package org.sonatype.nexus.web.internal;

import com.google.common.base.Preconditions;
import java.io.IOException;
import java.security.Principal;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.web.filter.mgt.FilterChainResolver;
import org.apache.shiro.web.mgt.WebSecurityManager;
import org.apache.shiro.web.servlet.AbstractShiroFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonatype.security.SecuritySystem;
import org.sonatype.security.internal.UserIdMdcHelper;

@Singleton
@Named
/* loaded from: input_file:WEB-INF/lib/nexus-core-2.14.20-02.jar:org/sonatype/nexus/web/internal/SecurityFilter.class */
public class SecurityFilter extends AbstractShiroFilter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SecurityFilter.class);
    public static final String ATTR_USER_PRINCIPAL = "nexus.user.principal";
    public static final String ATTR_USER_ID = "nexus.user.id";

    @Inject
    public SecurityFilter(SecuritySystem securitySystem, FilterChainResolver filterChainResolver) {
        Preconditions.checkNotNull(securitySystem);
        WebSecurityManager webSecurityManager = (WebSecurityManager) securitySystem.getSecurityManager();
        log.trace("Security manager: {}", webSecurityManager);
        setSecurityManager(webSecurityManager);
        Preconditions.checkNotNull(filterChainResolver);
        log.trace("Filter chain resolver: {}", filterChainResolver);
        setFilterChainResolver(filterChainResolver);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.servlet.AbstractShiroFilter
    public void executeChain(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest;
        Principal userPrincipal;
        UserIdMdcHelper.set();
        if ((servletRequest instanceof HttpServletRequest) && (userPrincipal = (httpServletRequest = (HttpServletRequest) servletRequest).getUserPrincipal()) != null) {
            httpServletRequest.setAttribute(ATTR_USER_PRINCIPAL, userPrincipal);
            httpServletRequest.setAttribute(ATTR_USER_ID, userPrincipal.getName());
        }
        try {
            super.executeChain(servletRequest, servletResponse, filterChain);
        } finally {
            UserIdMdcHelper.unset();
        }
    }
}
