package org.apache.wink.server.internal.handlers;

import java.lang.reflect.Method;
import javax.servlet.ServletContext;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.apache.wink.common.internal.registry.metadata.MethodMetadata;
import org.apache.wink.server.handlers.AbstractHandler;
import org.apache.wink.server.handlers.MessageContext;
import org.apache.wink.server.internal.lifecycle.metadata.EJBMetadata;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/wink/server/internal/handlers/AuthorizationHandler.class */
public class AuthorizationHandler extends AbstractHandler {
    private static final Logger logger = LoggerFactory.getLogger(AuthorizationHandler.class);
    static boolean was_securityHelperLoaded = false;

    @Override // org.apache.wink.server.handlers.AbstractHandler
    public void handleRequest(MessageContext messageContext) throws Throwable {
        SearchResult searchResult = null;
        try {
            logger.trace("Entry into AuthorizationHandler handleRequest");
            SearchResult searchResult2 = (SearchResult) messageContext.getAttribute(SearchResult.class);
            if (EJBMetadata.isEJB((ServletContext) messageContext.getAttribute(ServletContext.class), searchResult2.getResource().getResourceClass())) {
                logger.trace("Exit from AuthorizationHandler handleRequest: found an EJB resource.");
                return;
            }
            MethodMetadata metadata = searchResult2.getMethod().getMetadata();
            if (metadata == null || !metadata.isSecurityAnnotated()) {
                logger.trace("Exit from AuthorizationHandler handleRequest: No Security annotations found. Allow access.");
                return;
            }
            logger.trace("AuthorizationHandler handleRequest checking for DenyAll");
            if (metadata.isDenyAll()) {
                logger.trace("AuthorizationHandler handleRequest: DenyAll found");
                throw new WebApplicationException(Response.Status.FORBIDDEN);
            }
            logger.trace("AuthorizationHandler handleRequest checking for PermitAll");
            if (metadata.isPermitAll()) {
                logger.trace("AuthorizationHandler handleRequest: PermitAll found");
                return;
            }
            logger.trace("AuthorizationHandler handleRequest checking for RolesAllowed");
            String[] rolesAllowed = metadata.getRolesAllowed();
            if (rolesAllowed != null) {
                logger.trace("AuthorizationHandler handleRequest: RolesAllowed found: {}", (Object[]) rolesAllowed);
                for (String str : rolesAllowed) {
                    logger.trace("AuthorizationHandler handleRequest checking for this allowed role: {}", str);
                    if (((SecurityContext) messageContext.getAttribute(SecurityContext.class)).isUserInRole(str)) {
                        logger.trace("AuthorizationHandler handleRequest: about to exit with role access granted through role {} ", str);
                        return;
                    }
                }
            }
            if (was_securityHelperLoaded) {
                logger.trace("AuthorizationHandler handleRequest: about to exit with access denied");
                throw new WebApplicationException(Response.Status.FORBIDDEN);
            }
        } catch (WebApplicationException e) {
            logger.trace("Authorization to resource failed for user: {} trying to access resource {}", ((SecurityContext) messageContext.getAttribute(SecurityContext.class)).getUserPrincipal(), searchResult.getResource());
            throw e;
        }
    }

    public static boolean isWasAppSecurityEnabled() {
        try {
            Class<?> cls = Class.forName("com.ibm.websphere.security.WSSecurityHelper");
            if (cls == null) {
                return false;
            }
            Method declaredMethod = cls.getDeclaredMethod("isServerSecurityEnabled", (Class[]) null);
            Object newInstance = cls.newInstance();
            was_securityHelperLoaded = true;
            if (((Boolean) declaredMethod.invoke(newInstance, (Object[]) null)).booleanValue()) {
                logger.trace("AuthorizationHandler handleRequest: WebSphere Application Security is enabled");
                return true;
            }
            logger.trace("Exit from AuthorizationHandler handleRequest: WebSphere Application Security is not enabled");
            return false;
        } catch (Throwable th) {
            logger.trace("Warning: AuthorizationHandler handleRequest failed to load class com.ibm.websphere.security.WSSecurityHelper and caught exception: " + th.getMessage());
            return false;
        }
    }
}
