package org.bibsonomy.webapp.util.spring.security;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.bibsonomy.util.ValidationUtils;
import org.bibsonomy.util.spring.security.UserAdapter;
import org.bibsonomy.webapp.util.spring.security.authentication.SessionAuthenticationToken;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.context.HttpRequestResponseHolder;
import org.springframework.security.web.context.SecurityContextRepository;

/* loaded from: input_file:WEB-INF/classes/org/bibsonomy/webapp/util/spring/security/UsernameSecurityContextRepository.class */
public class UsernameSecurityContextRepository implements SecurityContextRepository {
    private static final String ATTRIBUTE_LOGIN_USER_NAME = "LOGIN_USER_NAME";

    @Deprecated
    private static final String REQ_ATTRIB_USER = "user";
    private UserDetailsService service;
    private final AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();

    @Override // org.springframework.security.web.context.SecurityContextRepository
    public SecurityContext loadContext(HttpRequestResponseHolder httpRequestResponseHolder) {
        HttpServletRequest request = httpRequestResponseHolder.getRequest();
        SecurityContextImpl securityContextImpl = new SecurityContextImpl();
        String loginUser = getLoginUser(request);
        if (ValidationUtils.present(loginUser)) {
            UserDetails loadUserByUsername = this.service.loadUserByUsername(loginUser);
            securityContextImpl.setAuthentication(new SessionAuthenticationToken(loadUserByUsername, loadUserByUsername.getAuthorities()));
            request.setAttribute("user", ((UserAdapter) loadUserByUsername).getUser());
        }
        return securityContextImpl;
    }

    @Override // org.springframework.security.web.context.SecurityContextRepository
    public void saveContext(SecurityContext securityContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        setLoginUser(httpServletRequest, securityContext.getAuthentication());
    }

    private static String getLoginUser(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession();
        if (session == null) {
            return null;
        }
        return (String) session.getAttribute(ATTRIBUTE_LOGIN_USER_NAME);
    }

    private void setLoginUser(HttpServletRequest httpServletRequest, Authentication authentication) {
        if (!this.authenticationTrustResolver.isAnonymous(authentication) && ValidationUtils.present(authentication)) {
            httpServletRequest.getSession(true).setAttribute(ATTRIBUTE_LOGIN_USER_NAME, ((UserDetails) authentication.getPrincipal()).getUsername());
        }
    }

    @Override // org.springframework.security.web.context.SecurityContextRepository
    public boolean containsContext(HttpServletRequest httpServletRequest) {
        return getLoginUser(httpServletRequest) != null;
    }

    public void setService(UserDetailsService userDetailsService) {
        this.service = userDetailsService;
    }
}
