package org.jboss.seam.interceptors;

import java.lang.reflect.Method;
import org.jboss.seam.annotations.AroundInvoke;
import org.jboss.seam.annotations.Interceptor;
import org.jboss.seam.annotations.security.Restrict;
import org.jboss.seam.intercept.InvocationContext;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.SeamSecurityManager;

@Interceptor(stateless = true, around = {ValidationInterceptor.class}, within = {BijectionInterceptor.class})
/* loaded from: input_file:org/jboss/seam/interceptors/SecurityInterceptor.class */
public class SecurityInterceptor extends AbstractInterceptor {
    @AroundInvoke
    public Object checkSecurity(InvocationContext invocationContext) throws Exception {
        Restrict restrict = null;
        Method method = invocationContext.getMethod();
        if (method.isAnnotationPresent(Restrict.class)) {
            restrict = (Restrict) method.getAnnotation(Restrict.class);
        } else if (method.getDeclaringClass().isAnnotationPresent(Restrict.class)) {
            restrict = (Restrict) method.getDeclaringClass().getAnnotation(Restrict.class);
        }
        if (restrict != null) {
            if (!Identity.instance().isValid()) {
                throw new SecurityException("Invalid identity");
            }
            if (!SeamSecurityManager.instance().evaluateExpression(restrict.value())) {
                throw new SecurityException(String.format("Authorization check failed for expression [%s]", restrict.value()));
            }
        }
        return invocationContext.proceed();
    }
}
