package org.springframework.security.access.expression.method;

import java.util.Collection;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.Expression;
import org.springframework.security.access.expression.ExpressionUtils;
import org.springframework.security.access.prepost.PreInvocationAttribute;
import org.springframework.security.access.prepost.PreInvocationAuthorizationAdvice;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-396-02.zip:modules/system/layers/fuse/org/springframework/security/main/spring-security-core-3.2.10.RELEASE.jar:org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.class */
public class ExpressionBasedPreInvocationAdvice implements PreInvocationAuthorizationAdvice {
    private MethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();

    @Override // org.springframework.security.access.prepost.PreInvocationAuthorizationAdvice
    public boolean before(Authentication authentication, MethodInvocation methodInvocation, PreInvocationAttribute preInvocationAttribute) {
        PreInvocationExpressionAttribute preInvocationExpressionAttribute = (PreInvocationExpressionAttribute) preInvocationAttribute;
        EvaluationContext createEvaluationContext = this.expressionHandler.createEvaluationContext(authentication, methodInvocation);
        Expression filterExpression = preInvocationExpressionAttribute.getFilterExpression();
        Expression authorizeExpression = preInvocationExpressionAttribute.getAuthorizeExpression();
        if (filterExpression != null) {
            this.expressionHandler.filter(findFilterTarget(preInvocationExpressionAttribute.getFilterTarget(), createEvaluationContext, methodInvocation), filterExpression, createEvaluationContext);
        }
        if (authorizeExpression == null) {
            return true;
        }
        return ExpressionUtils.evaluateAsBoolean(authorizeExpression, createEvaluationContext);
    }

    private Object findFilterTarget(String str, EvaluationContext evaluationContext, MethodInvocation methodInvocation) {
        Object obj = null;
        if (str.length() > 0) {
            obj = evaluationContext.lookupVariable(str);
            if (obj == null) {
                throw new IllegalArgumentException("Filter target was null, or no argument with name " + str + " found in method");
            }
        } else if (methodInvocation.getArguments().length == 1) {
            Object obj2 = methodInvocation.getArguments()[0];
            if (obj2.getClass().isArray() || (obj2 instanceof Collection)) {
                obj = obj2;
            }
            if (obj == null) {
                throw new IllegalArgumentException("A PreFilter expression was set but the method argument type" + obj2.getClass() + " is not filterable");
            }
        }
        if (obj.getClass().isArray()) {
            throw new IllegalArgumentException("Pre-filtering on array types is not supported. Using a Collection will solve this problem");
        }
        return obj;
    }

    public void setExpressionHandler(MethodSecurityExpressionHandler methodSecurityExpressionHandler) {
        this.expressionHandler = methodSecurityExpressionHandler;
    }
}
