package com.xdja.platform.security.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/platform-security-standard-2.0.3-SNAPSHOT.jar:com/xdja/platform/security/filter/SessionTimeoutFilter.class */
public class SessionTimeoutFilter extends FormAuthenticationFilter {
    private static final Logger log = LoggerFactory.getLogger(SessionTimeoutFilter.class);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.filter.authc.FormAuthenticationFilter, org.apache.shiro.web.filter.AccessControlFilter
    public boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (isLoginRequest(servletRequest, servletResponse)) {
            if (isLoginSubmission(servletRequest, servletResponse)) {
                if (log.isTraceEnabled()) {
                    log.trace("Login submission detected.  Attempting to execute login.");
                }
                return executeLogin(servletRequest, servletResponse);
            }
            if (!log.isTraceEnabled()) {
                return true;
            }
            log.trace("Login page view.");
            return true;
        }
        if (log.isTraceEnabled()) {
            log.trace("Attempting to access a path which requires authentication.  Forwarding to the Authentication url [" + getLoginUrl() + "]");
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletRequest.getHeader("x-requested-with") != null && httpServletRequest.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")) {
            httpServletResponse.setHeader("sessionstatus", "timeout");
            return false;
        }
        String loginUrl = getLoginUrl();
        if (!httpServletRequest.getRequestURI().startsWith(httpServletRequest.getContextPath() + "/index.do")) {
            loginUrl = loginUrl + "?sessionTimeoutFlag=true";
        }
        saveRequest(servletRequest);
        WebUtils.issueRedirect(servletRequest, servletResponse, loginUrl);
        return false;
    }
}
