package org.kuali.coeus.sys.framework.security;

import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.kuali.rice.core.api.config.property.ConfigurationService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;

@EnableWebMvcSecurity
@Configuration
@Deprecated
/* loaded from: input_file:org/kuali/coeus/sys/framework/security/SpringRestSecurity.class */
public class SpringRestSecurity extends WebSecurityConfigurerAdapter {
    private static final String ADMIN_ROLE = "ADMIN";
    private static final String KC_REST_ADMIN_PASSWORD = "kc.rest.admin.password";
    private static final String KC_REST_ADMIN_USERNAME = "kc.rest.admin.username";
    private static final String AUTH_REST_URLS_REGEX = "auth.rest.urls.regex";

    @Autowired
    @Qualifier("kualiConfigurationService")
    private ConfigurationService configurationService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        String propertyValueAsString = this.configurationService.getPropertyValueAsString(KC_REST_ADMIN_USERNAME);
        String propertyValueAsString2 = this.configurationService.getPropertyValueAsString(KC_REST_ADMIN_PASSWORD);
        if (StringUtils.isNotBlank(propertyValueAsString) && StringUtils.isNotBlank(propertyValueAsString2)) {
            authenticationManagerBuilder.inMemoryAuthentication().withUser(propertyValueAsString).password(propertyValueAsString2).roles(new String[]{ADMIN_ROLE});
        }
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
        httpSecurity.headers().xssProtection().and().addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN));
        String propertyValueAsString = this.configurationService.getPropertyValueAsString(AUTH_REST_URLS_REGEX);
        if (StringUtils.isNotBlank(propertyValueAsString)) {
            Stream.of((Object[]) propertyValueAsString.split(",")).map((v0) -> {
                return v0.trim();
            }).forEach(str -> {
                try {
                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().regexMatchers(new String[]{str})).hasRole(ADMIN_ROLE).and().httpBasic();
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            });
        }
    }

    public ConfigurationService getConfigurationService() {
        return this.configurationService;
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }
}
