package com.sojson.core.shiro.filter;

import com.sojson.common.utils.LoggerUtils;
import java.util.HashMap;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.StringUtils;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:com/sojson/core/shiro/filter/PermissionFilter.class */
public class PermissionFilter extends AccessControlFilter {
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        Subject subject = getSubject(servletRequest, servletResponse);
        if (null != obj) {
            for (String str : (String[]) obj) {
                if (subject.isPermitted(str)) {
                    return Boolean.TRUE.booleanValue();
                }
            }
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String requestURI = httpServletRequest.getRequestURI();
        String contextPath = httpServletRequest.getContextPath();
        if (null != requestURI && requestURI.startsWith(contextPath)) {
            requestURI = requestURI.replaceFirst(contextPath, "");
        }
        if (subject.isPermitted(requestURI)) {
            return Boolean.TRUE.booleanValue();
        }
        if (ShiroFilterUtils.isAjax(servletRequest)) {
            HashMap hashMap = new HashMap();
            LoggerUtils.debug(getClass(), "当前用户没有登录，并且是Ajax请求！");
            hashMap.put("login_status", "300");
            hashMap.put("message", "当前用户没有登录！");
            ShiroFilterUtils.out(servletResponse, hashMap);
        }
        return Boolean.FALSE.booleanValue();
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (null == getSubject(servletRequest, servletResponse).getPrincipal()) {
            saveRequest(servletRequest);
            WebUtils.issueRedirect(servletRequest, servletResponse, "/u/login.shtml");
        } else if (StringUtils.hasText("/open/unauthorized.shtml")) {
            WebUtils.issueRedirect(servletRequest, servletResponse, "/open/unauthorized.shtml");
        } else {
            WebUtils.toHttp(servletResponse).sendError(401);
        }
        return Boolean.FALSE.booleanValue();
    }
}
