package org.springframework.security.acls.afterinvocation;

import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.acls.model.AclService;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.SpringSecurityMessageSource;

/* loaded from: input_file:WEB-INF/lib/spring-security-acl-3.0.6.RELEASE.jar:org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.class */
public class AclEntryAfterInvocationProvider extends AbstractAclProvider implements MessageSourceAware {
    protected static final Log logger = LogFactory.getLog(AclEntryAfterInvocationProvider.class);
    protected MessageSourceAccessor messages;

    public AclEntryAfterInvocationProvider(AclService aclService, List<Permission> list) {
        super(aclService, "AFTER_ACL_READ", list);
        this.messages = SpringSecurityMessageSource.getAccessor();
    }

    public AclEntryAfterInvocationProvider(AclService aclService, String str, List<Permission> list) {
        super(aclService, str, list);
        this.messages = SpringSecurityMessageSource.getAccessor();
    }

    @Override // org.springframework.security.access.AfterInvocationProvider
    public Object decide(Authentication authentication, Object obj, Collection<ConfigAttribute> collection, Object obj2) throws AccessDeniedException {
        if (obj2 == null) {
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("Return object is null, skipping");
            return null;
        }
        if (!getProcessDomainObjectClass().isAssignableFrom(obj2.getClass())) {
            if (logger.isDebugEnabled()) {
                logger.debug("Return object is not applicable for this provider, skipping");
            }
            return obj2;
        }
        Iterator<ConfigAttribute> it = collection.iterator();
        while (it.hasNext()) {
            if (supports(it.next())) {
                if (hasPermission(authentication, obj2)) {
                    return obj2;
                }
                logger.debug("Denying access");
                throw new AccessDeniedException(this.messages.getMessage("AclEntryAfterInvocationProvider.noPermission", new Object[]{authentication.getName(), obj2}, "Authentication {0} has NO permissions to the domain object {1}"));
            }
        }
        return obj2;
    }

    @Override // org.springframework.context.MessageSourceAware
    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }
}
