package org.apache.shiro.web.mgt;

import java.util.Collection;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.DefaultSubjectDAO;
import org.apache.shiro.mgt.SessionStorageEvaluator;
import org.apache.shiro.mgt.SubjectDAO;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.SessionContext;
import org.apache.shiro.session.mgt.SessionKey;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.SubjectContext;
import org.apache.shiro.util.LifecycleUtils;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.session.mgt.DefaultWebSessionContext;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.session.mgt.ServletContainerSessionManager;
import org.apache.shiro.web.session.mgt.WebSessionKey;
import org.apache.shiro.web.session.mgt.WebSessionManager;
import org.apache.shiro.web.subject.WebSubject;
import org.apache.shiro.web.subject.WebSubjectContext;
import org.apache.shiro.web.subject.support.DefaultWebSubjectContext;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/shiro-web-1.2.2.jar:org/apache/shiro/web/mgt/DefaultWebSecurityManager.class */
public class DefaultWebSecurityManager extends DefaultSecurityManager implements WebSecurityManager {
    private static final Logger log = LoggerFactory.getLogger(DefaultWebSecurityManager.class);

    @Deprecated
    public static final String HTTP_SESSION_MODE = "http";

    @Deprecated
    public static final String NATIVE_SESSION_MODE = "native";

    @Deprecated
    private String sessionMode;

    public DefaultWebSecurityManager() {
        ((DefaultSubjectDAO) this.subjectDAO).setSessionStorageEvaluator(new DefaultWebSessionStorageEvaluator());
        this.sessionMode = "http";
        setSubjectFactory(new DefaultWebSubjectFactory());
        setRememberMeManager(new CookieRememberMeManager());
        setSessionManager(new ServletContainerSessionManager());
    }

    public DefaultWebSecurityManager(Realm realm) {
        this();
        setRealm(realm);
    }

    public DefaultWebSecurityManager(Collection<Realm> collection) {
        this();
        setRealms(collection);
    }

    @Override // org.apache.shiro.mgt.DefaultSecurityManager
    protected SubjectContext createSubjectContext() {
        return new DefaultWebSubjectContext();
    }

    @Override // org.apache.shiro.mgt.DefaultSecurityManager
    public void setSubjectDAO(SubjectDAO subjectDAO) {
        super.setSubjectDAO(subjectDAO);
        applySessionManagerToSessionStorageEvaluatorIfPossible();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.mgt.SessionsSecurityManager
    public void afterSessionManagerSet() {
        super.afterSessionManagerSet();
        applySessionManagerToSessionStorageEvaluatorIfPossible();
    }

    private void applySessionManagerToSessionStorageEvaluatorIfPossible() {
        SubjectDAO subjectDAO = getSubjectDAO();
        if (subjectDAO instanceof DefaultSubjectDAO) {
            SessionStorageEvaluator sessionStorageEvaluator = ((DefaultSubjectDAO) subjectDAO).getSessionStorageEvaluator();
            if (sessionStorageEvaluator instanceof DefaultWebSessionStorageEvaluator) {
                ((DefaultWebSessionStorageEvaluator) sessionStorageEvaluator).setSessionManager(getSessionManager());
            }
        }
    }

    @Override // org.apache.shiro.mgt.DefaultSecurityManager
    protected SubjectContext copy(SubjectContext subjectContext) {
        return subjectContext instanceof WebSubjectContext ? new DefaultWebSubjectContext((WebSubjectContext) subjectContext) : super.copy(subjectContext);
    }

    @Deprecated
    public String getSessionMode() {
        return this.sessionMode;
    }

    @Deprecated
    public void setSessionMode(String str) {
        log.warn("The 'sessionMode' property has been deprecated.  Please configure an appropriate WebSessionManager instance instead of using this property.  This property/method will be removed in a later version.");
        if (str == null) {
            throw new IllegalArgumentException("sessionMode argument cannot be null.");
        }
        String lowerCase = str.toLowerCase();
        if (!"http".equals(lowerCase) && !NATIVE_SESSION_MODE.equals(lowerCase)) {
            throw new IllegalArgumentException("Invalid sessionMode [" + str + "].  Allowed values are public static final String constants in the " + getClass().getName() + " class: 'http' or '" + NATIVE_SESSION_MODE + "', with 'http' being the default.");
        }
        boolean z = this.sessionMode == null || !this.sessionMode.equals(lowerCase);
        this.sessionMode = lowerCase;
        if (z) {
            LifecycleUtils.destroy(getSessionManager());
            setInternalSessionManager(createSessionManager(lowerCase));
        }
    }

    @Override // org.apache.shiro.mgt.SessionsSecurityManager
    public void setSessionManager(SessionManager sessionManager) {
        this.sessionMode = null;
        if (sessionManager != null && !(sessionManager instanceof WebSessionManager) && log.isWarnEnabled()) {
            log.warn("The " + getClass().getName() + " implementation expects SessionManager instances that implement the " + WebSessionManager.class.getName() + " interface.  The configured instance is of type [" + sessionManager.getClass().getName() + "] which does not implement this interface..  This may cause unexpected behavior.");
        }
        setInternalSessionManager(sessionManager);
    }

    private void setInternalSessionManager(SessionManager sessionManager) {
        super.setSessionManager(sessionManager);
    }

    @Override // org.apache.shiro.web.mgt.WebSecurityManager
    public boolean isHttpSessionMode() {
        SessionManager sessionManager = getSessionManager();
        return (sessionManager instanceof WebSessionManager) && ((WebSessionManager) sessionManager).isServletContainerSessions();
    }

    protected SessionManager createSessionManager(String str) {
        if (str == null || !str.equalsIgnoreCase(NATIVE_SESSION_MODE)) {
            log.info("{} mode - enabling ServletContainerSessionManager (HTTP-only Sessions)", "http");
            return new ServletContainerSessionManager();
        }
        log.info("{} mode - enabling DefaultWebSessionManager (non-HTTP and HTTP Sessions)", NATIVE_SESSION_MODE);
        return new DefaultWebSessionManager();
    }

    @Override // org.apache.shiro.mgt.DefaultSecurityManager
    protected SessionContext createSessionContext(SubjectContext subjectContext) {
        SessionContext createSessionContext = super.createSessionContext(subjectContext);
        if (subjectContext instanceof WebSubjectContext) {
            WebSubjectContext webSubjectContext = (WebSubjectContext) subjectContext;
            ServletRequest resolveServletRequest = webSubjectContext.resolveServletRequest();
            ServletResponse resolveServletResponse = webSubjectContext.resolveServletResponse();
            DefaultWebSessionContext defaultWebSessionContext = new DefaultWebSessionContext(createSessionContext);
            if (resolveServletRequest != null) {
                defaultWebSessionContext.setServletRequest(resolveServletRequest);
            }
            if (resolveServletResponse != null) {
                defaultWebSessionContext.setServletResponse(resolveServletResponse);
            }
            createSessionContext = defaultWebSessionContext;
        }
        return createSessionContext;
    }

    @Override // org.apache.shiro.mgt.DefaultSecurityManager
    protected SessionKey getSessionKey(SubjectContext subjectContext) {
        return WebUtils.isWeb(subjectContext) ? new WebSessionKey(subjectContext.getSessionId(), WebUtils.getRequest(subjectContext), WebUtils.getResponse(subjectContext)) : super.getSessionKey(subjectContext);
    }

    @Override // org.apache.shiro.mgt.DefaultSecurityManager
    protected void beforeLogout(Subject subject) {
        super.beforeLogout(subject);
        removeRequestIdentity(subject);
    }

    protected void removeRequestIdentity(Subject subject) {
        ServletRequest servletRequest;
        if (!(subject instanceof WebSubject) || (servletRequest = ((WebSubject) subject).getServletRequest()) == null) {
            return;
        }
        servletRequest.setAttribute(ShiroHttpServletRequest.IDENTITY_REMOVED_KEY, Boolean.TRUE);
    }
}
