package com.xdja.pki.ca.security.filter;

import com.xdja.pki.ca.security.service.SecurityService;
import java.io.IOException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.poi.ddf.EscherProperties;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpHeaders;

/* loaded from: input_file:WEB-INF/lib/ca-security-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/security/filter/KickoutSessionControlFilter.class */
public class KickoutSessionControlFilter extends AccessControlFilter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SessionTimeoutFilter.class);
    private SecurityService securityService;

    public KickoutSessionControlFilter(SecurityService securityService) {
        this.securityService = securityService;
    }

    @Override // org.apache.shiro.web.filter.AccessControlFilter
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.filter.AccessControlFilter
    public boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        Subject subject = getSubject(servletRequest, servletResponse);
        if ((!subject.isAuthenticated() && !subject.isRemembered()) || subject.getSession().getAttribute("kickout") == null) {
            return true;
        }
        try {
            subject.logout();
        } catch (Exception e) {
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletRequest.getHeader("x-requested-with") != null && httpServletRequest.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")) {
            httpServletResponse.setHeader("sessionstatus", "timeout");
            httpServletResponse.setStatus(EscherProperties.FILL__RECTLEFT);
            render(httpServletResponse, this.securityService.unAuthenticationContent());
            return false;
        }
        String loginUrl = getLoginUrl();
        if (!httpServletRequest.getRequestURI().startsWith(httpServletRequest.getContextPath() + "/index.do")) {
            loginUrl = loginUrl + "?sessionTimeoutFlag=true";
        }
        saveRequest(servletRequest);
        WebUtils.issueRedirect(servletRequest, servletResponse, loginUrl);
        return false;
    }

    private void render(HttpServletResponse httpServletResponse, String str) {
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.setHeader(HttpHeaders.PRAGMA, "No-cache");
        httpServletResponse.setHeader(HttpHeaders.CACHE_CONTROL, "no-cache");
        httpServletResponse.setDateHeader(HttpHeaders.EXPIRES, 0L);
        try {
            httpServletResponse.getWriter().write(str);
        } catch (IOException e) {
            log.error(String.format("Shiro自定义权限过滤器响应Ajax请求内容异常，原因：%s", e.getMessage()), (Throwable) e);
        }
    }
}
