package io.undertow.servlet.handlers.security;

import io.undertow.security.api.RoleMappingManager;
import io.undertow.security.api.SecurityContext;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.blocking.BlockingHttpHandler;
import io.undertow.servlet.handlers.ServletAttachments;
import io.undertow.servlet.spec.HttpServletRequestImpl;
import io.undertow.servlet.spec.HttpServletResponseImpl;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.DispatcherType;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:io/undertow/servlet/handlers/security/ServletSecurityRoleHandler.class */
public class ServletSecurityRoleHandler implements BlockingHttpHandler {
    private final BlockingHttpHandler next;
    private final RoleMappingManager roleMappingManager;

    public ServletSecurityRoleHandler(BlockingHttpHandler blockingHttpHandler, RoleMappingManager roleMappingManager) {
        this.next = blockingHttpHandler;
        this.roleMappingManager = roleMappingManager;
    }

    @Override // io.undertow.server.handlers.blocking.BlockingHttpHandler
    public void handleBlockingRequest(HttpServerExchange httpServerExchange) throws Exception {
        List attachmentList = httpServerExchange.getAttachmentList(ServletAttachments.REQUIRED_ROLES);
        SecurityContext securityContext = (SecurityContext) httpServerExchange.getAttachment(SecurityContext.ATTACHMENT_KEY);
        httpServerExchange.putAttachment(ServletAttachments.SERVLET_ROLE_MAPPINGS, this.roleMappingManager);
        if (HttpServletRequestImpl.getRequestImpl((ServletRequest) httpServerExchange.getAttachment(HttpServletRequestImpl.ATTACHMENT_KEY)).getDispatcherType() != DispatcherType.REQUEST) {
            this.next.handleBlockingRequest(httpServerExchange);
            return;
        }
        if (attachmentList.isEmpty()) {
            this.next.handleBlockingRequest(httpServerExchange);
            return;
        }
        Iterator it = attachmentList.iterator();
        while (it.hasNext()) {
            boolean z = false;
            Iterator it2 = ((Set) it.next()).iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (this.roleMappingManager.isUserInRole((String) it2.next(), securityContext)) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                ((HttpServletResponse) httpServerExchange.getAttachment(HttpServletResponseImpl.ATTACHMENT_KEY)).sendError(HttpServletResponse.SC_FORBIDDEN);
                return;
            }
        }
        this.next.handleBlockingRequest(httpServerExchange);
    }
}
