package org.apache.cxf.interceptor.security;

import java.lang.reflect.Method;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.cxf.frontend.MethodDispatcher;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.service.Service;
import org.apache.cxf.service.model.BindingOperationInfo;
import org.mortbay.jetty.HttpStatus;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/cxf-rt-core-2.2.9.jar:org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.class
 */
/* loaded from: input_file:WEB-INF/lib/cxf-bundle-jaxrs-2.2.9.jar:org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.class */
public abstract class AbstractAuthorizingInInterceptor extends AbstractPhaseInterceptor<Message> {
    private static final String ALL_ROLES = "*";

    public AbstractAuthorizingInInterceptor() {
        super(Phase.PRE_INVOKE);
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(Message message) throws Fault {
        SecurityContext securityContext = (SecurityContext) message.get(SecurityContext.class);
        if (securityContext != null && !authorize(securityContext, getTargetMethod(message))) {
            throw new AccessDeniedException(HttpStatus.Unauthorized);
        }
    }

    private Method getTargetMethod(Message message) {
        return ((MethodDispatcher) ((Service) message.getExchange().get(Service.class)).get(MethodDispatcher.class.getName())).getMethod((BindingOperationInfo) message.getExchange().get(BindingOperationInfo.class));
    }

    protected boolean authorize(SecurityContext securityContext, Method method) {
        List<String> expectedRoles = getExpectedRoles(method);
        if (!expectedRoles.isEmpty()) {
            return isUserInRole(securityContext, expectedRoles, false);
        }
        List<String> denyRoles = getDenyRoles(method);
        if (denyRoles.isEmpty()) {
            return true;
        }
        return isUserInRole(securityContext, denyRoles, true);
    }

    private boolean isUserInRole(SecurityContext securityContext, List<String> list, boolean z) {
        if (list.size() == 1 && "*".equals(list.get(0))) {
            return !z;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (securityContext.isUserInRole(it.next())) {
                return !z;
            }
        }
        return z;
    }

    protected abstract List<String> getExpectedRoles(Method method);

    protected List<String> getDenyRoles(Method method) {
        return Collections.emptyList();
    }
}
