package org.jahia.ajax.gwt.commons.server;

import com.google.gwt.user.client.rpc.RemoteService;
import com.google.gwt.user.client.rpc.SerializationException;
import com.google.gwt.user.server.rpc.RPC;
import com.google.gwt.user.server.rpc.RPCRequest;
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
import com.google.gwt.user.server.rpc.SerializationPolicy;
import java.lang.reflect.Method;
import javax.jcr.ItemNotFoundException;
import javax.jcr.RepositoryException;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.codehaus.plexus.util.StringUtils;
import org.jahia.bin.JahiaControllerUtils;
import org.jahia.bin.Render;
import org.jahia.services.content.JCRNodeWrapper;
import org.jahia.services.content.JCRSessionFactory;
import org.jahia.services.content.JCRSessionWrapper;
import org.jahia.services.content.decorator.JCRSiteNode;
import org.jahia.services.content.nodetypes.ExtendedPropertyType;
import org.jahia.services.render.filter.cache.AggregateCacheFilter;
import org.jahia.services.sites.JahiaSite;
import org.jahia.services.sites.JahiaSitesService;
import org.jahia.services.usermanager.JahiaUser;
import org.jahia.services.usermanager.JahiaUserManagerService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.web.context.ServletContextAware;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;

/* loaded from: input_file:org/jahia/ajax/gwt/commons/server/GWTController.class */
public class GWTController extends RemoteServiceServlet implements Controller, ServletContextAware, ApplicationContextAware {
    private static final String SESSION_ATTRIBUTE_PERMISSION_CHECK = "org.jahia.gwt.requiredPermission.ok";
    private static final long serialVersionUID = -74193665963116797L;
    private static final Logger logger = LoggerFactory.getLogger(GWTController.class);
    private String remoteServiceName;
    private ServletContext servletContext;
    private ApplicationContext applicationContext;
    private String requiredPermission;
    private Integer sessionExpiryTime = null;
    private boolean allowPostMethodOnly = true;
    private boolean requireAuthenticatedUser = true;
    private boolean requiredPermissionCheckCache = true;

    public void setSessionExpiryTime(int i) {
        this.sessionExpiryTime = Integer.valueOf(i);
    }

    public ServletContext getServletContext() {
        return this.servletContext;
    }

    public ModelAndView handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        if (this.allowPostMethodOnly && !Render.METHOD_POST.equals(httpServletRequest.getMethod())) {
            httpServletResponse.sendError(404);
            return null;
        }
        if (!(this.requireAuthenticatedUser && JahiaUserManagerService.isGuest(JCRSessionFactory.getInstance().getCurrentUser())) && (!StringUtils.isNotEmpty(this.requiredPermission) || isAllowed(httpServletRequest))) {
            HttpSession session = httpServletRequest.getSession(false);
            if (session != null && this.sessionExpiryTime != null && session.getMaxInactiveInterval() != this.sessionExpiryTime.intValue() * 60) {
                session.setMaxInactiveInterval(this.sessionExpiryTime.intValue() * 60);
            }
            doPost(httpServletRequest, httpServletResponse);
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("Handled request to GWT service '{}' in {} ms", this.remoteServiceName, Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            return null;
        }
        if (logger.isDebugEnabled()) {
            JCRNodeWrapper targetNodeForPermissionCheck = getTargetNodeForPermissionCheck(httpServletRequest);
            Logger logger2 = logger;
            Object[] objArr = new Object[5];
            objArr[0] = this.remoteServiceName;
            objArr[1] = Boolean.valueOf(this.requireAuthenticatedUser);
            objArr[2] = JahiaUserManagerService.isGuest(JCRSessionFactory.getInstance().getCurrentUser()) ? "guest" : "not guest";
            objArr[3] = targetNodeForPermissionCheck != null ? targetNodeForPermissionCheck.getPath() : "no target node found for this request: " + httpServletRequest.getRequestURI();
            objArr[4] = this.requiredPermission;
            logger2.debug("Access rejected to {}, authentication is required {} and user is {} or user is not allowed to access {} with permission {}", objArr);
        }
        httpServletResponse.sendError(403);
        return null;
    }

    private boolean isAllowed(HttpServletRequest httpServletRequest) {
        HttpSession httpSession = null;
        if (this.requiredPermissionCheckCache) {
            httpSession = httpServletRequest.getSession(false);
            if (httpSession != null && httpSession.getAttribute(SESSION_ATTRIBUTE_PERMISSION_CHECK) != null) {
                return true;
            }
        }
        boolean isDebugEnabled = logger.isDebugEnabled();
        long currentTimeMillis = isDebugEnabled ? System.currentTimeMillis() : 0L;
        boolean z = false;
        try {
            JCRNodeWrapper targetNodeForPermissionCheck = getTargetNodeForPermissionCheck(httpServletRequest);
            JahiaUser currentUser = JCRSessionFactory.getInstance().getCurrentUser();
            z = targetNodeForPermissionCheck != null && JahiaControllerUtils.hasRequiredPermission(targetNodeForPermissionCheck, currentUser, this.requiredPermission);
            if (httpSession != null) {
                if (z) {
                    httpSession.setAttribute(SESSION_ATTRIBUTE_PERMISSION_CHECK, Boolean.TRUE);
                } else {
                    httpSession.removeAttribute(SESSION_ATTRIBUTE_PERMISSION_CHECK);
                }
            }
            if (isDebugEnabled) {
                Logger logger2 = logger;
                Object[] objArr = new Object[5];
                objArr[0] = targetNodeForPermissionCheck != null ? targetNodeForPermissionCheck.getPath() : null;
                objArr[1] = Long.valueOf(System.currentTimeMillis() - currentTimeMillis);
                objArr[2] = currentUser.getUsername();
                objArr[3] = httpSession != null ? httpSession.getId() : ExtendedPropertyType.TYPENAME_UNDEFINED;
                objArr[4] = z ? AggregateCacheFilter.EMPTY_USERKEY : "NOT ";
                logger2.debug("Checked permission for GWT service access and target node {} in {} ms. User {} with session {} is {}allowed to access it.", objArr);
            }
        } catch (ItemNotFoundException e) {
        } catch (RepositoryException e2) {
            logger.warn(e2.getMessage(), e2);
        }
        return z;
    }

    private JCRNodeWrapper getTargetNodeForPermissionCheck(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("site");
        try {
            JCRSessionWrapper currentUserSession = JCRSessionFactory.getInstance().getCurrentUserSession();
            if (StringUtils.isNotEmpty(parameter)) {
                return currentUserSession.m258getNodeByUUID(parameter);
            }
            JahiaSite defaultSite = JahiaSitesService.getInstance().getDefaultSite();
            return defaultSite != null ? (JCRSiteNode) defaultSite : currentUserSession.m259getRootNode();
        } catch (ItemNotFoundException e) {
            return null;
        } catch (RepositoryException e2) {
            logger.warn("Unable to find target JCR node for permission check", e2);
            return null;
        }
    }

    public String processCall(String str) throws SerializationException {
        RemoteService remoteService = null;
        RPCRequest rPCRequest = null;
        try {
            try {
                remoteService = (RemoteService) this.applicationContext.getBean(this.remoteServiceName);
                setServiceData(remoteService, false);
                rPCRequest = RPC.decodeRequest(str, remoteService.getClass(), this);
                if (logger.isDebugEnabled()) {
                    logger.debug("Executing method {}", rPCRequest.getMethod());
                }
                String invokeAndEncodeResponse = JahiaRPC.invokeAndEncodeResponse(remoteService, rPCRequest.getMethod(), rPCRequest.getParameters(), rPCRequest.getSerializationPolicy());
                if (remoteService != null) {
                    setServiceData(remoteService, true);
                }
                return invokeAndEncodeResponse;
            } catch (Exception e) {
                if (rPCRequest != null) {
                    logger.error("An error occurred calling the GWT service method " + rPCRequest.getMethod() + ". Cause: " + e.getMessage(), e);
                } else {
                    logger.error("An error occurred calling the GWT service " + (remoteService != null ? remoteService.getClass().getName() : this.remoteServiceName) + ". Cause: " + e.getMessage(), e);
                }
                String encodeResponseForFailure = RPC.encodeResponseForFailure((Method) null, e);
                if (remoteService != null) {
                    setServiceData(remoteService, true);
                }
                return encodeResponseForFailure;
            }
        } catch (Throwable th) {
            if (remoteService != null) {
                setServiceData(remoteService, true);
            }
            throw th;
        }
    }

    protected SerializationPolicy doGetSerializationPolicy(HttpServletRequest httpServletRequest, String str, String str2) {
        SerializationPolicy doGetSerializationPolicy = super.doGetSerializationPolicy(httpServletRequest, str, str2);
        return doGetSerializationPolicy == null ? new SerializationPolicy() { // from class: org.jahia.ajax.gwt.commons.server.GWTController.1
            public boolean shouldDeserializeFields(Class<?> cls) {
                return cls != Object.class;
            }

            public boolean shouldSerializeFields(Class<?> cls) {
                return cls != Object.class;
            }

            public void validateDeserialize(Class<?> cls) throws SerializationException {
            }

            public void validateSerialize(Class<?> cls) throws SerializationException {
            }
        } : doGetSerializationPolicy;
    }

    public void setRemoteServiceName(String str) {
        this.remoteServiceName = str;
    }

    private void setServiceData(RemoteService remoteService, boolean z) {
        if (remoteService instanceof RequestResponseAware) {
            RequestResponseAware requestResponseAware = (RequestResponseAware) remoteService;
            requestResponseAware.setRequest(z ? null : getThreadLocalRequest());
            requestResponseAware.setResponse(z ? null : getThreadLocalResponse());
        }
    }

    public void setServletContext(ServletContext servletContext) {
        this.servletContext = servletContext;
    }

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }

    public void log(String str, Throwable th) {
        logger.error(str, th);
    }

    public void log(String str) {
        logger.info(str);
    }

    public void setAllowPostMethodOnly(boolean z) {
        this.allowPostMethodOnly = z;
    }

    public void setRequireAuthenticatedUser(boolean z) {
        this.requireAuthenticatedUser = z;
    }

    public void setRequiredPermission(String str) {
        this.requiredPermission = str;
    }

    public void setRequiredPermissionCheckCache(boolean z) {
        this.requiredPermissionCheckCache = z;
    }
}
