package org.springframework.security.web.server.authorization;

import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
import org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint;
import org.springframework.util.Assert;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;

/* loaded from: input_file:WEB-INF/lib/spring-security-web-5.8.14.jar:org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.class */
public class ExceptionTranslationWebFilter implements WebFilter, MessageSourceAware {
    private ServerAuthenticationEntryPoint authenticationEntryPoint = new HttpBasicServerAuthenticationEntryPoint();
    private ServerAccessDeniedHandler accessDeniedHandler = new HttpStatusServerAccessDeniedHandler(HttpStatus.FORBIDDEN);
    private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();

    @Override // org.springframework.web.server.WebFilter
    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        return webFilterChain.filter(serverWebExchange).onErrorResume(AccessDeniedException.class, accessDeniedException -> {
            return serverWebExchange.getPrincipal().filter(principal -> {
                return !(principal instanceof Authentication) || ((principal instanceof Authentication) && !this.authenticationTrustResolver.isAnonymous((Authentication) principal));
            }).switchIfEmpty(commenceAuthentication(serverWebExchange, new InsufficientAuthenticationException("Full authentication is required to access this resource"))).flatMap(principal2 -> {
                return this.accessDeniedHandler.handle(serverWebExchange, accessDeniedException);
            }).then();
        });
    }

    public void setAccessDeniedHandler(ServerAccessDeniedHandler serverAccessDeniedHandler) {
        Assert.notNull(serverAccessDeniedHandler, "accessDeniedHandler cannot be null");
        this.accessDeniedHandler = serverAccessDeniedHandler;
    }

    public void setAuthenticationEntryPoint(ServerAuthenticationEntryPoint serverAuthenticationEntryPoint) {
        Assert.notNull(serverAuthenticationEntryPoint, "authenticationEntryPoint cannot be null");
        this.authenticationEntryPoint = serverAuthenticationEntryPoint;
    }

    public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
        Assert.notNull(authenticationTrustResolver, "authenticationTrustResolver must not be null");
        this.authenticationTrustResolver = authenticationTrustResolver;
    }

    @Override // org.springframework.context.MessageSourceAware
    @Deprecated
    public void setMessageSource(MessageSource messageSource) {
    }

    private <T> Mono<T> commenceAuthentication(ServerWebExchange serverWebExchange, AuthenticationException authenticationException) {
        return this.authenticationEntryPoint.commence(serverWebExchange, new AuthenticationCredentialsNotFoundException("Not Authenticated", authenticationException)).then(Mono.empty());
    }
}
