package com.kanq.plateform.base.common.shiro.filter;

import com.kanq.plateform.base.common.shiro.ShiroUtils;
import com.kanq.qd.use.entity.ResponseBean;
import java.io.Serializable;
import java.util.Deque;
import java.util.LinkedList;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.DefaultSessionKey;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.filter.PathMatchingFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/kanq/plateform/base/common/shiro/filter/KickoutSessionControlFilter.class */
public class KickoutSessionControlFilter extends AccessControlFilter {
    private static final Logger LOG = LoggerFactory.getLogger(KickoutSessionControlFilter.class);
    private static final String KICKOUT_FLAG = "kickout";
    private String kickoutUrl;
    private boolean kickoutAfter = false;
    private int maxSession = 1;
    private SessionManager sessionManager;
    private Cache<String, Deque<Serializable>> cache;

    public void setKickoutUrl(String str) {
        this.kickoutUrl = str;
    }

    public void setKickoutAfter(boolean z) {
        this.kickoutAfter = z;
    }

    public void setMaxSession(int i) {
        this.maxSession = i;
    }

    public void setSessionManager(SessionManager sessionManager) {
        this.sessionManager = sessionManager;
    }

    public void setCacheManager(CacheManager cacheManager) {
        this.cache = cacheManager.getCache("shiro-kickout-session");
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        if (!LOG.isDebugEnabled()) {
            return false;
        }
        LogUtils.logDebugInfo(LOG, (PathMatchingFilter) this, servletRequest);
        LOG.debug("### we stop the request chain, transfer the login to [ onAccessDenied ] method.");
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (LOG.isDebugEnabled()) {
            LogUtils.logDebugInfo(LOG, (PathMatchingFilter) this, servletRequest);
        }
        Subject subject = getSubject(servletRequest, servletResponse);
        if (!subject.isAuthenticated() && !subject.isRemembered()) {
            if (!LOG.isDebugEnabled()) {
                return true;
            }
            LOG.debug("### the current request does note login, we do not need check if login more . so let is pass.");
            return true;
        }
        Session session = subject.getSession();
        String str = (String) subject.getPrincipal();
        Serializable id = session.getId();
        Deque deque = (Deque) this.cache.get(str);
        if (deque == null) {
            deque = new LinkedList();
            this.cache.put(str, deque);
        }
        if (!deque.contains(id) && session.getAttribute(KICKOUT_FLAG) == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("### the current session [ {} ] of request does not exist . we will save it.", id);
            }
            deque.push(id);
            this.cache.put(str, deque);
        }
        while (deque.size() > this.maxSession) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("### the count of current session [ {} ] has over the maxNumber [ {} ], begin to kickout some one.", Integer.valueOf(deque.size()), Integer.valueOf(this.maxSession));
            }
            Serializable serializable = this.kickoutAfter ? (Serializable) deque.removeFirst() : (Serializable) deque.removeLast();
            this.cache.put(str, deque);
            try {
                Session session2 = this.sessionManager.getSession(new DefaultSessionKey(serializable));
                if (session2 != null) {
                    session2.setAttribute(KICKOUT_FLAG, true);
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("### the  session [ {} ] has been kickout.", session2.getId());
                    }
                }
            } catch (Exception e) {
                LOG.error("### 该异常可忽略, {}", e.getMessage(), e);
            }
        }
        if (session.getAttribute(KICKOUT_FLAG) == null) {
            return true;
        }
        try {
            LOG.debug("### the  session [ {} ] has been kickout. so subject begin to logout...", session.getId());
            subject.logout();
            LOG.debug("### subject logout success ! session id is {}", session.getId());
        } catch (Exception e2) {
        }
        LOG.debug("### beigin to redirect to kickoutUrl [ {} ] !", this.kickoutUrl);
        saveRequest(servletRequest);
        ShiroUtils.issueRedirect(servletRequest, servletResponse, getRT(servletResponse));
        return false;
    }

    private ResponseBean<String> getRT(ServletResponse servletResponse) {
        HttpServletResponse http = WebUtils.toHttp(servletResponse);
        http.setHeader("SESSIONSTATUS", "TIMEOUT");
        http.setHeader("CONTEXTPATH", this.kickoutUrl);
        http.setStatus(401);
        ResponseBean<String> of = ResponseBean.of(this.kickoutUrl);
        of.setCode(-3);
        of.setMsg("该帐号已在其他地方登录, 您已被强制退出!");
        return of;
    }
}
