package org.squashtest.tm.web.internal.interceptor;

import java.io.IOException;
import javax.inject.Inject;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.expression.WebSecurityExpressionRoot;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

@Component
/* loaded from: input_file:org/squashtest/tm/web/internal/interceptor/SecurityExpressionResolverExposerInterceptor.class */
public class SecurityExpressionResolverExposerInterceptor extends HandlerInterceptorAdapter {

    @Inject
    private PermissionEvaluator permissionEvaluator;
    private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityExpressionResolverExposerInterceptor.class);
    private static final FilterChain DUMMY_CHAIN = new FilterChain() { // from class: org.squashtest.tm.web.internal.interceptor.SecurityExpressionResolverExposerInterceptor.1
        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            throw new UnsupportedOperationException();
        }
    };

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) {
        if (modelAndView == null || !modelAndView.hasView() || StringUtils.startsWith(modelAndView.getViewName(), "redirect:")) {
            return;
        }
        FilterInvocation filterInvocation = new FilterInvocation(httpServletRequest, httpServletResponse, DUMMY_CHAIN);
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            LOGGER.debug("No authentication available for '{}{}'. Thymeleaf won't have access to '#sec' in view '{}'", new Object[]{httpServletRequest.getServletPath(), httpServletRequest.getPathInfo(), modelAndView.getViewName()});
            return;
        }
        WebSecurityExpressionRoot webSecurityExpressionRoot = new WebSecurityExpressionRoot(authentication, filterInvocation);
        webSecurityExpressionRoot.setTrustResolver(this.trustResolver);
        webSecurityExpressionRoot.setPermissionEvaluator(this.permissionEvaluator);
        modelAndView.addObject("sec", webSecurityExpressionRoot);
    }
}
