package org.apache.drill.exec.server.rest.auth;

import java.io.IOException;
import java.net.URLEncoder;
import javax.annotation.Priority;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.DynamicFeature;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.FeatureContext;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.apache.drill.exec.server.rest.LogInLogOutResources;
import org.glassfish.jersey.server.model.AnnotatedMethod;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/drill/exec/server/rest/auth/AuthDynamicFeature.class */
public class AuthDynamicFeature implements DynamicFeature {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AuthDynamicFeature.class);

    @Priority(1000)
    /* loaded from: input_file:org/apache/drill/exec/server/rest/auth/AuthDynamicFeature$AuthCheckFilter.class */
    private static class AuthCheckFilter implements ContainerRequestFilter {
        private static AuthCheckFilter INSTANCE = new AuthCheckFilter();

        private AuthCheckFilter() {
        }

        @Override // javax.ws.rs.container.ContainerRequestFilter
        public void filter(ContainerRequestContext containerRequestContext) throws IOException {
            if (AuthDynamicFeature.isUserLoggedIn(containerRequestContext.getSecurityContext())) {
                return;
            }
            try {
                containerRequestContext.abortWith(Response.temporaryRedirect(containerRequestContext.getUriInfo().getBaseUriBuilder().path(LogInLogOutResources.LOGIN_RESOURCE).queryParam("redirect", URLEncoder.encode(containerRequestContext.getUriInfo().getRequestUri().toString(), "UTF-8")).build(new Object[0])).build());
            } catch (Exception e) {
                String format = String.format("Failed to forward the request to login page: %s", e.getMessage());
                AuthDynamicFeature.logger.error(format, (Throwable) e);
                containerRequestContext.abortWith(Response.serverError().entity(format).build());
            }
        }
    }

    @Override // javax.ws.rs.container.DynamicFeature
    public void configure(ResourceInfo resourceInfo, FeatureContext featureContext) {
        AnnotatedMethod annotatedMethod = new AnnotatedMethod(resourceInfo.getResourceMethod());
        if (((RolesAllowed) annotatedMethod.getAnnotation(RolesAllowed.class)) != null) {
            featureContext.register2(AuthCheckFilter.INSTANCE);
        } else {
            if (annotatedMethod.isAnnotationPresent(PermitAll.class) || ((RolesAllowed) resourceInfo.getResourceClass().getAnnotation(RolesAllowed.class)) == null) {
                return;
            }
            featureContext.register2(AuthCheckFilter.INSTANCE);
        }
    }

    public static boolean isUserLoggedIn(SecurityContext securityContext) {
        return (securityContext == null || securityContext.getUserPrincipal() == null) ? false : true;
    }
}
