
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public RememberMeServices rememberMeServices() {
        VaadinTokenBasedRememberMeServices vaadinTokenBasedRememberMeServices = new VaadinTokenBasedRememberMeServices("openthinclient-manager", userDetailsService());
        vaadinTokenBasedRememberMeServices.setAlwaysRemember(false);
        return vaadinTokenBasedRememberMeServices;
    }

    @Bean(name = {"vaadinAuthenticationSuccessHandler"})
    VaadinAuthenticationSuccessHandler vaadinAuthenticationSuccessHandler(HttpService httpService, VaadinRedirectStrategy vaadinRedirectStrategy) {
        return new VaadinUrlAuthenticationSuccessHandler(httpService, vaadinRedirectStrategy, WebUtil.getServletMappingRoot(this.vaadinServletUrlMapping));
    }

    protected UserDetailsService userDetailsService() {
        return new LdapUserDetailsService(userSearch());
    }

    @Bean
    public LdapUserSearch userSearch() {
        return new FilterBasedLdapUserSearch("ou=users", "(cn={0})", contextSource());
    }

    @Bean
    public BaseLdapPathContextSource contextSource() {
        DirectoryServiceConfiguration directoryServiceConfiguration = (DirectoryServiceConfiguration) this.managerHome.getConfiguration(DirectoryServiceConfiguration.class);
        DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(createLdapURL(directoryServiceConfiguration));
        defaultSpringSecurityContextSource.setUserDn(directoryServiceConfiguration.getContextSecurityPrincipal());
        defaultSpringSecurityContextSource.setPassword(directoryServiceConfiguration.getContextSecurityCredentials());
        return defaultSpringSecurityContextSource;
    }

    private String createLdapURL(DirectoryServiceConfiguration directoryServiceConfiguration) {
        return "ldap://localhost:" + directoryServiceConfiguration.getEmbeddedLdapPort() + "/ou=" + directoryServiceConfiguration.getPrimaryOU() + "," + directoryServiceConfiguration.getEmbeddedCustomRootPartitionName();
    }
}
