package org.jboss.as.web.security.jaspi;

import java.io.IOException;
import javax.security.auth.Subject;
import javax.servlet.ServletException;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
import org.jboss.as.web.WebLogger;
import org.jboss.logging.Logger;
import org.jboss.security.SecurityConstants;
import org.jboss.security.auth.message.GenericMessageInfo;
import org.jboss.security.plugins.auth.JASPIServerAuthenticationManager;

/* loaded from: input_file:eap6/api-jars/jboss-as-web-7.1.1.Final.jar:org/jboss/as/web/security/jaspi/WebJASPIOptionalAuthenticator.class */
public class WebJASPIOptionalAuthenticator extends ValveBase {
    private static Logger log = Logger.getLogger("org.jboss.as.web.security");

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public void invoke(Request request, Response response) throws IOException, ServletException {
        if (getContainer().getRealm().findSecurityConstraints(request, (Context) getContainer()) == null) {
            log.tracef("Invoking optional JASPI authenticator for request context %s", request.getServletPath());
            GenericMessageInfo genericMessageInfo = new GenericMessageInfo();
            genericMessageInfo.setRequestMessage(request);
            genericMessageInfo.setResponseMessage(request.getResponse());
            genericMessageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", "false");
            WebJASPICallbackHandler webJASPICallbackHandler = new WebJASPICallbackHandler();
            JASPIServerAuthenticationManager jASPIServerAuthenticationManager = new JASPIServerAuthenticationManager();
            String str = request.getLocalName() + " " + request.getContextPath();
            if (jASPIServerAuthenticationManager.isValid(genericMessageInfo, new Subject(), SecurityConstants.SERVLET_LAYER, str, webJASPICallbackHandler)) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("JASPI validation for unprotected request context %s succeeded", request.getServletPath());
                jASPIServerAuthenticationManager.secureResponse(genericMessageInfo, new Subject(), SecurityConstants.SERVLET_LAYER, str, webJASPICallbackHandler);
            } else {
                WebLogger.WEB_SECURITY_LOGGER.failJASPIValidation(request.getServletPath());
            }
        }
        super.getNext().invoke(request, response);
    }
}
