package pl.touk.widerest.security.oauth2;

import java.util.Set;
import java.util.function.Supplier;
import javax.annotation.Resource;
import org.broadleafcommerce.common.web.filter.StatelessSessionFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;

@EnableResourceServer
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:pl/touk/widerest/security/oauth2/ResourceServerConfig.class */
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    public static final String API_PATH = "/v1";

    @Autowired
    TokenStore tokenStore;

    @Autowired(required = false)
    Supplier<String> resourceIdSupplier;

    @Resource
    StatelessSessionFilter statelessSessionFilter;

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) throws Exception {
        resourceServerSecurityConfigurer.tokenStore(this.tokenStore).resourceId((String) null).authenticationManager(new OAuth2AuthenticationManager() { // from class: pl.touk.widerest.security.oauth2.ResourceServerConfig.1
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                OAuth2Authentication authenticate = super.authenticate(authentication);
                Set resourceIds = authenticate.getOAuth2Request().getResourceIds();
                if (resourceIds == null || resourceIds.isEmpty() || (ResourceServerConfig.this.resourceIdSupplier != null && resourceIds.contains(ResourceServerConfig.this.resourceIdSupplier.get()))) {
                    return authenticate;
                }
                throw new OAuth2AccessDeniedException("Invalid token does not contain resource id (" + ResourceServerConfig.this.resourceIdSupplier.get() + ")");
            }
        });
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((HttpSecurity.RequestMatcherConfigurer) httpSecurity.requestMatchers().antMatchers(new String[]{"/v1/**"})).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().addFilterBefore(this.statelessSessionFilter, ChannelProcessingFilter.class).authorizeRequests().anyRequest()).permitAll();
    }
}
