package org.jboss.resteasy.plugins.interceptors;

import java.lang.reflect.Method;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.SecurityContext;
import org.jboss.resteasy.annotations.interception.SecurityPrecedence;
import org.jboss.resteasy.annotations.interception.ServerInterceptor;
import org.jboss.resteasy.core.ResourceMethod;
import org.jboss.resteasy.core.ServerResponse;
import org.jboss.resteasy.spi.Failure;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.jboss.resteasy.spi.UnauthorizedException;
import org.jboss.resteasy.spi.interception.AcceptedByMethod;
import org.jboss.resteasy.spi.interception.PreProcessInterceptor;

@SecurityPrecedence
@ServerInterceptor
/* loaded from: input_file:lib/resteasy-jaxrs-2.3.4.Final.jar:org/jboss/resteasy/plugins/interceptors/SecurityInterceptor.class */
public class SecurityInterceptor implements PreProcessInterceptor, AcceptedByMethod {
    protected String[] rolesAllowed;
    protected boolean denyAll;
    protected boolean permitAll;

    @Override // org.jboss.resteasy.spi.interception.AcceptedByMethod
    public boolean accept(Class cls, Method method) {
        if (cls == null || method == null) {
            return false;
        }
        RolesAllowed annotation = cls.getAnnotation(RolesAllowed.class);
        RolesAllowed rolesAllowed = (RolesAllowed) method.getAnnotation(RolesAllowed.class);
        if (rolesAllowed != null) {
            annotation = rolesAllowed;
        }
        if (annotation != null) {
            this.rolesAllowed = annotation.value();
        }
        this.denyAll = !(!cls.isAnnotationPresent(DenyAll.class) || method.isAnnotationPresent(RolesAllowed.class) || method.isAnnotationPresent(PermitAll.class)) || method.isAnnotationPresent(DenyAll.class);
        this.permitAll = !(!cls.isAnnotationPresent(PermitAll.class) || method.isAnnotationPresent(RolesAllowed.class) || method.isAnnotationPresent(DenyAll.class)) || method.isAnnotationPresent(PermitAll.class);
        return this.rolesAllowed != null || this.denyAll || this.permitAll;
    }

    @Override // org.jboss.resteasy.spi.interception.PreProcessInterceptor
    public ServerResponse preProcess(HttpRequest httpRequest, ResourceMethod resourceMethod) throws Failure, WebApplicationException {
        SecurityContext securityContext;
        if (this.denyAll) {
            throw new UnauthorizedException();
        }
        if (this.permitAll || this.rolesAllowed == null || (securityContext = (SecurityContext) ResteasyProviderFactory.getContextData(SecurityContext.class)) == null) {
            return null;
        }
        for (String str : this.rolesAllowed) {
            if (securityContext.isUserInRole(str)) {
                return null;
            }
        }
        throw new UnauthorizedException();
    }
}
