package com.xdja.platform.security.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:WEB-INF/lib/platform-security-standard-2.0.2.jar:com/xdja/platform/security/filter/KickoutSessionControlFilter.class */
public class KickoutSessionControlFilter extends AccessControlFilter {
    @Override // org.apache.shiro.web.filter.AccessControlFilter
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.filter.AccessControlFilter
    public boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        Subject subject = getSubject(servletRequest, servletResponse);
        if ((!subject.isAuthenticated() && !subject.isRemembered()) || subject.getSession().getAttribute("kickout") == null) {
            return true;
        }
        try {
            subject.logout();
        } catch (Exception e) {
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletRequest.getHeader("x-requested-with") != null && httpServletRequest.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")) {
            httpServletResponse.setHeader("sessionstatus", "timeout");
            return false;
        }
        String loginUrl = getLoginUrl();
        if (!httpServletRequest.getRequestURI().startsWith(httpServletRequest.getContextPath() + "/index.do")) {
            loginUrl = loginUrl + "?sessionTimeoutFlag=true";
        }
        saveRequest(servletRequest);
        WebUtils.issueRedirect(servletRequest, servletResponse, loginUrl);
        return false;
    }
}
