package org.gatein.management.gadget.mop.exportimport.server;

import com.google.gwt.http.client.Response;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Iterator;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.exoplatform.container.web.AbstractFilter;
import org.exoplatform.services.security.ConversationRegistry;
import org.exoplatform.services.security.ConversationState;
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.web.HttpSessionStateKey;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/org/gatein/management/gadget/mop/exportimport/server/IdentityFilter.class */
public class IdentityFilter extends AbstractFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(IdentityFilter.class);
    private String role;
    private String group;
    private String user;

    protected void afterInit(FilterConfig filterConfig) throws ServletException {
        this.role = filterConfig.getInitParameter("role");
        this.group = filterConfig.getInitParameter("group");
        this.user = filterConfig.getInitParameter("user");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        ConversationState state = ((ConversationRegistry) getContainer().getComponentInstanceOfType(ConversationRegistry.class)).getState(new HttpSessionStateKey(httpServletRequest.getSession()));
        if (state == null) {
            log.error("Conversation state not found. This typically means the GWT Gadget application is either being access anonymously or from outside the portal.");
            handleError(httpServletRequest, httpServletResponse, Response.SC_UNAUTHORIZED);
            return;
        }
        Identity identity = state.getIdentity();
        if (identity == null) {
            log.error("Identity not found from conversation state. This should not happen. GWT Gadget will not process");
            handleError(httpServletRequest, httpServletResponse, Response.SC_UNAUTHORIZED);
            return;
        }
        ConversationState.setCurrent(state);
        if (this.role == null && this.group == null && this.user == null) {
            log.error("Neither role, group, or user was configured as part of init-param of IdentityFilter for GWT Gadget application.");
            handleError(httpServletRequest, httpServletResponse, Response.SC_INTERNAL_SERVER_ERROR);
            return;
        }
        if (this.role != null) {
            Iterator it = identity.getRoles().iterator();
            while (it.hasNext()) {
                if (this.role.equals((String) it.next())) {
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                }
            }
        }
        if (this.group != null && identity.isMemberOf(this.group)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else if (this.user != null && this.user.equals(identity.getUserId())) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            log.error("GWT Gadget not authorized for user " + identity.getUserId() + ". Check the filter configuration for IdentityFilter in web.xml.");
            handleError(httpServletRequest, httpServletResponse, Response.SC_UNAUTHORIZED);
        }
    }

    public void destroy() {
    }

    private void handleError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i) throws IOException {
        if (!httpServletRequest.getServletPath().equals("/exportimport/upload")) {
            httpServletResponse.sendError(i);
            return;
        }
        httpServletResponse.setContentType("text/plain");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write("<response><error>Resource not available</error></response>");
        writer.flush();
        writer.close();
    }
}
