package info.magnolia.cms.security;

import info.magnolia.cms.security.IPSecurityManager;
import info.magnolia.context.MgnlContext;
import java.io.IOException;
import javax.jcr.Session;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.httpclient.HttpStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/magnolia-core-5.2.3.jar:info/magnolia/cms/security/URISecurityFilter.class */
public class URISecurityFilter extends BaseSecurityFilter {
    private static final Logger log = LoggerFactory.getLogger(URISecurityFilter.class);
    public static final String URI_REPOSITORY = "uri";
    public static final String URI_WORKSPACE = "default";

    @Override // info.magnolia.cms.security.BaseSecurityFilter
    public boolean isAllowed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!IPSecurityManager.Factory.getInstance().isAllowed(httpServletRequest)) {
            httpServletResponse.setStatus(403);
            return false;
        }
        if (Lock.isSystemLocked()) {
            httpServletResponse.setStatus(HttpStatus.SC_SERVICE_UNAVAILABLE);
            return false;
        }
        boolean isAuthorized = isAuthorized(httpServletRequest);
        if (!isAuthorized) {
            httpServletResponse.setStatus(SecurityUtil.isAnonymous() ? 401 : 403);
        }
        return isAuthorized;
    }

    @Deprecated
    protected boolean isAuthorized(AccessManager accessManager, HttpServletRequest httpServletRequest) {
        return isAuthorized(httpServletRequest);
    }

    protected boolean isAuthorized(HttpServletRequest httpServletRequest) {
        String str = (httpServletRequest.getMethod().equalsIgnoreCase("HEAD") || httpServletRequest.getMethod().equalsIgnoreCase("GET")) ? Session.ACTION_READ : Session.ACTION_ADD_NODE;
        String currentURI = MgnlContext.getAggregationState().getCurrentURI();
        boolean isGranted = PermissionUtil.isGranted("uri", currentURI, str);
        log.debug("user {} has " + (isGranted ? "" : "NOT ") + "been granted permission {} to access uri {}", MgnlContext.getUser().getName(), str, currentURI);
        return isGranted;
    }
}
