package uk.ac.ox.it.ords.security;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;

/* loaded from: input_file:uk/ac/ox/it/ords/security/SSOFilter.class */
public class SSOFilter extends AuthenticatingFilter {
    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        String str;
        try {
            str = ((HttpServletRequest) servletRequest).getRemoteUser();
        } catch (Exception e) {
            str = null;
        }
        String str2 = (String) servletRequest.getAttribute("affiliation");
        if (str2 == null) {
            str2 = "";
        }
        return new RemoteUserToken(str, str2);
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        Subject subject = getSubject(servletRequest, servletResponse);
        try {
            if (subject.getPrincipal() != null && subject.getPrincipal().equals("anonymous")) {
                subject.logout();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        try {
            subject.login(createToken(servletRequest, servletResponse));
            return subject.isAuthenticated();
        } catch (AuthenticationException e2) {
            if (!isPermissive(obj)) {
                return false;
            }
            subject.login(new RemoteUserToken("anonymous", ""));
            return true;
        } catch (Exception e3) {
            e3.printStackTrace();
            return false;
        }
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        ((HttpServletResponse) servletResponse).sendError(403);
        return false;
    }
}
