package com.asiainfo.aisquare.aisp.security.config;

import com.asiainfo.aisquare.aisp.common.basic.utils.AuthUtil;
import javax.annotation.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;

@EnableResourceServer
@Configuration
/* loaded from: input_file:com/asiainfo/aisquare/aisp/security/config/AispResourceServerConfig.class */
public class AispResourceServerConfig extends ResourceServerConfigurerAdapter {
    private static final Logger log = LoggerFactory.getLogger(AispResourceServerConfig.class);

    @Value("${auth.client.id:cid}")
    String clientId;

    @Value("${auth.client.secret:123456}")
    String clientSecret;

    @Resource
    TokenStore tokenStore;

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) throws Exception {
        resourceServerSecurityConfigurer.authenticationManager(new AispAuthenticationManager()).tokenServices(tokenServices()).tokenExtractor(new AispTokenExtractor()).accessDeniedHandler(new AispAccessDeniedHandler()).authenticationEntryPoint(new AispAuthenticationEntryPoint());
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated().and().formLogin().loginPage("/auth/login").permitAll().and().logout().logoutUrl("/auth/logout").permitAll().and().exceptionHandling().accessDeniedHandler(new AispAccessDeniedHandler()).authenticationEntryPoint(new AispAuthenticationEntryPoint()).and().csrf().disable();
    }

    @Bean
    public ResourceServerTokenServices tokenServices() {
        RemoteTokenServices remoteTokenServices = new RemoteTokenServices();
        remoteTokenServices.setCheckTokenEndpointUrl(AuthUtil.initAuthUrl() + "/oauth/check_token");
        remoteTokenServices.setClientId(this.clientId);
        remoteTokenServices.setClientSecret(this.clientSecret);
        remoteTokenServices.setAccessTokenConverter(new DefaultAccessTokenConverter());
        return remoteTokenServices;
    }
}
