package com.bazaarvoice.emodb.auth.jersey;

import com.bazaarvoice.emodb.auth.shiro.AnonymousToken;
import com.bazaarvoice.emodb.auth.shiro.PrincipalWithRoles;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponse;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.server.HttpConnection;
import org.eclipse.jetty.server.Request;

/* loaded from: input_file:com/bazaarvoice/emodb/auth/jersey/AuthenticationResourceFilter.class */
public class AuthenticationResourceFilter implements ResourceFilter, ContainerRequestFilter, ContainerResponseFilter {
    private final SecurityManager _securityManager;
    private final AuthenticationTokenGenerator<?> _tokenGenerator;

    public AuthenticationResourceFilter(SecurityManager securityManager, AuthenticationTokenGenerator<?> authenticationTokenGenerator) {
        this._securityManager = securityManager;
        this._tokenGenerator = authenticationTokenGenerator;
    }

    @Override // com.sun.jersey.spi.container.ResourceFilter
    public ContainerRequestFilter getRequestFilter() {
        return this;
    }

    @Override // com.sun.jersey.spi.container.ResourceFilter
    public ContainerResponseFilter getResponseFilter() {
        return this;
    }

    @Override // com.sun.jersey.spi.container.ContainerRequestFilter
    public ContainerRequest filter(ContainerRequest containerRequest) {
        org.apache.shiro.subject.Subject buildSubject = new Subject.Builder(this._securityManager).buildSubject();
        ThreadContext.bind(buildSubject);
        AuthenticationToken createToken = this._tokenGenerator.createToken(containerRequest);
        if (createToken == null) {
            createToken = AnonymousToken.getInstance();
        }
        buildSubject.login(createToken);
        setJettyAuthentication(buildSubject);
        return containerRequest;
    }

    @Override // com.sun.jersey.spi.container.ContainerResponseFilter
    public ContainerResponse filter(ContainerRequest containerRequest, ContainerResponse containerResponse) {
        org.apache.shiro.subject.Subject subject = ThreadContext.getSubject();
        if (subject != null) {
            if (subject.isAuthenticated()) {
                subject.logout();
            }
            ThreadContext.unbindSubject();
        }
        return containerResponse;
    }

    private void setJettyAuthentication(org.apache.shiro.subject.Subject subject) {
        Request request;
        HttpConnection currentConnection = HttpConnection.getCurrentConnection();
        if (currentConnection == null || (request = currentConnection.getHttpChannel().getRequest()) == null) {
            return;
        }
        request.setAuthentication(new UserAuthentication("BASIC", ((PrincipalWithRoles) subject.getPrincipal()).toUserIdentity()));
    }
}
