package org.springframework.security.taglibs.authz;

import java.io.IOException;
import java.util.Map;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.springframework.core.GenericTypeResolver;
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.ParseException;
import org.springframework.security.access.expression.ExpressionUtils;
import org.springframework.security.access.expression.SecurityExpressionHandler;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
import org.springframework.security.web.context.support.SecurityWebApplicationContextUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/spring-security-taglibs-5.7.11.jar:org/springframework/security/taglibs/authz/AbstractAuthorizeTag.class */
public abstract class AbstractAuthorizeTag {
    private String access;
    private String url;
    private String method = "GET";

    protected abstract ServletRequest getRequest();

    protected abstract ServletResponse getResponse();

    protected abstract ServletContext getServletContext();

    public boolean authorize() throws IOException {
        if (StringUtils.hasText(getAccess())) {
            return authorizeUsingAccessExpression();
        }
        if (StringUtils.hasText(getUrl())) {
            return authorizeUsingUrlCheck();
        }
        return false;
    }

    public boolean authorizeUsingAccessExpression() throws IOException {
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            return false;
        }
        SecurityExpressionHandler<FilterInvocation> expressionHandler = getExpressionHandler();
        try {
            return ExpressionUtils.evaluateAsBoolean(expressionHandler.getExpressionParser().parseExpression(getAccess()), createExpressionEvaluationContext(expressionHandler));
        } catch (ParseException e) {
            throw new IOException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public EvaluationContext createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation> securityExpressionHandler) {
        return securityExpressionHandler.createEvaluationContext(SecurityContextHolder.getContext().getAuthentication(), new FilterInvocation(getRequest(), getResponse(), (servletRequest, servletResponse) -> {
            throw new UnsupportedOperationException();
        }));
    }

    public boolean authorizeUsingUrlCheck() throws IOException {
        return getPrivilegeEvaluator().isAllowed(((HttpServletRequest) getRequest()).getContextPath(), getUrl(), getMethod(), SecurityContextHolder.getContext().getAuthentication());
    }

    public String getAccess() {
        return this.access;
    }

    public void setAccess(String str) {
        this.access = str;
    }

    public String getUrl() {
        return this.url;
    }

    public void setUrl(String str) {
        this.url = str;
    }

    public String getMethod() {
        return this.method;
    }

    public void setMethod(String str) {
        this.method = str != null ? str.toUpperCase() : null;
    }

    private SecurityExpressionHandler<FilterInvocation> getExpressionHandler() throws IOException {
        for (SecurityExpressionHandler<FilterInvocation> securityExpressionHandler : SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(getServletContext()).getBeansOfType(SecurityExpressionHandler.class).values()) {
            if (FilterInvocation.class.equals(GenericTypeResolver.resolveTypeArgument(securityExpressionHandler.getClass(), SecurityExpressionHandler.class))) {
                return securityExpressionHandler;
            }
        }
        throw new IOException("No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.");
    }

    private WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() throws IOException {
        WebInvocationPrivilegeEvaluator webInvocationPrivilegeEvaluator = (WebInvocationPrivilegeEvaluator) getRequest().getAttribute(WebAttributes.WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE);
        if (webInvocationPrivilegeEvaluator != null) {
            return webInvocationPrivilegeEvaluator;
        }
        Map beansOfType = SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(getServletContext()).getBeansOfType(WebInvocationPrivilegeEvaluator.class);
        if (beansOfType.size() == 0) {
            throw new IOException("No visible WebInvocationPrivilegeEvaluator instance could be found in the application context. There must be at least one in order to support the use of URL access checks in 'authorize' tags.");
        }
        return (WebInvocationPrivilegeEvaluator) beansOfType.values().toArray()[0];
    }
}
