package com.ibm.ws.webcontainer.security;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.kernel.security.thread.ThreadIdentityManager;
import com.ibm.ws.security.SecurityService;
import com.ibm.ws.security.authentication.principals.WSPrincipal;
import com.ibm.ws.security.authentication.tai.TAIService;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.authorization.AuthorizationService;
import com.ibm.ws.security.context.SubjectManager;
import com.ibm.ws.security.oauth20.OAuth20Service;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.registry.UserRegistry;
import com.ibm.ws.security.registry.UserRegistryService;
import com.ibm.ws.security.registry.ldap.UserInfoManager;
import com.ibm.ws.threadContext.ComponentMetaDataAccessorImpl;
import com.ibm.ws.webcontainer.filter.FilterInstanceWrapper;
import com.ibm.ws.webcontainer.security.internal.AuthResult;
import com.ibm.ws.webcontainer.security.internal.AuthenticationResult;
import com.ibm.ws.webcontainer.security.internal.BasicAuthAuthenticator;
import com.ibm.ws.webcontainer.security.internal.ChallengeReply;
import com.ibm.ws.webcontainer.security.internal.DenyReply;
import com.ibm.ws.webcontainer.security.internal.FormLoginExtensionProcessor;
import com.ibm.ws.webcontainer.security.internal.FormLogoutExtensionProcessor;
import com.ibm.ws.webcontainer.security.internal.HTTPSRedirectHandler;
import com.ibm.ws.webcontainer.security.internal.PermitReply;
import com.ibm.ws.webcontainer.security.internal.RedirectReply;
import com.ibm.ws.webcontainer.security.internal.SRTServletRequestUtils;
import com.ibm.ws.webcontainer.security.internal.TraceConstants;
import com.ibm.ws.webcontainer.security.internal.TrustAssociationManager;
import com.ibm.ws.webcontainer.security.internal.URLHandler;
import com.ibm.ws.webcontainer.security.internal.WebAppSecurityConfigImpl;
import com.ibm.ws.webcontainer.security.internal.WebReply;
import com.ibm.ws.webcontainer.security.internal.WebRequest;
import com.ibm.ws.webcontainer.security.internal.WebRequestImpl;
import com.ibm.ws.webcontainer.security.internal.WebSecurityCollaboratorException;
import com.ibm.ws.webcontainer.security.internal.WebSecurityContext;
import com.ibm.ws.webcontainer.security.internal.WebSecurityHelperImpl;
import com.ibm.ws.webcontainer.security.internal.metadata.MatchResponse;
import com.ibm.ws.webcontainer.security.metadata.FormLoginConfiguration;
import com.ibm.ws.webcontainer.security.metadata.LoginConfiguration;
import com.ibm.ws.webcontainer.security.metadata.SecurityConstraint;
import com.ibm.ws.webcontainer.security.metadata.SecurityConstraintCollection;
import com.ibm.ws.webcontainer.security.metadata.SecurityMetadata;
import com.ibm.ws.webcontainer.security.metadata.WebResourceCollection;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator;
import com.ibm.wsspi.webcontainer.extension.ExtensionProcessor;
import com.ibm.wsspi.webcontainer.metadata.WebComponentMetaData;
import com.ibm.wsspi.webcontainer.metadata.WebModuleMetaData;
import com.ibm.wsspi.webcontainer.security.SecurityViolationException;
import com.ibm.wsspi.webcontainer.servlet.IExtendedRequest;
import com.ibm.wsspi.webcontainer.servlet.IServletContext;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.servlet.DispatcherType;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

@TraceOptions(traceGroups = {TraceConstants.TRACE_GROUP}, traceGroup = "", messageBundle = TraceConstants.MESSAGE_BUNDLE, traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:lib/com.ibm.ws.webcontainer.security_1.0.1.20150314-1754.jar:com/ibm/ws/webcontainer/security/WebAppSecurityCollaboratorImpl.class */
public class WebAppSecurityCollaboratorImpl implements IWebAppSecurityCollaborator {
    private static final TraceComponent tc = Tr.register(WebAppSecurityCollaboratorImpl.class);
    static final String KEY_SECURITY_SERVICE = "securityService";
    static final String KEY_TAI_SERVICE = "taiService";
    static final String KEY_OAUTH_SERVICE = "oauthService";
    private static WebAppSecurityConfig globalConfig;
    protected final AtomicServiceReference<TAIService> taiServiceRef;
    protected final AtomicServiceReference<OAuth20Service> oauthServiceRef;
    protected final AtomicServiceReference<SecurityService> securityServiceRef;
    private static final WebReply PERMIT_REPLY;
    private static final WebReply DENY_AUTHN_FAILED;
    private static final WebReply DENY_AUTHZ_FAILED;
    private static final String AUTH_TYPE = "AUTH_TYPE";
    protected volatile WebAppSecurityConfig webAppSecConfig;
    protected volatile AuthenticateApi authenticateApi;
    protected volatile PostParameterHelper postParameterHelper;
    protected SubjectHelper subjectHelper;
    protected SubjectManager subjectManager;
    protected HTTPSRedirectHandler httpsRedirectHandler;
    protected volatile TrustAssociationManager taiManager;
    protected WebAuthenticatorProxy authenticatorProxy;
    private UnauthenticatedSubjectService unauthenticatedSubjectService;
    static final long serialVersionUID = -6372382391198829720L;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl$1, reason: invalid class name */
    /* loaded from: input_file:lib/com.ibm.ws.webcontainer.security_1.0.1.20150314-1754.jar:com/ibm/ws/webcontainer/security/WebAppSecurityCollaboratorImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$ibm$ws$webcontainer$security$internal$AuthResult = new int[AuthResult.values().length];

        static {
            try {
                $SwitchMap$com$ibm$ws$webcontainer$security$internal$AuthResult[AuthResult.FAILURE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$ibm$ws$webcontainer$security$internal$AuthResult[AuthResult.SEND_401.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$ibm$ws$webcontainer$security$internal$AuthResult[AuthResult.TAI_CHALLENGE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$ibm$ws$webcontainer$security$internal$AuthResult[AuthResult.REDIRECT.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$ibm$ws$webcontainer$security$internal$AuthResult[AuthResult.UNKNOWN.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$ibm$ws$webcontainer$security$internal$AuthResult[AuthResult.CONTINUE.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public WebAppSecurityCollaboratorImpl() {
        this(new SubjectHelper(), new SubjectManager(), new HTTPSRedirectHandler());
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected WebAppSecurityCollaboratorImpl(SubjectHelper subjectHelper, SubjectManager subjectManager, HTTPSRedirectHandler hTTPSRedirectHandler) {
        this.taiServiceRef = new AtomicServiceReference<>(KEY_TAI_SERVICE);
        this.oauthServiceRef = new AtomicServiceReference<>(KEY_OAUTH_SERVICE);
        this.securityServiceRef = new AtomicServiceReference<>(KEY_SECURITY_SERVICE);
        this.webAppSecConfig = null;
        this.authenticateApi = null;
        this.postParameterHelper = null;
        this.taiManager = null;
        this.subjectHelper = subjectHelper;
        this.subjectManager = subjectManager;
        this.httpsRedirectHandler = hTTPSRedirectHandler;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    WebAppSecurityCollaboratorImpl(SubjectHelper subjectHelper, SubjectManager subjectManager, HTTPSRedirectHandler hTTPSRedirectHandler, WebAppSecurityConfig webAppSecurityConfig) {
        this.taiServiceRef = new AtomicServiceReference<>(KEY_TAI_SERVICE);
        this.oauthServiceRef = new AtomicServiceReference<>(KEY_OAUTH_SERVICE);
        this.securityServiceRef = new AtomicServiceReference<>(KEY_SECURITY_SERVICE);
        this.webAppSecConfig = null;
        this.authenticateApi = null;
        this.postParameterHelper = null;
        this.taiManager = null;
        this.subjectHelper = subjectHelper;
        this.subjectManager = subjectManager;
        this.httpsRedirectHandler = hTTPSRedirectHandler;
        this.webAppSecConfig = webAppSecurityConfig;
        WebSecurityHelperImpl.setWebAppSecurityConfig(webAppSecurityConfig);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setSecurityService(ServiceReference<SecurityService> serviceReference) {
        this.securityServiceRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetSecurityService(ServiceReference<SecurityService> serviceReference) {
        this.securityServiceRef.unsetReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setTaiService(ServiceReference<TAIService> serviceReference) {
        this.taiServiceRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetTaiService(ServiceReference<TAIService> serviceReference) {
        this.taiServiceRef.unsetReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setOauthService(ServiceReference<OAuth20Service> serviceReference) {
        this.oauthServiceRef.setReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetOauthService(ServiceReference<OAuth20Service> serviceReference) {
        this.oauthServiceRef.unsetReference(serviceReference);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setUnauthenticatedSubjectService(UnauthenticatedSubjectService unauthenticatedSubjectService) {
        this.unauthenticatedSubjectService = unauthenticatedSubjectService;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void unsetUnauthenticatedSubjectService(UnauthenticatedSubjectService unauthenticatedSubjectService) {
        if (this.unauthenticatedSubjectService == unauthenticatedSubjectService) {
            this.unauthenticatedSubjectService = null;
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.securityServiceRef.activate(componentContext);
        this.taiServiceRef.activate(componentContext);
        this.oauthServiceRef.activate(componentContext);
        this.webAppSecConfig = new WebAppSecurityConfigImpl(map);
        WebSecurityHelperImpl.setWebAppSecurityConfig(this.webAppSecConfig);
        this.authenticateApi = new AuthenticateApi(new SSOCookieHelperImpl(this.webAppSecConfig), this.securityServiceRef);
        this.postParameterHelper = new PostParameterHelper(this.webAppSecConfig);
        this.authenticatorProxy = new WebAuthenticatorProxy(this.webAppSecConfig, this.postParameterHelper, this.securityServiceRef, this.taiServiceRef, this.oauthServiceRef);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void modified(Map<String, Object> map) {
        WebAppSecurityConfigImpl webAppSecurityConfigImpl = new WebAppSecurityConfigImpl(map);
        String changedProperties = webAppSecurityConfigImpl.getChangedProperties(this.webAppSecConfig);
        this.webAppSecConfig = webAppSecurityConfigImpl;
        WebSecurityHelperImpl.setWebAppSecurityConfig(this.webAppSecConfig);
        this.authenticateApi = new AuthenticateApi(new SSOCookieHelperImpl(this.webAppSecConfig), this.securityServiceRef);
        this.postParameterHelper = new PostParameterHelper(this.webAppSecConfig);
        this.authenticatorProxy = new WebAuthenticatorProxy(this.webAppSecConfig, this.postParameterHelper, this.securityServiceRef, this.taiServiceRef, this.oauthServiceRef);
        Tr.audit(tc, "WEB_APP_SECURITY_CONFIGURATION_UPDATED", new Object[]{changedProperties});
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void deactivate(ComponentContext componentContext) {
        this.securityServiceRef.deactivate(componentContext);
        this.taiServiceRef.deactivate(componentContext);
        WebSecurityHelperImpl.setWebAppSecurityConfig(null);
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public ExtensionProcessor getFormLoginExtensionProcessor(IServletContext iServletContext) {
        FormLoginExtensionProcessor formLoginExtensionProcessor;
        try {
            SecurityService securityService = (SecurityService) this.securityServiceRef.getService();
            formLoginExtensionProcessor = new FormLoginExtensionProcessor(iServletContext, this.webAppSecConfig, securityService.getAuthenticationService(), securityService.getUserRegistryService().getUserRegistry());
            return formLoginExtensionProcessor;
        } catch (RegistryException e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl", "231", this, new Object[]{iServletContext});
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "RegistryException while trying to create FormLoginExtensionProcessor", new Object[]{formLoginExtensionProcessor});
            return null;
        }
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [com.ibm.wsspi.webcontainer.extension.ExtensionProcessor, com.ibm.ws.webcontainer.security.internal.FormLogoutExtensionProcessor, java.lang.Exception] */
    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public ExtensionProcessor getFormLogoutExtensionProcessor(IServletContext iServletContext) {
        ?? formLogoutExtensionProcessor;
        try {
            formLogoutExtensionProcessor = new FormLogoutExtensionProcessor(iServletContext, this.webAppSecConfig, this.authenticateApi);
            return formLogoutExtensionProcessor;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl", "245", this, new Object[]{iServletContext});
            Tr.error(tc, "getFormLogoutExtensionProcessor exception " + formLogoutExtensionProcessor.getMessage(), new Object[0]);
            return null;
        }
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public Principal getUserPrincipal() {
        Subject callerSubject = this.subjectManager.getCallerSubject();
        if (callerSubject == null) {
            return null;
        }
        Set principals = callerSubject.getPrincipals(WSPrincipal.class);
        if (principals.size() > 1) {
            throw new IllegalStateException("WAS does not support more than 1 WSPrincipal in the credentials");
        }
        if (principals.isEmpty()) {
            return null;
        }
        return (Principal) principals.iterator().next();
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void handleException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Throwable th) throws ServletException, IOException, ClassCastException {
        WebReply webReply = ((WebSecurityCollaboratorException) th).getWebReply();
        if (webReply.getStatusCode() == 500) {
            throw new ServletException("Internal Server Error", th);
        }
        webReply.writeResponse(httpServletResponse);
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public boolean isUserInRole(String str, IExtendedRequest iExtendedRequest) {
        Subject callerSubject;
        if (str == null || (callerSubject = this.subjectManager.getCallerSubject()) == null) {
            return false;
        }
        String securityRoleReferenced = getSecurityMetadata().getSecurityRoleReferenced(iExtendedRequest.getWebAppDispatcherContext().getCurrentServletReference().getName(), str);
        if (securityRoleReferenced == null) {
            return false;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(securityRoleReferenced);
        AuthorizationService authorizationService = ((SecurityService) this.securityServiceRef.getService()).getAuthorizationService();
        if (authorizationService == null) {
            return false;
        }
        return authorizationService.isAuthorized(getApplicationName(), arrayList, callerSubject);
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void postInvoke(Object obj) throws ServletException {
        if (obj != null) {
            WebSecurityContext webSecurityContext = (WebSecurityContext) obj;
            Subject invokedSubject = webSecurityContext.getInvokedSubject();
            this.subjectManager.setCallerSubject(webSecurityContext.getReceivedSubject());
            this.subjectManager.setInvocationSubject(invokedSubject);
            resetSyncToOSThread(webSecurityContext);
        }
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public Object preInvoke(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z) throws SecurityViolationException, IOException {
        Subject invocationSubject = this.subjectManager.getInvocationSubject();
        Subject callerSubject = this.subjectManager.getCallerSubject();
        WebSecurityContext webSecurityContext = new WebSecurityContext(invocationSubject, callerSubject);
        setUnauthenticatedSubjectIfNeeded(invocationSubject, callerSubject);
        if (z) {
            if (httpServletRequest != null) {
                performSecurityChecks(httpServletRequest, httpServletResponse, callerSubject, webSecurityContext);
            }
            performDelegation(str);
            syncToOSThread(webSecurityContext);
        }
        return webSecurityContext;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void syncToOSThread(WebSecurityContext webSecurityContext) {
        SecurityMetadata securityMetadata = getSecurityMetadata();
        if (securityMetadata != null && securityMetadata.isSyncToOSThreadRequested() && ThreadIdentityManager.isAppThreadIdentityEnabled()) {
            webSecurityContext.setSyncToOSThreadToken(ThreadIdentityManager.setAppThreadIdentity(this.subjectManager.getInvocationSubject()));
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void resetSyncToOSThread(WebSecurityContext webSecurityContext) {
        Object syncToOSThreadToken = webSecurityContext.getSyncToOSThreadToken();
        if (syncToOSThreadToken != null) {
            ThreadIdentityManager.reset(syncToOSThreadToken);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void performSecurityChecks(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Subject subject, WebSecurityContext webSecurityContext) throws SecurityViolationException, IOException {
        String servletURI = new URLHandler(this.webAppSecConfig).getServletURI(httpServletRequest);
        WebRequestImpl webRequestImpl = new WebRequestImpl(httpServletRequest, httpServletResponse, getApplicationName(), webSecurityContext, getSecurityMetadata(), getMatchResponse(servletURI, httpServletRequest.getMethod()), this.webAppSecConfig);
        performPrecludedAccessTests(webRequestImpl, webSecurityContext);
        optionallyAuthenticateUnprotectedResource(webRequestImpl);
        WebReply determineWebReply = determineWebReply(subject, servletURI, webRequestImpl);
        validateWebReply(webSecurityContext, determineWebReply);
        determineWebReply.writeResponse(httpServletResponse);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void performPrecludedAccessTests(WebRequest webRequest, WebSecurityContext webSecurityContext) throws SecurityViolationException {
        DenyReply denyReply = null;
        if (webRequest.isAccessPrecluded()) {
            denyReply = new DenyReply("Access is precluded because security constraints are specified, but the required roles are empty.");
        } else {
            HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
            List<String> requiredRoles = webRequest.getRequiredRoles();
            if (((String) httpServletRequest.getAttribute("com.ibm.ws.webcontainer.security.checkdefaultmethod")) == "TRACE" && requiredRoles.isEmpty()) {
                denyReply = new DenyReply("Illegal request. Default implementation of TRACE not allowed.");
            }
        }
        if (denyReply != null) {
            validateWebReply(webSecurityContext, denyReply);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void validateWebReply(WebSecurityContext webSecurityContext, WebReply webReply) throws SecurityViolationException {
        if (webReply.getStatusCode() != 200) {
            throw convertWebSecurityException(new WebSecurityCollaboratorException(webReply.message, webReply, webSecurityContext));
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    void optionallyAuthenticateUnprotectedResource(WebRequest webRequest) {
        if (this.webAppSecConfig.isUseAuthenticationDataForUnprotectedResourceEnabled() && webRequest.hasAuthenticationData() && unprotectedResource(webRequest) == PERMIT_REPLY) {
            webRequest.disableFormLoginRedirect();
            setAuthenticatedSubjectIfNeeded(webRequest);
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private WebReply unprotectedResource(WebRequest webRequest) {
        List<String> requiredRoles = webRequest.getRequiredRoles();
        if (requiredRoles.isEmpty()) {
            webRequest.setUnprotectedURI(true);
            return PERMIT_REPLY;
        }
        AuthorizationService authorizationService = ((SecurityService) this.securityServiceRef.getService()).getAuthorizationService();
        if (authorizationService == null) {
            return new DenyReply("An internal error occured. Unable to perform authorization check.");
        }
        if (!authorizationService.isEveryoneGranted(webRequest.getApplicationName(), requiredRoles)) {
            return null;
        }
        webRequest.setUnprotectedURI(true);
        return PERMIT_REPLY;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    void setAuthenticatedSubjectIfNeeded(WebRequest webRequest) {
        AuthenticationResult authenticateRequest = authenticateRequest(webRequest);
        if (authenticateRequest == null || authenticateRequest.getStatus() != AuthResult.SUCCESS) {
            return;
        }
        new SubjectManager().setCallerSubject(authenticateRequest.getSubject());
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't remove SSA var: r0v10 java.lang.String, still in use, count: 1, list:
          (r0v10 java.lang.String) from 0x003c: INVOKE (r0v24 ?? I:javax.security.auth.Subject) = 
          (wrap:com.ibm.ws.security.authentication.AuthenticationService:0x002d: INVOKE 
          (wrap:com.ibm.ws.security.SecurityService:0x0026: CHECK_CAST (com.ibm.ws.security.SecurityService) (wrap:java.lang.Object:0x0023: INVOKE 
          (wrap:com.ibm.wsspi.kernel.service.utils.AtomicServiceReference<com.ibm.ws.security.SecurityService>:0x0020: IGET (r10v0 'this' com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl A[IMMUTABLE_TYPE, THIS]) A[Catch: IllegalArgumentException -> 0x0045, WRAPPED] com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl.securityServiceRef com.ibm.wsspi.kernel.service.utils.AtomicServiceReference)
         VIRTUAL call: com.ibm.wsspi.kernel.service.utils.AtomicServiceReference.getService():java.lang.Object A[Catch: IllegalArgumentException -> 0x0045, WRAPPED]))
         INTERFACE call: com.ibm.ws.security.SecurityService.getAuthenticationService():com.ibm.ws.security.authentication.AuthenticationService A[Catch: IllegalArgumentException -> 0x0045, WRAPPED])
          (r0v10 java.lang.String)
          (wrap:java.lang.String:0x0039: INVOKE (r10v0 'this' com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl A[IMMUTABLE_TYPE, THIS]) VIRTUAL call: com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl.getApplicationName():java.lang.String A[Catch: IllegalArgumentException -> 0x0045, MD:():java.lang.String (m), WRAPPED])
         INTERFACE call: com.ibm.ws.security.authentication.AuthenticationService.delegate(java.lang.String, java.lang.String):javax.security.auth.Subject A[Catch: IllegalArgumentException -> 0x0045, MD:(java.lang.String, java.lang.String):javax.security.auth.Subject (m)]
        	at jadx.core.utils.InsnRemover.removeSsaVar(InsnRemover.java:151)
        	at jadx.core.utils.InsnRemover.unbindResult(InsnRemover.java:116)
        	at jadx.core.dex.visitors.shrink.CodeShrinkVisitor.simplifyMoveInsns(CodeShrinkVisitor.java:289)
        	at jadx.core.dex.visitors.shrink.CodeShrinkVisitor.shrinkMethod(CodeShrinkVisitor.java:49)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.processForceInlineInsns(RegionMakerVisitor.java:83)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.postProcessRegions(RegionMakerVisitor.java:64)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:60)
        */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v11 */
    /* JADX WARN: Type inference failed for: r0v12 */
    /* JADX WARN: Type inference failed for: r0v24, types: [javax.security.auth.Subject] */
    @com.ibm.websphere.ras.annotation.InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private void performDelegation(java.lang.String r11) {
        /*
            r10 = this;
            r0 = r10
            com.ibm.ws.security.context.SubjectManager r0 = r0.subjectManager
            javax.security.auth.Subject r0 = r0.getCallerSubject()
            r12 = r0
            r0 = r10
            com.ibm.ws.webcontainer.security.metadata.SecurityMetadata r0 = r0.getSecurityMetadata()
            r13 = r0
            r0 = r13
            if (r0 == 0) goto L7e
            r0 = r13
            r1 = r11
            java.lang.String r0 = r0.getRunAsRoleForServlet(r1)
            r14 = r0
            r0 = r14
            if (r0 == 0) goto L7e
            r0 = r10
            com.ibm.wsspi.kernel.service.utils.AtomicServiceReference<com.ibm.ws.security.SecurityService> r0 = r0.securityServiceRef     // Catch: java.lang.IllegalArgumentException -> L45
            java.lang.Object r0 = r0.getService()     // Catch: java.lang.IllegalArgumentException -> L45
            com.ibm.ws.security.SecurityService r0 = (com.ibm.ws.security.SecurityService) r0     // Catch: java.lang.IllegalArgumentException -> L45
            r15 = r0
            r0 = r15
            com.ibm.ws.security.authentication.AuthenticationService r0 = r0.getAuthenticationService()     // Catch: java.lang.IllegalArgumentException -> L45
            r16 = r0
            r0 = r16
            r1 = r14
            r2 = r10
            java.lang.String r2 = r2.getApplicationName()     // Catch: java.lang.IllegalArgumentException -> L45
            javax.security.auth.Subject r0 = r0.delegate(r1, r2)     // Catch: java.lang.IllegalArgumentException -> L45
            r12 = r0
            goto L7e
        L45:
            r1 = move-exception
            java.lang.String r2 = "com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl"
            java.lang.String r3 = "526"
            r4 = r10
            r5 = 1
            java.lang.Object[] r5 = new java.lang.Object[r5]
            r6 = r5
            r7 = 0
            r8 = r11
            r6[r7] = r8
            com.ibm.ws.ffdc.FFDCFilter.processException(r1, r2, r3, r4, r5)
            r15 = r0
            boolean r0 = com.ibm.websphere.ras.TraceComponent.isAnyTracingEnabled()
            if (r0 == 0) goto L7e
            com.ibm.websphere.ras.TraceComponent r0 = com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl.tc
            boolean r0 = r0.isDebugEnabled()
            if (r0 == 0) goto L7e
            com.ibm.websphere.ras.TraceComponent r0 = com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl.tc
            java.lang.String r1 = "Exception performing delegation."
            r2 = 1
            java.lang.Object[] r2 = new java.lang.Object[r2]
            r3 = r2
            r4 = 0
            r5 = r15
            r3[r4] = r5
            com.ibm.websphere.ras.Tr.debug(r0, r1, r2)
        L7e:
            r0 = r12
            if (r0 == 0) goto L8a
            r0 = r10
            com.ibm.ws.security.context.SubjectManager r0 = r0.subjectManager
            r1 = r12
            r0.setInvocationSubject(r1)
        L8a:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl.performDelegation(java.lang.String):void");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getUserRegistryRealm() {
        String str = "DefaultRealm";
        String str2 = "DefaultRealm";
        try {
            UserRegistryService userRegistryService = ((SecurityService) this.securityServiceRef.getService()).getUserRegistryService();
            if (userRegistryService.isUserRegistryConfigured()) {
                str = userRegistryService.getUserRegistry().getRealm();
                str2 = str;
            }
        } catch (RegistryException e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl", "554", this, new Object[0]);
            String str3 = str;
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "RegistryException while trying to get the realm", new Object[]{str3});
            }
        }
        return str2;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected WebReply determineWebReply(Subject subject, String str, WebRequest webRequest) {
        WebReply performInitialChecks = performInitialChecks(webRequest, str);
        if (performInitialChecks != null) {
            return performInitialChecks;
        }
        AuthenticationResult authenticateRequest = authenticateRequest(webRequest);
        if (authenticateRequest != null && authenticateRequest.getStatus() != AuthResult.SUCCESS) {
            String str2 = authenticateRequest.realm;
            if (str2 == null) {
                str2 = getUserRegistryRealm();
            }
            return createReplyForAuthnFailure(authenticateRequest, str2);
        }
        boolean z = false;
        if (authenticateRequest != null) {
            this.subjectManager.setCallerSubject(authenticateRequest.getSubject());
            z = authorize(authenticateRequest, webRequest.getApplicationName(), str, subject, webRequest.getRequiredRoles());
        }
        return z ? new PermitReply() : DENY_AUTHZ_FAILED;
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public Object preInvoke(String str) throws SecurityViolationException, IOException {
        return preInvoke(null, null, str, true);
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public Object preInvoke() throws SecurityViolationException {
        UserInfoManager userInfoManager = this.subjectManager;
        userInfoManager.clearSubjects();
        try {
            UserRegistryService userRegistryService = ((SecurityService) this.securityServiceRef.getService()).getUserRegistryService();
            if (userRegistryService.isUserRegistryConfigured()) {
                UserRegistry userRegistry = userRegistryService.getUserRegistry();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "class name = " + userRegistry.getClass().getName(), new Object[0]);
                }
                if (userRegistry.getClass().getName().contains("Ldap")) {
                    userInfoManager = new UserInfoManager();
                    userInfoManager.clearUserInfo();
                }
            }
            return null;
        } catch (RegistryException e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl", "636", this, new Object[0]);
            return null;
        }
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (!this.subjectHelper.isUnauthenticated(this.subjectManager.getCallerSubject())) {
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "The underlying login mechanism has committed", new Object[0]);
            return true;
        }
        WebReply webReply = PERMIT_REPLY;
        boolean z = true;
        AuthenticationResult authenticateRequest = authenticateRequest(new WebRequestImpl(httpServletRequest, httpServletResponse, getSecurityMetadata(), this.webAppSecConfig));
        if (authenticateRequest.getStatus() == AuthResult.SUCCESS) {
            this.authenticateApi.postProgrammaticAuthenticate(httpServletRequest, httpServletResponse, authenticateRequest);
        } else {
            String str = authenticateRequest.realm;
            if (str == null) {
                str = getUserRegistryRealm();
            }
            webReply = createReplyForAuthnFailure(authenticateRequest, str);
            z = false;
        }
        webReply.writeResponse(httpServletResponse);
        return z;
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public List<String> getURIsInSecurityConstraints(String str, String str2, String str3, List<String> list) {
        SecurityMetadata securityMetadata = getSecurityMetadata();
        ArrayList arrayList = null;
        for (String str4 : list) {
            Iterator<SecurityConstraint> it = securityMetadata.getSecurityConstraintCollection().getSecurityConstraints().iterator();
            while (it.hasNext()) {
                Iterator<WebResourceCollection> it2 = it.next().getWebResourceCollections().iterator();
                while (it2.hasNext()) {
                    if (it2.next().getUrlPatterns().contains(str4)) {
                        if (arrayList == null) {
                            arrayList = new ArrayList();
                        }
                        arrayList.add(str4);
                    }
                }
            }
        }
        return arrayList;
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, @Sensitive String str2) throws ServletException {
        BasicAuthAuthenticator basicAuthAuthenticator = getBasicAuthAuthenticator();
        if (basicAuthAuthenticator == null) {
            throw new ServletException("An internal error occured. Login has failed.");
        }
        this.authenticateApi.login(httpServletRequest, httpServletResponse, str, str2, this.webAppSecConfig, basicAuthAuthenticator);
        SRTServletRequestUtils.setPrivateAttribute(httpServletRequest, AUTH_TYPE, getSecurityMetadata().getLoginConfiguration().getAuthenticationMethod());
    }

    @Override // com.ibm.wsspi.webcontainer.collaborator.IWebAppSecurityCollaborator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        this.authenticateApi.logout(httpServletRequest, httpServletResponse, this.webAppSecConfig);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private SecurityViolationException convertWebSecurityException(WebSecurityCollaboratorException webSecurityCollaboratorException) {
        int i = 403;
        WebReply webReply = webSecurityCollaboratorException.getWebReply();
        if (webReply != null) {
            i = webReply.getStatusCode();
        }
        SecurityViolationException securityViolationException = new SecurityViolationException(webSecurityCollaboratorException.getMessage(), i);
        securityViolationException.initCause(webSecurityCollaboratorException);
        securityViolationException.setWebSecurityContext(webSecurityCollaboratorException.getWebSecurityContext());
        return securityViolationException;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private boolean setUnauthenticatedSubjectIfNeeded(Subject subject, Subject subject2) {
        if (subject != null || subject2 != null) {
            return false;
        }
        new SubjectManager().setInvocationSubject(this.unauthenticatedSubjectService.getUnauthenticatedSubject());
        return true;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected AuthenticationResult authenticateRequest(WebRequest webRequest) {
        return getWebAuthenticatorProxy().authenticate(webRequest);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected WebAuthenticatorProxy getWebAuthenticatorProxy() {
        return this.authenticatorProxy;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected BasicAuthAuthenticator getBasicAuthAuthenticator() {
        return getWebAuthenticatorProxy().getBasicAuthAuthenticator();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected WebReply createReplyForAuthnFailure(AuthenticationResult authenticationResult, String str) {
        switch (AnonymousClass1.$SwitchMap$com$ibm$ws$webcontainer$security$internal$AuthResult[authenticationResult.getStatus().ordinal()]) {
            case 1:
                return DENY_AUTHN_FAILED;
            case 2:
                return new ChallengeReply(str);
            case 3:
                return new ChallengeReply(str, authenticationResult.getTAIChallengeCode(), authenticationResult.getStatus());
            case FilterInstanceWrapper.FILTER_STATE_DESTROYED /* 4 */:
                return new RedirectReply(authenticationResult.getRedirectURL(), authenticationResult.getCookies());
            case FilterInstanceWrapper.FILTER_STATE_UNAVAILABLE /* 5 */:
            case 6:
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Authentication failed with status [" + authenticationResult.getStatus() + "] and reason [" + authenticationResult.getReason() + "]", new Object[0]);
                }
                return DENY_AUTHN_FAILED;
            default:
                return null;
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected boolean authorize(AuthenticationResult authenticationResult, String str, String str2, Subject subject, List<String> list) {
        Subject subject2 = authenticationResult.getSubject();
        String userName = authenticationResult.getUserName();
        String realm = authenticationResult.getRealm();
        this.subjectManager.setCallerSubject(authenticationResult.getSubject());
        AuthorizationService authorizationService = ((SecurityService) this.securityServiceRef.getService()).getAuthorizationService();
        if (authorizationService == null) {
            return false;
        }
        boolean isAuthorized = authorizationService.isAuthorized(str, list, subject2);
        if (isAuthorized) {
            this.subjectManager.setInvocationSubject(authenticationResult.getSubject());
        } else {
            this.subjectManager.setCallerSubject(subject);
            if (realm == null || userName == null) {
                Tr.audit(tc, "SEC_AUTHZ_FAILED", new Object[]{((WSPrincipal) authenticationResult.getSubject().getPrincipals(WSPrincipal.class).iterator().next()).getName(), str, str2, list});
            } else {
                Tr.audit(tc, "SEC_AUTHZ_FAILED", new Object[]{userName.concat(":").concat(realm), str, str2, list});
            }
        }
        return isAuthorized;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected WebReply performInitialChecks(WebRequest webRequest, String str) {
        HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
        String method = httpServletRequest.getMethod();
        List<String> requiredRoles = webRequest.getRequiredRoles();
        if (str == null || str.length() == 0) {
            return new DenyReply("Invalid URI passed to Security Collaborator.");
        }
        if (unsupportedAuthMech()) {
            return new DenyReply("Authentication Failed : DIGEST not supported");
        }
        if (webRequest.isAccessPrecluded()) {
            return new DenyReply("Access is precluded because security constraints are specified, but the required roles are empty.");
        }
        if (this.httpsRedirectHandler.shouldRedirectToHttps(webRequest)) {
            return this.httpsRedirectHandler.getHTTPSRedirectWebReply(httpServletRequest);
        }
        WebReply unprotectedSpecialURI = unprotectedSpecialURI(webRequest, str, method);
        if (unprotectedSpecialURI != null) {
            return unprotectedSpecialURI;
        }
        if (((String) httpServletRequest.getAttribute("com.ibm.ws.webcontainer.security.checkdefaultmethod")) == "TRACE" && requiredRoles.isEmpty()) {
            return new DenyReply("Illegal request. Default implementation of TRACE not allowed.");
        }
        WebReply validateSecAttrs = validateSecAttrs(str, method, httpServletRequest);
        if (validateSecAttrs != null) {
            return validateSecAttrs;
        }
        WebReply unprotectedResource = unprotectedResource(webRequest);
        if (unprotectedResource != PERMIT_REPLY || shouldWePerformTAIForUnProtectedURI(webRequest)) {
            return null;
        }
        return unprotectedResource;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private boolean shouldWePerformTAIForUnProtectedURI(WebRequest webRequest) {
        if (this.taiServiceRef.getService() != null) {
            return ((TAIService) this.taiServiceRef.getService()).isInvokeForUnprotectedURI();
        }
        return false;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected boolean unsupportedAuthMech() {
        return false;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected WebReply validateSecAttrs(String str, String str2, HttpServletRequest httpServletRequest) {
        return null;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private MatchResponse getMatchResponse(String str, String str2) throws SecurityViolationException {
        SecurityConstraintCollection securityConstraintCollection = getSecurityMetadata().getSecurityConstraintCollection();
        MatchResponse matchResponse = MatchResponse.NO_MATCH_RESPONSE;
        if (null != securityConstraintCollection) {
            matchResponse = securityConstraintCollection.getMatchResponse(str, str2);
        }
        if (MatchResponse.CUSTOM_NO_MATCH_RESPONSE.equals(matchResponse)) {
            throw new SecurityViolationException("Illegal request. The method " + str2 + " is not allowed.", 403);
        }
        return matchResponse;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected String getApplicationName() {
        return ((WebModuleMetaData) ((WebComponentMetaData) ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor().getComponentMetaData()).getModuleMetaData()).getConfiguration().getApplicationName();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected SecurityMetadata getSecurityMetadata() {
        return (SecurityMetadata) ((WebModuleMetaData) ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor().getComponentMetaData().getModuleMetaData()).getSecurityMetaData();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public String getExceptionStack(Exception exc) {
        StringWriter stringWriter = new StringWriter();
        exc.printStackTrace(new PrintWriter(stringWriter));
        return exc.getMessage() + "\n" + stringWriter.toString();
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected void setSecurityMetadata(SecurityMetadata securityMetadata) {
        ((WebModuleMetaData) ((WebComponentMetaData) ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor().getComponentMetaData()).getModuleMetaData()).setSecurityMetaData(securityMetadata);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private WebReply unprotectedSpecialURI(WebRequest webRequest, String str, String str2) {
        LoginConfiguration loginConfig = webRequest.getLoginConfig();
        if (loginConfig == null) {
            return null;
        }
        String authenticationMethod = loginConfig.getAuthenticationMethod();
        FormLoginConfiguration formLoginConfiguration = loginConfig.getFormLoginConfiguration();
        if (formLoginConfiguration == null || authenticationMethod == null) {
            return null;
        }
        String loginPage = formLoginConfiguration.getLoginPage();
        String errorPage = formLoginConfiguration.getErrorPage();
        if (!LoginConfiguration.FORM.equals(authenticationMethod) || loginPage == null || errorPage == null) {
            if (!webRequest.getHttpServletRequest().getDispatcherType().equals(DispatcherType.ERROR)) {
                return null;
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "authorize, error page[" + str + "]  requested, permit: ", new Object[]{PERMIT_REPLY});
            }
            return PERMIT_REPLY;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, " We have a custom login or error page request, web app login URL:[" + loginPage + "], errorPage URL:[" + errorPage + "], and the requested URI:[" + str + "]", new Object[0]);
        }
        if (loginPage.equals(str) || errorPage.equals(str)) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "authorize, login or error page[" + str + "]  requested, permit: ", new Object[]{PERMIT_REPLY});
            }
            return PERMIT_REPLY;
        }
        if (str == null || !str.equals("/j_security_check") || str2 == null || !str2.equals("POST")) {
            return null;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "authorize, login or error page[" + str + "]  requested, permit: ", new Object[]{PERMIT_REPLY});
        }
        return PERMIT_REPLY;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public static void setGlobalWebAppSecurityConfig(WebAppSecurityConfig webAppSecurityConfig) {
        globalConfig = webAppSecurityConfig;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public static WebAppSecurityConfig getGlobalWebAppSecurityConfig() {
        return globalConfig;
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(tc, "<clinit>", new Object[0]);
        }
        globalConfig = null;
        PERMIT_REPLY = new PermitReply();
        DENY_AUTHN_FAILED = new DenyReply("AuthenticationFailed");
        DENY_AUTHZ_FAILED = new DenyReply("AuthorizationFailed");
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(tc, "<clinit>");
        }
    }
}
