package com.ibm.ws.webcontainer.security.jacc;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.principals.WSPrincipal;
import com.ibm.ws.security.authorization.jacc.JaccService;
import com.ibm.ws.threadContext.ComponentMetaDataAccessorImpl;
import com.ibm.ws.webcontainer.security.AuthenticationResult;
import com.ibm.ws.webcontainer.security.WebAppAuthorizationHelper;
import com.ibm.ws.webcontainer.security.WebRequest;
import com.ibm.ws.webcontainer.security.internal.DenyReply;
import com.ibm.ws.webcontainer.security.internal.WebReply;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.webcontainer.RequestProcessor;
import com.ibm.wsspi.webcontainer.metadata.WebComponentMetaData;
import com.ibm.wsspi.webcontainer.metadata.WebModuleMetaData;
import com.ibm.wsspi.webcontainer.servlet.IExtendedRequest;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.webcontainer.security_1.0.15.jar:com/ibm/ws/webcontainer/security/jacc/WebAppJaccAuthorizationHelper.class */
public class WebAppJaccAuthorizationHelper implements WebAppAuthorizationHelper {
    private static final TraceComponent tc = Tr.register(WebAppJaccAuthorizationHelper.class);
    private AtomicServiceReference<JaccService> jaccServiceRef;
    static final long serialVersionUID = 1384046265068975243L;

    public WebAppJaccAuthorizationHelper(AtomicServiceReference<JaccService> atomicServiceReference) {
        this.jaccServiceRef = null;
        this.jaccServiceRef = atomicServiceReference;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppAuthorizationHelper
    public boolean isUserInRole(String str, IExtendedRequest iExtendedRequest, Subject subject) {
        String str2 = null;
        RequestProcessor currentServletReference = iExtendedRequest.getWebAppDispatcherContext().getCurrentServletReference();
        if (currentServletReference != null) {
            str2 = currentServletReference.getName();
        }
        return this.jaccServiceRef.getService().isSubjectInRole(getApplicationName(), getModuleName(), str2, str, iExtendedRequest, subject);
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppAuthorizationHelper
    public boolean authorize(AuthenticationResult authenticationResult, WebRequest webRequest, String str) {
        HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
        boolean isAuthorized = this.jaccServiceRef.getService().isAuthorized(getApplicationName(), getModuleName(), str, httpServletRequest.getMethod(), httpServletRequest, authenticationResult.getSubject());
        if (!isAuthorized) {
            String userName = authenticationResult.getUserName();
            String realm = authenticationResult.getRealm();
            String applicationName = webRequest.getApplicationName();
            if (realm == null || userName == null) {
                Tr.audit(tc, "SEC_JACC_AUTHZ_FAILED", ((WSPrincipal) authenticationResult.getSubject().getPrincipals(WSPrincipal.class).iterator().next()).getName(), applicationName, str);
            } else {
                Tr.audit(tc, "SEC_JACC_AUTHZ_FAILED", userName.concat(":").concat(realm), applicationName, str);
            }
        }
        return isAuthorized;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppAuthorizationHelper
    public boolean isSSLRequired(WebRequest webRequest, String str) {
        HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
        boolean z = false;
        if (!httpServletRequest.isSecure()) {
            z = this.jaccServiceRef.getService().isSSLRequired(getApplicationName(), getModuleName(), str, httpServletRequest.getMethod(), httpServletRequest);
        }
        return z;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAppAuthorizationHelper
    public WebReply checkPrecludedAccess(WebRequest webRequest, String str) {
        DenyReply denyReply = null;
        HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
        if (this.jaccServiceRef.getService().isAccessExcluded(getApplicationName(), getModuleName(), str, httpServletRequest.getMethod(), httpServletRequest)) {
            denyReply = new DenyReply("JACC provider denied the access.");
        }
        return denyReply;
    }

    protected String getApplicationName() {
        return ((WebModuleMetaData) ((WebComponentMetaData) ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor().getComponentMetaData()).getModuleMetaData()).getConfiguration().getApplicationName();
    }

    protected String getModuleName() {
        return ((WebModuleMetaData) ((WebComponentMetaData) ComponentMetaDataAccessorImpl.getComponentMetaDataAccessor().getComponentMetaData()).getModuleMetaData()).getConfiguration().getModuleName();
    }
}
