package org.jboss.as.ejb3.security;

import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import org.jboss.as.ee.component.Component;
import org.jboss.as.ejb3.component.EJBComponent;
import org.jboss.as.ejb3.logging.EjbLogger;
import org.jboss.invocation.Interceptor;
import org.jboss.invocation.InterceptorContext;
import org.wildfly.clustering.ejb.BeanManagerFactoryServiceConfiguratorConfiguration;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.authz.Roles;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:m2repo/org/wildfly/wildfly-ejb3/18.0.1.Final/wildfly-ejb3-18.0.1.Final.jar:org/jboss/as/ejb3/security/RolesAllowedInterceptor.class */
public class RolesAllowedInterceptor implements Interceptor {
    private final Collection<String> rolesAllowed;
    static final RolesAllowedInterceptor DENY_ALL = new RolesAllowedInterceptor(Collections.emptyList());

    /* JADX INFO: Access modifiers changed from: package-private */
    public RolesAllowedInterceptor(Collection<String> collection) {
        this.rolesAllowed = collection;
    }

    @Override // org.jboss.invocation.Interceptor
    public Object processInvocation(InterceptorContext interceptorContext) throws Exception {
        Component component = (Component) interceptorContext.getPrivateData(Component.class);
        if (!(component instanceof EJBComponent)) {
            throw EjbLogger.ROOT_LOGGER.unexpectedComponent(component, EJBComponent.class);
        }
        Iterator<String> it = this.rolesAllowed.iterator();
        if (it.hasNext()) {
            SecurityIdentity currentSecurityIdentity = ((SecurityDomain) interceptorContext.getPrivateData(SecurityDomain.class)).getCurrentSecurityIdentity();
            Roles roles = currentSecurityIdentity.getRoles(BeanManagerFactoryServiceConfiguratorConfiguration.DEFAULT_CONTAINER_NAME, true);
            do {
                String next = it.next();
                if (roles.contains(next) || (next.equals("**") && !currentSecurityIdentity.isAnonymous())) {
                    return interceptorContext.proceed();
                }
            } while (it.hasNext());
        }
        throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(interceptorContext.getMethod(), ((EJBComponent) component).getComponentName());
    }
}
