package org.glassfish.soteria.test;

import java.io.IOException;
import javax.annotation.security.DeclareRoles;
import javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition;
import javax.security.enterprise.authentication.mechanism.http.LoginToContinue;
import javax.servlet.ServletException;
import javax.servlet.annotation.HttpConstraint;
import javax.servlet.annotation.ServletSecurity;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@CustomFormAuthenticationMechanismDefinition(loginToContinue = @LoginToContinue(loginPage = "/login.jsf", errorPage = ""))
@WebServlet({"/servlet"})
@ServletSecurity(@HttpConstraint(rolesAllowed = {"foo"}))
@DeclareRoles({"foo", "bar", "kaz"})
/* loaded from: input_file:WEB-INF/classes/org/glassfish/soteria/test/Servlet.class */
public class Servlet extends HttpServlet {
    private static final long serialVersionUID = 1;

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str = null;
        if (httpServletRequest.getUserPrincipal() != null) {
            str = httpServletRequest.getUserPrincipal().getName();
        }
        httpServletResponse.getWriter().write("<html><body> This is a servlet <br><br>\nweb username: " + str + "<br><br>\nweb user has role \"foo\": " + httpServletRequest.isUserInRole("foo") + "<br>\nweb user has role \"bar\": " + httpServletRequest.isUserInRole("bar") + "<br>\nweb user has role \"kaz\": " + httpServletRequest.isUserInRole("kaz") + "<br><br>\n<form method=\"POST\"><input type=\"hidden\" name=\"logout\" value=\"true\"  ><input type=\"submit\" value=\"Logout\"></form></body></html>");
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if ("true".equals(httpServletRequest.getParameter("logout"))) {
            httpServletRequest.logout();
            httpServletRequest.getSession().invalidate();
        }
        doGet(httpServletRequest, httpServletResponse);
    }
}
