package org.gcube.accounting.security.authn.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.gcube.accounting.security.SecurityManager;

/* loaded from: input_file:WEB-INF/lib/accounting-common-1.0.0-2.16.1.jar:org/gcube/accounting/security/authn/filter/SessionFilter.class */
public class SessionFilter implements Filter {
    private static Logger logger = Logger.getLogger(SessionFilter.class);

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!SecurityManager.isAuthnEnabled()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!"session".equals(SecurityManager.getAuthnType())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpSession session = httpServletRequest.getSession(false);
        if (httpServletRequest.getRequestURI().endsWith("login.jsp")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (httpServletRequest.getRequestURI().endsWith("logout.jsp")) {
            logger.debug("logging out...");
            if (session != null) {
                logger.debug("invalidating session...");
                synchronized (session) {
                    session.invalidate();
                }
            }
            httpServletRequest.getSession(true);
            logger.debug("redirecting to login");
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/login.jsp");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpSession session2 = httpServletRequest.getSession();
        if (session2.getAttribute("userId") != null) {
            logger.debug("valid session. going ahead.");
            logger.debug(session2.getAttribute("userId"));
            servletRequest.setAttribute("userId", session2.getAttribute("userId"));
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String parameter = servletRequest.getParameter("username");
        String parameter2 = servletRequest.getParameter("password");
        if (parameter == null || parameter2 == null || !SecurityManager.authenticate(parameter, parameter2)) {
            logger.debug("redirecting to login...");
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/login.jsp");
        } else {
            logger.debug("authenticated. Going ahead with request");
            session2.setAttribute("userId", parameter);
            servletRequest.setAttribute("userId", parameter);
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }
}
