package org.jboss.resteasy.plugins.interceptors;

import java.io.IOException;
import javax.annotation.Priority;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.jboss.resteasy.spi.ResteasyProviderFactory;

@Priority(2000)
/* loaded from: input_file:BOOT-INF/lib/resteasy-jaxrs-3.15.6.Final.jar:org/jboss/resteasy/plugins/interceptors/RoleBasedSecurityFilter.class */
public class RoleBasedSecurityFilter implements ContainerRequestFilter {
    protected String[] rolesAllowed;
    protected boolean denyAll;
    protected boolean permitAll;

    public RoleBasedSecurityFilter(String[] strArr, boolean z, boolean z2) {
        this.rolesAllowed = strArr;
        this.denyAll = z;
        this.permitAll = z2;
    }

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        SecurityContext securityContext;
        if (this.denyAll) {
            throw new ForbiddenException(Response.status(403).entity("Access forbidden: role not allowed").type("text/html;charset=UTF-8").build());
        }
        if (this.permitAll || this.rolesAllowed == null || (securityContext = (SecurityContext) ResteasyProviderFactory.getContextData(SecurityContext.class)) == null) {
            return;
        }
        for (String str : this.rolesAllowed) {
            if (securityContext.isUserInRole(str)) {
                return;
            }
        }
        throw new ForbiddenException(Response.status(403).entity("Access forbidden: role not allowed").type("text/html;charset=UTF-8").build());
    }
}
