package info.elexis.server.core.security.oauth2;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.oltu.oauth2.common.utils.OAuthUtils;
import org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.support.DefaultSubjectContext;
import org.apache.shiro.util.StringUtils;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:info/elexis/server/core/security/oauth2/AuthenticatingResourceFilter.class */
public class AuthenticatingResourceFilter extends AuthenticatingFilter {
    private Logger log = LoggerFactory.getLogger(AuthenticatingResourceFilter.class);

    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        return new AccessToken(new OAuthAccessResourceRequest((HttpServletRequest) servletRequest).getAccessToken(), servletRequest.getRemoteHost());
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        WebUtils.toHttp(servletResponse).sendError(401);
        return false;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (!OAuthUtils.isEmpty(httpServletRequest.getHeader("Authorization"))) {
            try {
                if (StringUtils.hasLength(new OAuthAccessResourceRequest(httpServletRequest).getAccessToken())) {
                    servletRequest.setAttribute(DefaultSubjectContext.SESSION_CREATION_ENABLED, Boolean.FALSE);
                    return executeLogin(servletRequest, servletResponse);
                }
            } catch (Exception e) {
                this.log.warn("isAccessAllowed", e);
            }
        }
        return isPermissive(obj);
    }
}
