package com.sojson.core.shiro.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.StringUtils;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:WEB-INF/lib/shiro-redis-0.0.2-SNAPSHOT.jar:com/sojson/core/shiro/filter/RoleFilter.class */
public class RoleFilter extends AccessControlFilter {
    static final String LOGIN_URL = "http://www.sojson.com/user/open/toLogin.shtml";
    static final String UNAUTHORIZED_URL = "http://www.sojson.com/unauthorized.html";

    @Override // org.apache.shiro.web.filter.AccessControlFilter
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        Subject subject = getSubject(servletRequest, servletResponse);
        for (String str : (String[]) obj) {
            if (subject.hasRole("role:" + str)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.filter.AccessControlFilter
    public boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (getSubject(servletRequest, servletResponse).getPrincipal() == null) {
            saveRequest(servletRequest);
            WebUtils.issueRedirect(servletRequest, servletResponse, LOGIN_URL);
            return false;
        }
        if (StringUtils.hasText(UNAUTHORIZED_URL)) {
            WebUtils.issueRedirect(servletRequest, servletResponse, UNAUTHORIZED_URL);
            return false;
        }
        WebUtils.toHttp(servletResponse).sendError(401);
        return false;
    }
}
