package com.manydesigns.portofino.interceptors;

import com.manydesigns.elements.ElementsThreadLocals;
import com.manydesigns.portofino.shiro.SecurityUtilsBean;
import com.manydesigns.portofino.shiro.ShiroUtils;
import com.manydesigns.portofino.stripes.AuthenticationRequiredResolution;
import com.manydesigns.portofino.stripes.ForbiddenAccessResolution;
import java.io.Serializable;
import java.lang.reflect.Method;
import net.sourceforge.stripes.action.Resolution;
import net.sourceforge.stripes.controller.ExecutionContext;
import net.sourceforge.stripes.controller.Interceptor;
import net.sourceforge.stripes.controller.Intercepts;
import net.sourceforge.stripes.controller.LifecycleStage;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.aop.MethodInvocation;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.UnauthenticatedException;
import org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;

@Intercepts({LifecycleStage.BindingAndValidation})
/* loaded from: input_file:com/manydesigns/portofino/interceptors/ShiroInterceptor.class */
public class ShiroInterceptor implements Interceptor {
    public static final String copyright = "Copyright (C) 2005-2017 ManyDesigns srl";
    public static final Logger logger = LoggerFactory.getLogger(ShiroInterceptor.class);
    protected static final AuthChecker AUTH_CHECKER = new AuthChecker();

    /* loaded from: input_file:com/manydesigns/portofino/interceptors/ShiroInterceptor$AuthChecker.class */
    public static final class AuthChecker extends AnnotationsAuthorizingMethodInterceptor {
        public void assertAuthorized(final ExecutionContext executionContext) throws AuthorizationException {
            super.assertAuthorized(new MethodInvocation() { // from class: com.manydesigns.portofino.interceptors.ShiroInterceptor.AuthChecker.1
                public Object proceed() throws Throwable {
                    return null;
                }

                public Method getMethod() {
                    return executionContext.getHandler();
                }

                public Object[] getArguments() {
                    return new Object[0];
                }

                public Object getThis() {
                    return executionContext.getActionBean();
                }
            });
        }
    }

    public Resolution intercept(ExecutionContext executionContext) throws Exception {
        logger.debug("Retrieving user");
        Serializable serializable = null;
        Subject subject = SecurityUtils.getSubject();
        if (subject.getPrincipal() == null) {
            logger.debug("No user found");
        } else {
            serializable = ShiroUtils.getUserId(subject);
            logger.debug("Retrieved userId={}", serializable);
        }
        logger.debug("Publishing securityUtils in OGNL context");
        ElementsThreadLocals.getOgnlContext().put("securityUtils", new SecurityUtilsBean());
        logger.debug("Setting up logging MDC");
        MDC.clear();
        if (serializable != null) {
            MDC.put("userId", serializable.toString());
        }
        if (executionContext.getActionBeanContext() != null && executionContext.getActionBeanContext().getRequest() != null) {
            MDC.put("req.requestURI", executionContext.getActionBeanContext().getRequest().getRequestURI());
        }
        try {
            AUTH_CHECKER.assertAuthorized(executionContext);
            logger.debug("Security check passed.");
            return executionContext.proceed();
        } catch (AuthorizationException e) {
            logger.warn("Method invocation not authorized", e);
            return new ForbiddenAccessResolution(e.getMessage());
        } catch (UnauthenticatedException e2) {
            logger.debug("Method required authentication", e2);
            return new AuthenticationRequiredResolution();
        }
    }
}
