package com.alilitech.biz.security.authorization;

import com.alilitech.biz.security.SecurityBizMessageSource;
import java.util.Collection;
import java.util.Iterator;
import org.apache.commons.codec.binary.StringUtils;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.FilterInvocation;

/* loaded from: input_file:com/alilitech/biz/security/authorization/CustomAccessDecisionManager.class */
public class CustomAccessDecisionManager implements AccessDecisionManager {
    protected MessageSourceAccessor messages = SecurityBizMessageSource.getAccessor();

    public void decide(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
        String requestURI = ((FilterInvocation) obj).getHttpRequest().getRequestURI();
        for (ConfigAttribute configAttribute : collection) {
            if (authentication == null) {
                throw new AccessDeniedException(this.messages.getMessage("Authorization.NotAllowed", new Object[]{requestURI}, "Authorization is not allowed for {0}!"));
            }
            String attribute = configAttribute.getAttribute();
            Iterator it = authentication.getAuthorities().iterator();
            while (it.hasNext()) {
                if (StringUtils.equals(((GrantedAuthority) it.next()).getAuthority(), attribute)) {
                    return;
                }
            }
        }
        throw new AccessDeniedException(this.messages.getMessage("Authorization.NotAllowed", new Object[]{requestURI}, "Authorization is not allowed for {0}!"));
    }

    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    public boolean supports(Class<?> cls) {
        return FilterInvocation.class.isAssignableFrom(cls);
    }
}
