package com.xdja.saps.view.system.auth.config;

import com.xdja.saps.view.system.auth.bean.Function;
import com.xdja.saps.view.system.auth.filter.CustomAuthorizationFilter;
import com.xdja.saps.view.system.auth.filter.KickOutSessionFilter;
import com.xdja.saps.view.system.auth.filter.SessionTimeoutFilter;
import com.xdja.saps.view.system.auth.realm.CustomShiroRealm;
import com.xdja.saps.view.system.auth.service.IAuthService;
import com.xdja.saps.view.system.auth.utils.SessionUtils;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.SessionListenerAdapter;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.session.mgt.eis.MemorySessionDAO;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.subject.support.DefaultSubjectContext;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.Cookie;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
/* loaded from: input_file:com/xdja/saps/view/system/auth/config/SapsShiroConfig.class */
public class SapsShiroConfig {
    private static final Logger log = LoggerFactory.getLogger(SapsShiroConfig.class);
    public static final String SHIRO_SESSION_KEY = "shiro-kickout-session";

    @Value("${session.expires:30}")
    private Integer sessionTimeout;
    private final IAuthService authService;

    public SapsShiroConfig(IAuthService iAuthService) {
        this.authService = iAuthService;
    }

    @Bean
    public CustomShiroRealm customShiroRealm() {
        return new CustomShiroRealm(this.authService);
    }

    @Bean
    public SessionManager sessionManager(@Autowired SessionDAO sessionDAO, @Autowired Cookie cookie, @Autowired final CacheManager cacheManager) {
        DefaultWebSessionManager defaultWebSessionManager = new DefaultWebSessionManager();
        defaultWebSessionManager.setSessionDAO(sessionDAO);
        defaultWebSessionManager.setGlobalSessionTimeout(this.sessionTimeout.intValue() * 60 * 1000);
        defaultWebSessionManager.setSessionIdCookie(cookie);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new SessionListenerAdapter() { // from class: com.xdja.saps.view.system.auth.config.SapsShiroConfig.1
            public void onExpiration(Session session) {
                super.onExpiration(session);
                SessionUtils.removeCacheSession(session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY).toString(), session.getId(), cacheManager.getCache(SapsShiroConfig.SHIRO_SESSION_KEY));
            }
        });
        defaultWebSessionManager.setSessionListeners(arrayList);
        return defaultWebSessionManager;
    }

    @Bean
    public SessionDAO sessionDAO() {
        return new MemorySessionDAO();
    }

    @Bean
    public CacheManager cacheManager() {
        return new MemoryConstrainedCacheManager();
    }

    @Bean
    public Cookie cookieDAO() {
        SimpleCookie simpleCookie = new SimpleCookie();
        simpleCookie.setName("WEBSID");
        return simpleCookie;
    }

    @Bean
    public SecurityManager securityManager(@Autowired SessionManager sessionManager) {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(customShiroRealm());
        defaultWebSecurityManager.setSessionManager(sessionManager);
        return defaultWebSecurityManager;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(@Autowired CacheManager cacheManager, @Autowired SecurityManager securityManager) {
        log.info("==>开始加载Shiro权限");
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        HashMap hashMap = new HashMap();
        hashMap.put("authc", new SessionTimeoutFilter(this.authService));
        hashMap.put("kickout", new KickOutSessionFilter(cacheManager, securityManager, this.authService));
        hashMap.put("perms", new CustomAuthorizationFilter(this.authService));
        shiroFilterFactoryBean.setFilters(hashMap);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        Collection<String> whiteLink = this.authService.getWhiteLink();
        if (null != whiteLink && !whiteLink.isEmpty()) {
            Iterator<String> it = whiteLink.iterator();
            while (it.hasNext()) {
                linkedHashMap.put(it.next(), "anon");
            }
        }
        processPermission(linkedHashMap, this.authService.getFunctions());
        linkedHashMap.put("/**", "kickout, authc, perms");
        if (log.isDebugEnabled()) {
            log.debug("系统已加载权限列表为：{}", linkedHashMap);
        }
        shiroFilterFactoryBean.setFilterChainDefinitionMap(linkedHashMap);
        log.info("==>Shiro权限加载完成");
        return shiroFilterFactoryBean;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Autowired SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

    private void processPermission(Map<String, String> map, Collection<Function> collection) {
        if (null == collection || collection.isEmpty()) {
            return;
        }
        for (Function function : collection) {
            if (StringUtils.isNotBlank(function.getApi()) && StringUtils.isNotBlank(function.getPermission())) {
                map.put(function.getApi(), "perms[" + function.getPermission() + "], kickout, authc");
            }
        }
    }
}
