package com.xdja.pki.security.filter;

import com.xdja.pki.security.service.SecurityService;
import java.io.IOException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.util.StringUtils;
import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pki-security-core-2.0.0-SNAPSHOT.jar:com/xdja/pki/security/filter/CustomAuthorizationFilter.class */
public class CustomAuthorizationFilter extends PermissionsAuthorizationFilter {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CustomAuthorizationFilter.class);
    private SecurityService securityService;

    public CustomAuthorizationFilter() {
    }

    public CustomAuthorizationFilter(SecurityService securityService) {
        this.securityService = securityService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.filter.authz.AuthorizationFilter, org.apache.shiro.web.filter.AccessControlFilter
    public boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        boolean z = false;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (getSubject(servletRequest, servletResponse).getPrincipal() != null) {
            String unauthorizedUrl = getUnauthorizedUrl();
            if (StringUtils.hasText(unauthorizedUrl)) {
                boolean isAjaxRequest = isAjaxRequest(httpServletRequest);
                z = isAjaxRequest;
                if (!isAjaxRequest) {
                    WebUtils.issueRedirect(servletRequest, servletResponse, unauthorizedUrl);
                }
            } else {
                boolean isAjaxRequest2 = isAjaxRequest(httpServletRequest);
                z = isAjaxRequest2;
                if (!isAjaxRequest2) {
                    WebUtils.toHttp(servletResponse).sendError(401);
                }
            }
        } else if (isAjaxRequest(httpServletRequest)) {
            httpServletResponse.setStatus(401);
            render(httpServletResponse, this.securityService.unAuthenticationContent());
        } else {
            saveRequestAndRedirectToLogin(servletRequest, servletResponse);
        }
        if (!z) {
            return false;
        }
        httpServletResponse.setStatus(401);
        render(httpServletResponse, this.securityService.unAuthorizationContent());
        return false;
    }

    private boolean isAjaxRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("x-requested-with") != null && "XMLHttpRequest".equalsIgnoreCase(httpServletRequest.getHeader("x-requested-with"));
    }

    private void render(HttpServletResponse httpServletResponse, String str) {
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setHeader("Pragma", "No-cache");
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        httpServletResponse.setDateHeader("Expires", 0L);
        try {
            httpServletResponse.getWriter().write(str);
        } catch (IOException e) {
            LOG.error(String.format("Shiro自定义权限过滤器响应Ajax请求内容异常，原因：%s", e.getMessage()), (Throwable) e);
        }
    }
}
