package org.springframework.boot.web.servlet.filter;

import java.io.IOException;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.ApplicationContext;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
import org.springframework.web.util.UrlPathHelper;

/* loaded from: input_file:ingrid-codelist-repository-7.0.0/lib/spring-boot-2.7.17.jar:org/springframework/boot/web/servlet/filter/ErrorPageSecurityFilter.class */
public class ErrorPageSecurityFilter implements Filter {
    private static final WebInvocationPrivilegeEvaluator ALWAYS = new AlwaysAllowWebInvocationPrivilegeEvaluator();
    private final UrlPathHelper urlPathHelper = new UrlPathHelper();
    private final ApplicationContext context;
    private volatile WebInvocationPrivilegeEvaluator privilegeEvaluator;

    /* loaded from: input_file:ingrid-codelist-repository-7.0.0/lib/spring-boot-2.7.17.jar:org/springframework/boot/web/servlet/filter/ErrorPageSecurityFilter$AlwaysAllowWebInvocationPrivilegeEvaluator.class */
    private static class AlwaysAllowWebInvocationPrivilegeEvaluator implements WebInvocationPrivilegeEvaluator {
        private AlwaysAllowWebInvocationPrivilegeEvaluator() {
        }

        public boolean isAllowed(String str, Authentication authentication) {
            return true;
        }

        public boolean isAllowed(String str, String str2, String str3, Authentication authentication) {
            return true;
        }
    }

    public ErrorPageSecurityFilter(ApplicationContext applicationContext) {
        this.context = applicationContext;
        this.urlPathHelper.setAlwaysUseFullPath(true);
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    private void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        Integer num = (Integer) httpServletRequest.getAttribute("javax.servlet.error.status_code");
        if (!DispatcherType.ERROR.equals(httpServletRequest.getDispatcherType()) || isAllowed(httpServletRequest, num)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.sendError(num != null ? num.intValue() : 401);
        }
    }

    private boolean isAllowed(HttpServletRequest httpServletRequest, Integer num) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (isUnauthenticated(authentication) && isNotAuthenticationError(num)) {
            return true;
        }
        return getPrivilegeEvaluator().isAllowed(this.urlPathHelper.getPathWithinApplication(httpServletRequest), authentication);
    }

    private boolean isUnauthenticated(Authentication authentication) {
        return authentication == null || (authentication instanceof AnonymousAuthenticationToken);
    }

    private boolean isNotAuthenticationError(Integer num) {
        return num == null || !(num.intValue() == 401 || num.intValue() == 403);
    }

    private WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() {
        WebInvocationPrivilegeEvaluator webInvocationPrivilegeEvaluator = this.privilegeEvaluator;
        if (webInvocationPrivilegeEvaluator == null) {
            webInvocationPrivilegeEvaluator = getPrivilegeEvaluatorBean();
            this.privilegeEvaluator = webInvocationPrivilegeEvaluator;
        }
        return webInvocationPrivilegeEvaluator;
    }

    private WebInvocationPrivilegeEvaluator getPrivilegeEvaluatorBean() {
        try {
            return (WebInvocationPrivilegeEvaluator) this.context.getBean(WebInvocationPrivilegeEvaluator.class);
        } catch (NoSuchBeanDefinitionException e) {
            return ALWAYS;
        }
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
