package com.axelor.auth.cas;

import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.web.filter.authc.UserFilter;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:com/axelor/auth/cas/AuthCasUserFilter.class */
public class AuthCasUserFilter extends UserFilter {
    @Inject
    public void setLoginUrl(@Named("shiro.cas.login.url") String str) {
        super.setLoginUrl(str);
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        return super.isAccessAllowed(servletRequest, servletResponse, obj);
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (!isXHR(servletRequest)) {
            return super.onAccessDenied(servletRequest, servletResponse);
        }
        if (isLogin(servletRequest)) {
            return doLogin(servletRequest, servletResponse);
        }
        ((HttpServletResponse) servletResponse).setStatus(302);
        return false;
    }

    private boolean doLogin(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        return false;
    }

    private boolean isXHR(ServletRequest servletRequest) {
        return "XMLHttpRequest".equals(((HttpServletRequest) servletRequest).getHeader("X-Requested-With"));
    }

    private boolean isLogin(ServletRequest servletRequest) {
        return pathsMatch("/login.jsp", servletRequest) && WebUtils.toHttp(servletRequest).getMethod().toUpperCase().equals("POST");
    }
}
