package org.jboss.dashboard.ui.controller.requestChain;

import javax.servlet.ServletException;
import org.jboss.dashboard.workspace.Parameters;

/* loaded from: input_file:org/jboss/dashboard/ui/controller/requestChain/CSRFTokenProcessor.class */
public class CSRFTokenProcessor extends RequestChainProcessor {
    @Override // org.jboss.dashboard.ui.controller.requestChain.RequestChainProcessor
    protected boolean processRequest() throws Exception {
        CSRFTokenGenerator lookup = CSRFTokenGenerator.lookup();
        String parameter = getRequest().getParameter(lookup.getTokenName());
        if (parameter != null) {
            if (!lookup.isValidToken(parameter)) {
                throw new ServletException("CSRF token validation broken.");
            }
            lookup.generateToken();
            return true;
        }
        String parameter2 = getRequest().getParameter(Parameters.AJAX_ACTION);
        String servletPath = getRequest().getServletPath();
        boolean z = parameter2 != null && Boolean.parseBoolean(parameter2);
        boolean startsWith = servletPath.startsWith(FriendlyUrlProcessor.FRIENDLY_MAPPING);
        if (z || !startsWith) {
            throw new ServletException("CSRF token missing.");
        }
        return true;
    }
}
