package org.geoserver.security.filter;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.GeoServerRoleConverter;
import org.geoserver.security.config.RoleFilterConfig;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:WEB-INF/lib/gs-main-2.25.3-georchestra.jar:org/geoserver/security/filter/GeoServerRoleFilter.class */
public class GeoServerRoleFilter extends GeoServerSecurityFilter {
    protected GeoServerRoleConverter converter;
    protected String headerAttribute;
    public static String DEFAULT_ROLE_CONVERTER = "roleConverter";
    public static String DEFAULT_HEADER_ATTRIBUTE = "roles";

    @Override // org.geoserver.security.impl.AbstractGeoServerSecurityService, org.geoserver.security.GeoServerSecurityService
    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        super.initializeFromConfig(securityNamedServiceConfig);
        RoleFilterConfig roleFilterConfig = (RoleFilterConfig) securityNamedServiceConfig;
        this.headerAttribute = roleFilterConfig.getHttpResponseHeaderAttrForIncludedRoles();
        String roleConverterName = roleFilterConfig.getRoleConverterName();
        if (roleConverterName == null || roleConverterName.length() == 0) {
            this.converter = (GeoServerRoleConverter) GeoServerExtensions.bean(GeoServerRoleConverter.class);
        } else {
            this.converter = (GeoServerRoleConverter) GeoServerExtensions.bean(roleConverterName);
        }
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Authentication authentication;
        filterChain.doFilter(servletRequest, servletResponse);
        SecurityContext context = SecurityContextHolder.getContext();
        if (context == null || (authentication = context.getAuthentication()) == null) {
            return;
        }
        ((HttpServletResponse) servletResponse).setHeader(this.headerAttribute, this.converter.convertRolesToString(authentication.getAuthorities()));
    }
}
