package org.apache.shiro.biz.web.filter;

import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.serializer.SerializerFeature;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.collections.MapUtils;
import org.apache.shiro.biz.authc.AuthcResponse;
import org.apache.shiro.biz.utils.WebUtils;
import org.apache.shiro.biz.web.servlet.http.HttpStatus;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/apache/shiro/biz/web/filter/HttpServletRequestReferrerFilter.class */
public class HttpServletRequestReferrerFilter extends AccessControlFilter {
    protected Logger LOG = LoggerFactory.getLogger(getClass());
    protected PathMatcher matcher = new AntPathMatcher();
    private final HttpServletReferrerProperties properties;

    public HttpServletRequestReferrerFilter(HttpServletReferrerProperties httpServletReferrerProperties) {
        this.properties = httpServletReferrerProperties;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        String header = http.getHeader(this.properties.getRefererHeaderName());
        if (StringUtils.isEmpty(header)) {
            return false;
        }
        if (MapUtils.isNotEmpty(this.properties.getAllowedRefererPatterns())) {
            for (Map.Entry<String, String> entry : this.properties.getAllowedRefererPatterns().entrySet()) {
                if (this.matcher.match(entry.getKey(), http.getRequestURI())) {
                    Iterator it = StringUtils.commaDelimitedListToSet(entry.getValue()).iterator();
                    while (it.hasNext()) {
                        if (this.matcher.match((String) it.next(), header)) {
                            return true;
                        }
                    }
                }
            }
        }
        if (!this.LOG.isDebugEnabled()) {
            return false;
        }
        this.LOG.debug("Not Allowed Access Referrer : {}.", header);
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        String format = String.format("Request Denied! Request Referer {%s} is Not Allowed.", WebUtils.toHttp(servletRequest).getHeader(this.properties.getRefererHeaderName()));
        if (!WebUtils.isAjaxResponse(servletRequest)) {
            WebUtils.toHttp(servletResponse).sendError(HttpStatus.SC_FORBIDDEN, format);
            return false;
        }
        WebUtils.toHttp(servletResponse).setStatus(HttpStatus.SC_FORBIDDEN);
        servletResponse.setContentType("application/json;charset=UTF-8");
        JSONObject.writeJSONString(servletResponse.getWriter(), AuthcResponse.error(format), new SerializerFeature[0]);
        return false;
    }
}
