package org.nuxeo.ecm.webengine.server.resteasy;

import java.lang.reflect.Method;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.core.ResourceMethod;
import org.jboss.resteasy.core.interception.ResourceMethodContext;
import org.jboss.resteasy.core.interception.ResourceMethodInterceptor;
import org.jboss.resteasy.spi.ApplicationException;
import org.jboss.resteasy.spi.Failure;
import org.nuxeo.ecm.webengine.WebException;
import org.nuxeo.ecm.webengine.model.Resource;
import org.nuxeo.ecm.webengine.model.exceptions.WebSecurityException;
import org.nuxeo.ecm.webengine.security.Guard;
import org.nuxeo.ecm.webengine.security.PermissionService;

/* loaded from: input_file:org/nuxeo/ecm/webengine/server/resteasy/SecurityInterceptor.class */
public class SecurityInterceptor implements ResourceMethodInterceptor {
    protected volatile Map<Method, Guard> cache = new ConcurrentHashMap();

    public void flushCache() {
        this.cache = new ConcurrentHashMap();
    }

    public boolean accepted(ResourceMethod resourceMethod) {
        return null != resourceMethod.getMethod().getAnnotation(org.nuxeo.ecm.webengine.model.Guard.class);
    }

    public Response invoke(ResourceMethodContext resourceMethodContext) throws Failure, ApplicationException, WebApplicationException {
        Object target = resourceMethodContext.getTarget();
        if (target instanceof Resource) {
            Method method = resourceMethodContext.getMethod().getMethod();
            org.nuxeo.ecm.webengine.model.Guard guard = (org.nuxeo.ecm.webengine.model.Guard) method.getAnnotation(org.nuxeo.ecm.webengine.model.Guard.class);
            if (guard != null) {
                checkAccess(resourceMethodContext, guard, method, (Resource) target);
            }
        }
        return resourceMethodContext.proceed();
    }

    protected void checkAccess(ResourceMethodContext resourceMethodContext, org.nuxeo.ecm.webengine.model.Guard guard, Method method, Resource resource) {
        try {
            Guard guard2 = this.cache.get(method);
            if (guard2 == null) {
                guard2 = guard.value().length() > 0 ? PermissionService.parse(guard.value()) : (Guard) guard.type().newInstance();
                this.cache.put(method, guard2);
            }
            if (!guard2.check(resource)) {
                throw new WebSecurityException("Access denied to method " + resourceMethodContext.getRequest().getHttpMethod() + " of resource " + resource.getPath());
            }
        } catch (Exception e) {
            throw WebException.wrap("Failed to check guard", e);
        }
    }
}
