package org.apache.shiro.spring.remoting;

import java.io.Serializable;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.catalina.Lifecycle;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.NativeSessionManager;
import org.apache.shiro.session.mgt.SessionKey;
import org.apache.shiro.session.mgt.SessionManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.remoting.support.DefaultRemoteInvocationFactory;
import org.springframework.remoting.support.RemoteInvocation;

/* loaded from: input_file:WEB-INF/lib/shiro-spring-1.4.0.jar:org/apache/shiro/spring/remoting/SecureRemoteInvocationFactory.class */
public class SecureRemoteInvocationFactory extends DefaultRemoteInvocationFactory {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SecureRemoteInvocationFactory.class);
    public static final String SESSION_ID_KEY = SecureRemoteInvocationFactory.class.getName() + ".SESSION_ID_KEY";
    public static final String HOST_KEY = SecureRemoteInvocationFactory.class.getName() + ".HOST_KEY";
    private static final String SESSION_ID_SYSTEM_PROPERTY_NAME = "shiro.session.id";
    private String sessionId;

    public SecureRemoteInvocationFactory() {
    }

    public SecureRemoteInvocationFactory(String str) {
        this();
        this.sessionId = str;
    }

    @Override // org.springframework.remoting.support.DefaultRemoteInvocationFactory, org.springframework.remoting.support.RemoteInvocationFactory
    public RemoteInvocation createRemoteInvocation(MethodInvocation methodInvocation) {
        Session session;
        Serializable serializable = null;
        String str = null;
        boolean z = false;
        Class<?> declaringClass = methodInvocation.getMethod().getDeclaringClass();
        if (SessionManager.class.equals(declaringClass) || NativeSessionManager.class.equals(declaringClass)) {
            z = true;
            if (!methodInvocation.getMethod().getName().equals(Lifecycle.START_EVENT)) {
                serializable = ((SessionKey) methodInvocation.getArguments()[0]).getSessionId();
            }
        }
        if (serializable == null) {
            serializable = this.sessionId;
        }
        if (serializable == null) {
            try {
                SecurityUtils.getSecurityManager();
                if (!z && (session = SecurityUtils.getSubject().getSession(false)) != null) {
                    serializable = session.getId();
                    str = session.getHost();
                }
            } catch (Exception e) {
                log.trace("No security manager set. Trying next to get session id from system property");
            }
        }
        if (serializable == null) {
            if (log.isTraceEnabled()) {
                log.trace("No Session found for the currently executing subject via subject.getSession(false).  Attempting to revert back to the 'shiro.session.id' system property...");
            }
            serializable = System.getProperty(SESSION_ID_SYSTEM_PROPERTY_NAME);
            if (serializable == null && log.isTraceEnabled()) {
                log.trace("No 'shiro.session.id' system property found.  Heuristics have been exhausted; RemoteInvocation will not contain a sessionId.");
            }
        }
        RemoteInvocation remoteInvocation = new RemoteInvocation(methodInvocation);
        if (serializable != null) {
            remoteInvocation.addAttribute(SESSION_ID_KEY, serializable);
        }
        if (str != null) {
            remoteInvocation.addAttribute(HOST_KEY, str);
        }
        return remoteInvocation;
    }
}
