package com.loy.cloud.conf;

import com.loy.cloud.authorize.ClientAuthorityService;
import com.loy.cloud.authorize.EDefaultWebSecurityExpressionHandler;
import com.loy.cloud.authorize.EPermissionEvaluator;
import com.loy.e.common.vo.DefaultRespone;
import com.loy.e.core.api.AuthorityService;
import feign.RequestInterceptor;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.cloud.client.circuitbreaker.EnableCircuitBreaker;
import org.springframework.cloud.client.discovery.DiscoveryClient;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import org.springframework.cloud.netflix.eureka.EnableEurekaClient;
import org.springframework.cloud.netflix.feign.EnableFeignClients;
import org.springframework.cloud.netflix.hystrix.EnableHystrix;
import org.springframework.cloud.netflix.hystrix.dashboard.EnableHystrixDashboard;
import org.springframework.cloud.security.oauth2.client.feign.OAuth2FeignRequestInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

@EnableEurekaClient
@EnableWebSecurity
@EnableCircuitBreaker
@Configuration
@EnableHystrixDashboard
@EnableHystrix
@EnableResourceServer
@EnableFeignClients(basePackages = {"com.loy"})
@EnableDiscoveryClient
/* loaded from: input_file:com/loy/cloud/conf/ResourceServerConfiguration.class */
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
    protected final Log logger = LogFactory.getLog(ResourceServerConfiguration.class);

    @Autowired(required = false)
    private AuthorityService authorityService;

    @Autowired(required = false)
    private ClientAuthorityService clientAuthorityService;

    @Autowired(required = false)
    DiscoveryClient discoveryClient;

    @Configuration
    /* loaded from: input_file:com/loy/cloud/conf/ResourceServerConfiguration$FeignOAuthInterceptorConfiguration.class */
    protected static class FeignOAuthInterceptorConfiguration {
        protected FeignOAuthInterceptorConfiguration() {
        }

        @Bean
        public RequestInterceptor feignOAuthInterceptor() {
            return new OAuth2FeignRequestInterceptor(new DefaultOAuth2ClientContext(), oAuth2ProtectedResourceDetails());
        }

        @ConfigurationProperties("security.oauth2.client")
        @Bean
        public OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails() {
            return new ClientCredentialsResourceDetails();
        }
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
        httpSecurity.headers().frameOptions().sameOrigin();
        DefaultRespone<Map<String, String>> defaultRespone = null;
        if (this.authorityService != null) {
            defaultRespone = this.authorityService.getResource();
        } else {
            boolean z = false;
            int i = 15;
            Throwable th = null;
            while (!z && i > 0) {
                try {
                    defaultRespone = this.clientAuthorityService.getPermissionResource();
                    if (defaultRespone == null) {
                        this.logger.info("Attempting to obtain resources information failure :" + (16 - i));
                        Thread.sleep(10000L);
                    } else {
                        z = true;
                    }
                } catch (Throwable th2) {
                    this.logger.info("Attempting to obtain resources information failure :" + (16 - i));
                    th = th2;
                    i--;
                    Thread.sleep(10000L);
                }
            }
            if (!z) {
                this.logger.error("clientAuthorityService", th);
                this.logger.info("Attempting to obtain resources information failure");
            }
        }
        Map map = (Map) defaultRespone.getData();
        ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests = httpSecurity.authorizeRequests();
        if (map != null && !map.isEmpty()) {
            for (Map.Entry entry : map.entrySet()) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{"/**/" + ((String) entry.getKey())})).access("hasPermission('','" + ((String) entry.getValue()) + "')");
            }
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.anyRequest()).authenticated();
    }

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) throws Exception {
        resourceServerSecurityConfigurer.expressionHandler(webSecurityExpressionHandler());
    }

    @Bean
    EDefaultWebSecurityExpressionHandler webSecurityExpressionHandler() {
        return new EDefaultWebSecurityExpressionHandler();
    }

    @Bean
    PermissionEvaluator permissionEvaluator() {
        return new EPermissionEvaluator();
    }
}
