package com.cumulocity.microservice.security.annotation;

import com.cumulocity.microservice.security.filter.PostAuthenticateServletFilter;
import com.cumulocity.microservice.security.filter.PreAuthenticateServletFilter;
import com.cumulocity.microservice.security.filter.PrePostFiltersConfiguration;
import com.cumulocity.microservice.security.token.CumulocityOAuthConfiguration;
import com.cumulocity.microservice.security.token.CumulocityOAuthMicroserviceFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

@Configuration(proxyBeanMethods = false)
@EnableWebSecurity
@Order(99)
@Import({CumulocityOAuthConfiguration.class, PrePostFiltersConfiguration.class})
/* loaded from: input_file:com/cumulocity/microservice/security/annotation/EnableWebSecurityConfiguration.class */
public class EnableWebSecurityConfiguration {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    public void configureAuthenticationManager(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.userDetailsService);
    }

    @Bean
    public static NoOpPasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity, CumulocityOAuthMicroserviceFilter cumulocityOAuthMicroserviceFilter, PreAuthenticateServletFilter preAuthenticateServletFilter, PostAuthenticateServletFilter postAuthenticateServletFilter) throws Exception {
        httpSecurity.authorizeRequests(expressionInterceptUrlRegistry -> {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.antMatchers(new String[]{"/metadata", "/health", "/prometheus", "/metrics", "/version"})).permitAll().anyRequest()).fullyAuthenticated();
        }).httpBasic(Customizer.withDefaults()).csrf().disable().securityContext().disable().sessionManagement().disable().requestCache().disable();
        httpSecurity.addFilterBefore(cumulocityOAuthMicroserviceFilter, BasicAuthenticationFilter.class);
        httpSecurity.addFilterBefore(preAuthenticateServletFilter, BasicAuthenticationFilter.class);
        httpSecurity.addFilterAfter(postAuthenticateServletFilter, AnonymousAuthenticationFilter.class);
        return (SecurityFilterChain) httpSecurity.build();
    }
}
