package com.asiainfo.uspa.security.servlet;

import com.ai.appframe2.complex.cache.CacheFactory;
import com.ai.appframe2.web.action.BaseAction;
import com.ai.appframe2.web.action.RequestProcessor;
import com.asiainfo.bp.utils.HttpUtils;
import com.asiainfo.uspa.cache.SecActionCacheImpl;
import com.asiainfo.uspa.common.service.impl.UserInfo;
import com.asiainfo.uspa.common.utils.WebAppSessionManager;
import com.asiainfo.uspa.security.anno.ActionPriv;
import com.asiainfo.uspa.security.anno.FuncPriv;
import com.asiainfo.uspa.security.anno.IgnorePriv;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.ArrayUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/asiainfo/uspa/security/servlet/BmgRequestProcessor.class */
public class BmgRequestProcessor extends RequestProcessor {
    private static final transient Logger logger = LoggerFactory.getLogger(BmgRequestProcessor.class);
    private static final Map<String, Method> ACTION_METHOD = new HashMap();

    protected void exeMethod(BaseAction baseAction, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (baseAction == null || StringUtils.isEmpty(str)) {
            super.exeMethod(baseAction, str, httpServletRequest, httpServletResponse);
            return;
        }
        UserInfo userInfo = (UserInfo) WebAppSessionManager.getUser();
        if (userInfo == null || userInfo.isAdmin()) {
            super.exeMethod(baseAction, str, httpServletRequest, httpServletResponse);
            return;
        }
        String actionCode = getActionCode(baseAction, str, httpServletRequest, httpServletResponse);
        if (CacheFactory.get(SecActionCacheImpl.class, actionCode) != null) {
            if (userInfo.containsActionCode(actionCode)) {
                super.exeMethod(baseAction, str, httpServletRequest, httpServletResponse);
                return;
            } else {
                returnError(httpServletResponse);
                return;
            }
        }
        Method actionMethod = getActionMethod(baseAction, str);
        if (actionMethod == null || actionMethod.getAnnotation(IgnorePriv.class) != null) {
            super.exeMethod(baseAction, str, httpServletRequest, httpServletResponse);
            return;
        }
        FuncPriv funcPriv = (FuncPriv) baseAction.getClass().getAnnotation(FuncPriv.class);
        if (funcPriv == null) {
            super.exeMethod(baseAction, str, httpServletRequest, httpServletResponse);
            return;
        }
        String value = funcPriv.value();
        if (StringUtils.isEmpty(value)) {
            super.exeMethod(baseAction, str, httpServletRequest, httpServletResponse);
            return;
        }
        for (String str2 : value.split(",")) {
            if (userInfo.containsFuncCode(str2)) {
                super.exeMethod(baseAction, str, httpServletRequest, httpServletResponse);
                return;
            }
        }
        returnError(httpServletResponse);
    }

    private String getActionCode(BaseAction baseAction, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws NoSuchMethodException, SecurityException {
        ActionPriv actionPriv;
        Method actionMethod = getActionMethod(baseAction, str);
        if (actionMethod != null && (actionPriv = (ActionPriv) actionMethod.getAnnotation(ActionPriv.class)) != null) {
            String value = actionPriv.value();
            if (StringUtils.isEmpty(value)) {
                value = baseAction.getClass().getSimpleName() + "." + str;
            }
            String[] paramKeys = actionPriv.paramKeys();
            if (ArrayUtils.isEmpty(paramKeys)) {
                return value;
            }
            for (String str2 : paramKeys) {
                String parameter = httpServletRequest.getParameter(str2);
                if (parameter != null) {
                    String[] valueMappings = actionPriv.valueMappings();
                    if (ArrayUtils.isNotEmpty(valueMappings)) {
                        String str3 = str2 + "_" + parameter;
                        int length = valueMappings.length;
                        int i = 0;
                        while (true) {
                            if (i < length) {
                                String str4 = valueMappings[i];
                                if (str4.startsWith(str3)) {
                                    value = value + "." + str4.substring(str3.length());
                                    break;
                                }
                                i++;
                            }
                        }
                    } else {
                        value = value + "." + parameter;
                    }
                }
            }
            return value;
        }
        return baseAction.getClass().getSimpleName() + "." + str;
    }

    private Method getActionMethod(BaseAction baseAction, String str) throws NoSuchMethodException, SecurityException {
        Method method;
        String str2 = baseAction.getClass().getName() + "." + str;
        if (ACTION_METHOD.containsKey(str2)) {
            return ACTION_METHOD.get(str2);
        }
        synchronized (ACTION_METHOD) {
            if (ACTION_METHOD.containsKey(str2)) {
                return ACTION_METHOD.get(str2);
            }
            try {
                method = baseAction.getClass().getMethod(str, this.types);
            } catch (Exception e) {
                logger.error(e.getMessage(), e);
                method = null;
            }
            ACTION_METHOD.put(str2, method);
            return method;
        }
    }

    private void returnError(HttpServletResponse httpServletResponse) throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("RESULT_CODE", "0");
        hashMap.put("RESULT_MSG", "无权限访问");
        HttpUtils.showMapToJson(httpServletResponse, hashMap);
    }
}
