package org.sonatype.nexus.security.filter.authz;

import groovy.inspect.Inspector;
import java.io.IOException;
import javax.inject.Inject;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter;
import org.sonatype.nexus.auth.ClientInfo;
import org.sonatype.nexus.auth.NexusAuthorizationEvent;
import org.sonatype.nexus.auth.ResourceInfo;
import org.sonatype.nexus.proxy.access.Action;
import org.sonatype.nexus.web.Constants;
import org.sonatype.nexus.web.RemoteIPFinder;
import org.sonatype.security.SecuritySystem;
import org.sonatype.sisu.goodies.eventbus.EventBus;

/* loaded from: input_file:WEB-INF/lib/nexus-core-2.14.17-01.jar:org/sonatype/nexus/security/filter/authz/FailureLoggingHttpMethodPermissionFilter.class */
public class FailureLoggingHttpMethodPermissionFilter extends HttpMethodPermissionFilter {

    @Inject
    private SecuritySystem securitySystem;

    @Inject
    private EventBus eventBus;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.filter.authz.AuthorizationFilter, org.apache.shiro.web.filter.AccessControlFilter
    public boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        recordAuthzFailureEvent(servletRequest, servletResponse);
        servletRequest.setAttribute(Constants.ATTR_KEY_REQUEST_IS_AUTHZ_REJECTED, Boolean.TRUE);
        return false;
    }

    private void recordAuthzFailureEvent(ServletRequest servletRequest, ServletResponse servletResponse) {
        Subject subject = getSubject(servletRequest, servletResponse);
        if (this.securitySystem.getAnonymousUsername().equals(subject.getPrincipal())) {
            return;
        }
        Action valueOf = Action.valueOf(getHttpMethodAction(servletRequest));
        this.eventBus.post(new NexusAuthorizationEvent(this, new ClientInfo(String.valueOf(subject.getPrincipal()), RemoteIPFinder.findIP((HttpServletRequest) servletRequest), Inspector.NOT_APPLICABLE), new ResourceInfo("HTTP", ((HttpServletRequest) servletRequest).getMethod(), valueOf, ((HttpServletRequest) servletRequest).getRequestURI()), false));
    }
}
