package org.pentaho.platform.web.http.security;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.pentaho.platform.web.http.messages.Messages;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.util.Assert;

/* loaded from: input_file:org/pentaho/platform/web/http/security/HttpSessionReuseDetectionFilter.class */
public class HttpSessionReuseDetectionFilter implements Filter, InitializingBean {
    private static final Log logger = LogFactory.getLog(HttpSessionReuseDetectionFilter.class);
    private String filterProcessesUrl;
    private String sessionReuseDetectedUrl;

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String remoteUser;
        if (!(servletRequest instanceof HttpServletRequest)) {
            throw new ServletException();
        }
        if (!(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException();
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (requiresAuthentication(httpServletRequest, httpServletResponse)) {
            if (logger.isDebugEnabled()) {
                logger.debug(Messages.getString("HttpSessionReuseDetectionFilter.DEBUG_PROCESS_AUTHN"));
            }
            if (null != httpServletRequest && null != (remoteUser = httpServletRequest.getRemoteUser()) && remoteUser.length() > 0) {
                if (logger.isDebugEnabled()) {
                    logger.debug(Messages.getString("HttpSessionReuseDetectionFilter.DEBUG_USER_ALREADY_LOGGED_IN", remoteUser));
                }
                HttpSession session = httpServletRequest.getSession(false);
                if (null != session) {
                    if (logger.isDebugEnabled()) {
                        logger.debug(Messages.getString("HttpSessionReuseDetectionFilter.DEBUG_INVALIDATING_SESSION"));
                    }
                    session.invalidate();
                }
                SecurityContextHolder.clearContext();
                if (logger.isDebugEnabled()) {
                    logger.debug(Messages.getString("HttpSessionReuseDetectionFilter.DEBUG_REDIRECTING", this.sessionReuseDetectedUrl));
                }
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(httpServletRequest.getContextPath() + this.sessionReuseDetectedUrl));
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    public void afterPropertiesSet() throws Exception {
        Assert.hasLength(this.filterProcessesUrl, Messages.getString("HttpSessionReuseDetectionFilter.ERROR_0001_FILTERPROCESSESURL_NOT_SPECIFIED"));
        Assert.hasLength(this.sessionReuseDetectedUrl, Messages.getString("HttpSessionReuseDetectionFilter.ERROR_0002_SESSIONREUSEDETECTEDURL_NOT_SPECIFIED"));
    }

    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String requestURI = httpServletRequest.getRequestURI();
        int indexOf = requestURI.indexOf(59);
        if (indexOf > 0) {
            requestURI = requestURI.substring(0, indexOf);
        }
        return requestURI.endsWith(httpServletRequest.getContextPath() + this.filterProcessesUrl);
    }

    public String getFilterProcessesUrl() {
        return this.filterProcessesUrl;
    }

    public void setFilterProcessesUrl(String str) {
        this.filterProcessesUrl = str;
    }

    public String getSessionReuseDetectedUrl() {
        return this.sessionReuseDetectedUrl;
    }

    public void setSessionReuseDetectedUrl(String str) {
        this.sessionReuseDetectedUrl = str;
    }
}
