package com.zxkxc.cloud.config.security;

import com.zxkxc.cloud.extension.CustomAccessDecisionManager;
import com.zxkxc.cloud.extension.CustomFilterInvocationSecurityMetadataSource;
import com.zxkxc.cloud.extension.handler.OAuth2AuthExceptionHandler;
import javax.annotation.Resource;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

@EnableResourceServer
@Configuration
/* loaded from: input_file:com/zxkxc/cloud/config/security/OAuth2ResourceConfig.class */
public class OAuth2ResourceConfig extends ResourceServerConfigurerAdapter {

    @Resource
    private TokenStore tokenStore;

    @Resource
    private OAuth2AuthExceptionHandler oAuth2AuthExceptionHandler;

    @Resource
    private CustomFilterInvocationSecurityMetadataSource customSecurityMetadataSource;

    @Resource
    private CustomAccessDecisionManager customAccessDecisionManager;

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) {
        resourceServerSecurityConfigurer.resourceId("auth-resource").stateless(false).tokenStore(this.tokenStore).accessDeniedHandler(this.oAuth2AuthExceptionHandler).authenticationEntryPoint(this.oAuth2AuthExceptionHandler);
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(HttpMethod.GET, new String[]{"/**"})).access("#oauth2.hasScope('read')").antMatchers(HttpMethod.POST, new String[]{"/**"})).access("#oauth2.hasScope('write')").antMatchers(HttpMethod.PATCH, new String[]{"/**"})).access("#oauth2.hasScope('write')").antMatchers(HttpMethod.PUT, new String[]{"/**"})).access("#oauth2.hasScope('write')").antMatchers(HttpMethod.DELETE, new String[]{"/**"})).access("#oauth2.hasScope('write')");
        httpSecurity.headers().addHeaderWriter((httpServletRequest, httpServletResponse) -> {
            httpServletResponse.addHeader("Access-Control-Allow-Origin", "*");
            if ("OPTIONS".equals(httpServletRequest.getMethod())) {
                httpServletResponse.setHeader("Access-Control-Allow-Methods", httpServletRequest.getHeader("Access-Control-Request-Method"));
                httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
            }
        });
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().anyRequest()).authenticated().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() { // from class: com.zxkxc.cloud.config.security.OAuth2ResourceConfig.1
            public <O extends FilterSecurityInterceptor> O postProcess(O o) {
                o.setSecurityMetadataSource(OAuth2ResourceConfig.this.customSecurityMetadataSource);
                o.setAccessDecisionManager(OAuth2ResourceConfig.this.customAccessDecisionManager);
                return o;
            }
        });
    }
}
