package org.eclipse.dirigible.runtime.filter;

import java.io.IOException;
import java.sql.SQLException;
import java.util.Iterator;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.dirigible.repository.api.RepositoryException;
import org.eclipse.dirigible.repository.ext.security.SecurityManager;
import org.eclipse.dirigible.repository.logging.Logger;
import org.eclipse.dirigible.runtime.registry.PathUtils;
import org.eclipse.dirigible.runtime.repository.RepositoryFacade;

/* loaded from: input_file:.war:WEB-INF/plugins/org.eclipse.dirigible.runtime.security_2.1.150923.jar:org/eclipse/dirigible/runtime/filter/RegistrySecureRolesFilter.class */
public class RegistrySecureRolesFilter extends AbstractRegistrySecureFilter {
    private static final String YOU_DO_NOT_HAVE_REQUIRED_ROLE_S_TO_ACCESS_THIS_LOCATION = org.eclipse.dirigible.runtime.registry.Messages.getString("RegistrySecureRolesFilter.YOU_DO_NOT_HAVE_REQUIRED_ROLE_S_TO_ACCESS_THIS_LOCATION");
    private static final Logger logger = Logger.getLogger((Class<?>) RegistrySecureRolesFilter.class);

    @Override // org.eclipse.dirigible.runtime.filter.AbstractRegistrySecureFilter, javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String extractPath = PathUtils.extractPath((HttpServletRequest) servletRequest);
        if (isLocationSecured(extractPath) && !isUserInRole(servletRequest, extractPath)) {
            ((HttpServletResponse) servletResponse).sendError(403, YOU_DO_NOT_HAVE_REQUIRED_ROLE_S_TO_ACCESS_THIS_LOCATION);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private boolean isUserInRole(ServletRequest servletRequest, String str) {
        try {
            if (!(servletRequest instanceof HttpServletRequest)) {
                return false;
            }
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            if (httpServletRequest.getUserPrincipal() == null) {
                return false;
            }
            Iterator<String> it = SecurityManager.getInstance(RepositoryFacade.getInstance().getRepository(httpServletRequest), RepositoryFacade.getInstance().getDataSource()).getRolesForLocation(str).iterator();
            while (it.hasNext()) {
                if (httpServletRequest.isUserInRole(it.next())) {
                    return true;
                }
            }
            return false;
        } catch (IOException e) {
            logger.error(e.getMessage(), e);
            return false;
        } catch (SQLException e2) {
            logger.error(e2.getMessage(), e2);
            return false;
        } catch (RepositoryException e3) {
            logger.error(e3.getMessage(), e3);
            return false;
        }
    }

    @Override // org.eclipse.dirigible.runtime.filter.AbstractRegistrySecureFilter
    protected String getSecuredMapping() {
        return null;
    }
}
