package org.apache.ambari.server.configuration.spring;

import org.apache.ambari.server.security.AmbariEntryPoint;
import org.apache.ambari.server.security.authentication.AmbariDelegatingAuthenticationFilter;
import org.apache.ambari.server.security.authentication.AmbariLocalAuthenticationProvider;
import org.apache.ambari.server.security.authentication.jwt.AmbariJwtAuthenticationProvider;
import org.apache.ambari.server.security.authentication.kerberos.AmbariAuthToLocalUserDetailsService;
import org.apache.ambari.server.security.authentication.kerberos.AmbariKerberosAuthenticationProvider;
import org.apache.ambari.server.security.authentication.kerberos.AmbariKerberosTicketValidator;
import org.apache.ambari.server.security.authentication.kerberos.AmbariProxiedUserDetailsService;
import org.apache.ambari.server.security.authentication.pam.AmbariPamAuthenticationProvider;
import org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter;
import org.apache.ambari.server.security.authorization.AmbariLdapAuthenticationProvider;
import org.apache.ambari.server.security.authorization.internal.AmbariInternalAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

@Configuration
@EnableWebSecurity
@Import({GuiceBeansConfig.class})
@ComponentScan({"org.apache.ambari.server.security"})
/* loaded from: input_file:org/apache/ambari/server/configuration/spring/ApiSecurityConfig.class */
public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
    private final GuiceBeansConfig guiceBeansConfig;

    @Autowired
    private AmbariEntryPoint ambariEntryPoint;

    @Autowired
    private AmbariDelegatingAuthenticationFilter delegatingAuthenticationFilter;

    @Autowired
    private AmbariAuthorizationFilter authorizationFilter;

    public ApiSecurityConfig(GuiceBeansConfig guiceBeansConfig) {
        this.guiceBeansConfig = guiceBeansConfig;
    }

    @Autowired
    public void configureAuthenticationManager(AuthenticationManagerBuilder authenticationManagerBuilder, AmbariJwtAuthenticationProvider ambariJwtAuthenticationProvider, AmbariPamAuthenticationProvider ambariPamAuthenticationProvider, AmbariLocalAuthenticationProvider ambariLocalAuthenticationProvider, AmbariLdapAuthenticationProvider ambariLdapAuthenticationProvider, AmbariInternalAuthenticationProvider ambariInternalAuthenticationProvider, AmbariKerberosAuthenticationProvider ambariKerberosAuthenticationProvider) {
        authenticationManagerBuilder.authenticationProvider(ambariJwtAuthenticationProvider).authenticationProvider(ambariPamAuthenticationProvider).authenticationProvider(ambariLocalAuthenticationProvider).authenticationProvider(ambariLdapAuthenticationProvider).authenticationProvider(ambariInternalAuthenticationProvider).authenticationProvider(ambariKerberosAuthenticationProvider);
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeRequests().anyRequest()).authenticated().and().headers().httpStrictTransportSecurity().disable().frameOptions().disable().and().exceptionHandling().authenticationEntryPoint(this.ambariEntryPoint).and().addFilterBefore(this.guiceBeansConfig.ambariUserAuthorizationFilter(), BasicAuthenticationFilter.class).addFilterAt(this.delegatingAuthenticationFilter, BasicAuthenticationFilter.class).addFilterBefore(this.authorizationFilter, FilterSecurityInterceptor.class);
    }

    @Bean
    public AmbariKerberosAuthenticationProvider ambariKerberosAuthenticationProvider(AmbariKerberosTicketValidator ambariKerberosTicketValidator, AmbariAuthToLocalUserDetailsService ambariAuthToLocalUserDetailsService, AmbariProxiedUserDetailsService ambariProxiedUserDetailsService) {
        return new AmbariKerberosAuthenticationProvider(ambariAuthToLocalUserDetailsService, ambariProxiedUserDetailsService, ambariKerberosTicketValidator);
    }
}
