package io.undertow.servlet.handlers.security;

import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.handlers.ServletRequestContext;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.DispatcherType;

/* loaded from: input_file:io/undertow/servlet/handlers/security/ServletSecurityRoleHandler.class */
public class ServletSecurityRoleHandler implements HttpHandler {
    private final HttpHandler next;

    public ServletSecurityRoleHandler(HttpHandler httpHandler) {
        this.next = httpHandler;
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        List<SingleConstraintMatch> requiredConstrains = servletRequestContext.getRequiredConstrains();
        SecurityContext securityContext = (SecurityContext) httpServerExchange.getAttachment(SecurityContext.ATTACHMENT_KEY);
        if (servletRequestContext.getServletRequest().getDispatcherType() != DispatcherType.REQUEST) {
            this.next.handleRequest(httpServerExchange);
            return;
        }
        if (requiredConstrains == null || requiredConstrains.isEmpty()) {
            this.next.handleRequest(httpServerExchange);
            return;
        }
        Account authenticatedAccount = securityContext.getAuthenticatedAccount();
        for (SingleConstraintMatch singleConstraintMatch : requiredConstrains) {
            boolean z = false;
            Set<String> requiredRoles = singleConstraintMatch.getRequiredRoles();
            if (!requiredRoles.isEmpty() || singleConstraintMatch.getEmptyRoleSemantic() == SecurityInfo.EmptyRoleSemantic.DENY) {
                Iterator<String> it = requiredRoles.iterator();
                while (true) {
                    if (it.hasNext()) {
                        if (authenticatedAccount.isUserInRole(it.next())) {
                            z = true;
                            break;
                        }
                    } else {
                        break;
                    }
                }
            } else {
                z = true;
            }
            if (!z) {
                servletRequestContext.getServletResponse().sendError(403);
                return;
            }
        }
        this.next.handleRequest(httpServerExchange);
    }
}
