package org.ow2.petals.flowable.rest.config;

import org.flowable.rest.security.BasicAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:org/ow2/petals/flowable/rest/config/SecurityConfiguration.class */
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    public static final String FLOWABLE_REST_API_ACCESS_GROUP_QUALIFIER = "org.ow2.petals.flowable.rest.RestApiAccessGroup";

    @Autowired
    @Qualifier(FLOWABLE_REST_API_ACCESS_GROUP_QUALIFIER)
    private String accessGroup;

    @Bean
    public AuthenticationProvider authenticationProvider() {
        return new BasicAuthenticationProvider();
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        HttpSecurity disable = httpSecurity.authenticationProvider(authenticationProvider()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable();
        if (this.accessGroup == null || this.accessGroup.trim().isEmpty()) {
            throw new AssertionError("impossible");
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) disable.authorizeRequests().anyRequest()).hasAuthority(this.accessGroup).and().httpBasic();
    }
}
