package org.sonatype.nexus.security.authc;

import java.io.IOException;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.web.filter.authc.AuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Named
/* loaded from: input_file:org/sonatype/nexus/security/authc/AntiCsrfFilter.class */
public class AntiCsrfFilter extends AuthenticationFilter {
    public static final String NAME = "nx-anticsrf-authc";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AntiCsrfFilter.class);
    private final AntiCsrfHelper csrfHelper;

    @Inject
    public AntiCsrfFilter(AntiCsrfHelper antiCsrfHelper) {
        this.csrfHelper = antiCsrfHelper;
    }

    public boolean isEnabled() {
        return this.csrfHelper.isEnabled();
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        return this.csrfHelper.isAccessAllowed((HttpServletRequest) servletRequest);
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        log.debug("Rejecting request from {} due to invalid cross-site request forgery token", servletRequest.getRemoteAddr());
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setStatus(401);
        httpServletResponse.setContentType("text/plain");
        httpServletResponse.getWriter().print(AntiCsrfHelper.ERROR_MESSAGE_TOKEN_MISMATCH);
        return false;
    }
}
