package org.springframework.security.web.session;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.util.List;
import java.util.function.Supplier;
import org.springframework.core.log.LogMessage;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.logout.CompositeLogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.2.2.jar:org/springframework/security/web/session/ConcurrentSessionFilter.class */
public class ConcurrentSessionFilter extends GenericFilterBean {
    private SecurityContextHolderStrategy securityContextHolderStrategy;
    private final SessionRegistry sessionRegistry;
    private String expiredUrl;
    private RedirectStrategy redirectStrategy;
    private LogoutHandler handlers;
    private SessionInformationExpiredStrategy sessionInformationExpiredStrategy;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.2.2.jar:org/springframework/security/web/session/ConcurrentSessionFilter$ResponseBodySessionInformationExpiredStrategy.class */
    private static final class ResponseBodySessionInformationExpiredStrategy implements SessionInformationExpiredStrategy {
        private ResponseBodySessionInformationExpiredStrategy() {
        }

        @Override // org.springframework.security.web.session.SessionInformationExpiredStrategy
        public void onExpiredSessionDetected(SessionInformationExpiredEvent sessionInformationExpiredEvent) throws IOException {
            HttpServletResponse response = sessionInformationExpiredEvent.getResponse();
            response.getWriter().print("This session has been expired (possibly due to multiple concurrent logins being attempted as the same user).");
            response.flushBuffer();
        }
    }

    public ConcurrentSessionFilter(SessionRegistry sessionRegistry) {
        this.securityContextHolderStrategy = SecurityContextHolder.getContextHolderStrategy();
        this.handlers = new CompositeLogoutHandler(new SecurityContextLogoutHandler());
        Assert.notNull(sessionRegistry, "SessionRegistry required");
        this.sessionRegistry = sessionRegistry;
        this.sessionInformationExpiredStrategy = new ResponseBodySessionInformationExpiredStrategy();
    }

    @Deprecated
    public ConcurrentSessionFilter(SessionRegistry sessionRegistry, String str) {
        this.securityContextHolderStrategy = SecurityContextHolder.getContextHolderStrategy();
        this.handlers = new CompositeLogoutHandler(new SecurityContextLogoutHandler());
        Assert.notNull(sessionRegistry, "SessionRegistry required");
        Assert.isTrue(str == null || UrlUtils.isValidRedirectUrl(str), (Supplier<String>) () -> {
            return str + " isn't a valid redirect URL";
        });
        this.expiredUrl = str;
        this.sessionRegistry = sessionRegistry;
        this.sessionInformationExpiredStrategy = sessionInformationExpiredEvent -> {
            HttpServletRequest request = sessionInformationExpiredEvent.getRequest();
            this.redirectStrategy.sendRedirect(request, sessionInformationExpiredEvent.getResponse(), determineExpiredUrl(request, sessionInformationExpiredEvent.getSessionInformation()));
        };
    }

    public ConcurrentSessionFilter(SessionRegistry sessionRegistry, SessionInformationExpiredStrategy sessionInformationExpiredStrategy) {
        this.securityContextHolderStrategy = SecurityContextHolder.getContextHolderStrategy();
        this.handlers = new CompositeLogoutHandler(new SecurityContextLogoutHandler());
        Assert.notNull(sessionRegistry, "sessionRegistry required");
        Assert.notNull(sessionInformationExpiredStrategy, "sessionInformationExpiredStrategy cannot be null");
        this.sessionRegistry = sessionRegistry;
        this.sessionInformationExpiredStrategy = sessionInformationExpiredStrategy;
    }

    @Override // org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        Assert.notNull(this.sessionRegistry, "SessionRegistry required");
    }

    @Override // jakarta.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    private void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        SessionInformation sessionInformation;
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null && (sessionInformation = this.sessionRegistry.getSessionInformation(session.getId())) != null) {
            if (sessionInformation.isExpired()) {
                this.logger.debug(LogMessage.of(() -> {
                    return "Requested session ID " + httpServletRequest.getRequestedSessionId() + " has expired.";
                }));
                doLogout(httpServletRequest, httpServletResponse);
                this.sessionInformationExpiredStrategy.onExpiredSessionDetected(new SessionInformationExpiredEvent(sessionInformation, httpServletRequest, httpServletResponse));
                return;
            }
            this.sessionRegistry.refreshLastRequest(sessionInformation.getSessionId());
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    @Deprecated
    protected String determineExpiredUrl(HttpServletRequest httpServletRequest, SessionInformation sessionInformation) {
        return this.expiredUrl;
    }

    private void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.handlers.logout(httpServletRequest, httpServletResponse, this.securityContextHolderStrategy.getContext().getAuthentication());
    }

    public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {
        Assert.notNull(securityContextHolderStrategy, "securityContextHolderStrategy cannot be null");
        this.securityContextHolderStrategy = securityContextHolderStrategy;
    }

    public void setLogoutHandlers(LogoutHandler[] logoutHandlerArr) {
        this.handlers = new CompositeLogoutHandler(logoutHandlerArr);
    }

    public void setLogoutHandlers(List<LogoutHandler> list) {
        this.handlers = new CompositeLogoutHandler(list);
    }

    @Deprecated
    public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
        this.redirectStrategy = redirectStrategy;
    }
}
