package io.undertow.servlet.handlers.security;

import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.handlers.ServletAttachments;
import io.undertow.servlet.spec.HttpServletRequestImpl;
import io.undertow.servlet.spec.HttpServletResponseImpl;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.DispatcherType;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:io/undertow/servlet/handlers/security/ServletSecurityRoleHandler.class */
public class ServletSecurityRoleHandler implements HttpHandler {
    private final HttpHandler next;

    public ServletSecurityRoleHandler(HttpHandler httpHandler) {
        this.next = httpHandler;
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        List<Set> attachmentList = httpServerExchange.getAttachmentList(ServletAttachments.REQUIRED_ROLES);
        SecurityContext securityContext = (SecurityContext) httpServerExchange.getAttachment(SecurityContext.ATTACHMENT_KEY);
        if (HttpServletRequestImpl.getRequestImpl((ServletRequest) httpServerExchange.getAttachment(HttpServletRequestImpl.ATTACHMENT_KEY)).getDispatcherType() != DispatcherType.REQUEST) {
            this.next.handleRequest(httpServerExchange);
            return;
        }
        if (attachmentList == null || attachmentList.isEmpty()) {
            this.next.handleRequest(httpServerExchange);
            return;
        }
        for (Set set : attachmentList) {
            boolean z = false;
            Account authenticatedAccount = securityContext.getAuthenticatedAccount();
            Iterator it = set.iterator();
            while (true) {
                if (it.hasNext()) {
                    if (authenticatedAccount.isUserInRole((String) it.next())) {
                        z = true;
                        break;
                    }
                } else {
                    break;
                }
            }
            if (!z) {
                ((HttpServletResponse) httpServerExchange.getAttachment(HttpServletResponseImpl.ATTACHMENT_KEY)).sendError(403);
                return;
            }
        }
        this.next.handleRequest(httpServerExchange);
    }
}
