package com.asiainfo.bp.config;

import com.ai.appframe2.service.ServiceFactory;
import com.asiainfo.bp.utils.HttpUtils;
import com.asiainfo.uspa.common.constants.DisWebConst;
import com.asiainfo.uspa.common.utils.WebAppSessionManager;
import com.asiainfo.uspa.components.actionMgr.service.interfaces.ISecActionUnitQuerySV;
import com.asiainfo.uspa.components.grantmgr.service.interfaces.IBPGrantQuerySV;
import com.asiainfo.uspa.security.anno.ActionPriv;
import com.asiainfo.uspa.security.anno.FuncPriv;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.HashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/asiainfo/bp/config/AuthenticateFilter.class */
public class AuthenticateFilter implements Filter {
    private static transient Log log = LogFactory.getLog(AuthenticateFilter.class);

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HashMap hashMap = new HashMap();
        if (null == WebAppSessionManager.getUser()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if ("Y".equals(WebAppSessionManager.getIsAdmin())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String str = httpServletRequest.getRequestURI().substring(httpServletRequest.getRequestURI().lastIndexOf(".") + 1) + "_" + httpServletRequest.getParameter("action");
        Method method = Class.forName(httpServletRequest.getRequestURI().substring(httpServletRequest.getRequestURI().lastIndexOf(DisWebConst.DIR_SEPARATOR_UNIX) + 1)).getMethod(httpServletRequest.getParameter("action"), HttpServletRequest.class, HttpServletResponse.class);
        ActionPriv actionPriv = (ActionPriv) method.getAnnotation(ActionPriv.class);
        if (null != actionPriv) {
            String[] paramKeys = actionPriv.paramKeys();
            String[] valueMappings = actionPriv.valueMappings();
            String value = actionPriv.value();
            if (null != valueMappings && valueMappings.length > 0) {
                HashMap hashMap2 = new HashMap();
                for (String str2 : valueMappings) {
                    hashMap2.put(str2.substring(0, str2.indexOf("=")), str2.substring(str2.indexOf("=") + 1));
                }
                if (null != paramKeys && paramKeys.length > 0) {
                    for (String str3 : paramKeys) {
                        String parameter = servletRequest.getParameter(str3);
                        str = hashMap2.containsKey(new StringBuilder().append(str3).append("_").append(parameter).toString()) ? str + "_" + ((String) hashMap2.get(str3 + "_" + parameter)) : str + "_" + parameter;
                    }
                }
            } else if (StringUtils.isNotEmpty(value)) {
                str = value;
                if (null != paramKeys && paramKeys.length > 0) {
                    for (String str4 : paramKeys) {
                        str = str + "_" + servletRequest.getParameter(str4);
                    }
                }
            } else if (null != paramKeys && paramKeys.length > 0) {
                for (String str5 : paramKeys) {
                    str = str + "_" + servletRequest.getParameter(str5);
                }
            }
        }
        Long actionByActionCode = ((ISecActionUnitQuerySV) ServiceFactory.getService(ISecActionUnitQuerySV.class)).getActionByActionCode(str);
        IBPGrantQuerySV iBPGrantQuerySV = (IBPGrantQuerySV) ServiceFactory.getService(IBPGrantQuerySV.class);
        String str6 = WebAppSessionManager.getUserId() + "";
        if (null != actionByActionCode) {
            if (iBPGrantQuerySV.getUserGruntedEntityCode(str6, "A").contains(str)) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            hashMap.put("RESULT_CODE", "0");
            hashMap.put("RESULT_MSG", "无访问权限！");
            HttpUtils.showMapToJson(httpServletResponse, hashMap);
            return;
        }
        FuncPriv funcPriv = (FuncPriv) method.getAnnotation(FuncPriv.class);
        if (null == funcPriv) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            if (iBPGrantQuerySV.getUserGruntedEntityCode(str6, "F").contains(funcPriv.value())) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            hashMap.put("RESULT_CODE", "0");
            hashMap.put("RESULT_MSG", "无访问权限！");
            HttpUtils.showMapToJson(httpServletResponse, hashMap);
        }
    }

    public void destroy() {
    }
}
