package org.apache.shiro.biz.web.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.biz.utils.StringUtils;
import org.apache.shiro.biz.utils.WebUtils;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/shiro/biz/web/filter/HttpServletRequestOptionsFilter.class */
public class HttpServletRequestOptionsFilter extends AccessControlFilter {
    private static final Logger LOG = LoggerFactory.getLogger(HttpServletRequestOptionsFilter.class);
    public static final String DEFAULT_X_FRAME_OPTIONS = "SAMEORIGIN";
    public static final String DEFAULT_X_CONTENT_TYPE_OPTIONS = "nosniff";
    protected String XFrameOptions = DEFAULT_X_FRAME_OPTIONS;
    protected String XContentTypeOptions = DEFAULT_X_CONTENT_TYPE_OPTIONS;

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        HttpServletResponse http = WebUtils.toHttp(servletResponse);
        String xFrameOptions = StringUtils.hasText(getXFrameOptions()) ? getXFrameOptions() : DEFAULT_X_FRAME_OPTIONS;
        String xContentTypeOptions = StringUtils.hasText(getXContentTypeOptions()) ? getXContentTypeOptions() : DEFAULT_X_CONTENT_TYPE_OPTIONS;
        http.setHeader(HttpServletRequestHeaderFilter.X_FRAME_OPTIONS_KEY, xFrameOptions);
        http.setHeader(HttpServletRequestHeaderFilter.X_CONTENT_TYPE_OPTIONS_KEY, xContentTypeOptions);
        if (!LOG.isDebugEnabled()) {
            return true;
        }
        LOG.debug("Filter:{} Set HTTP HEADER: X-Frame-Options:{}; X-Content-Type-Options:{}.", new Object[]{getName(), xFrameOptions, xContentTypeOptions});
        return true;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        return true;
    }

    public String getXFrameOptions() {
        return this.XFrameOptions;
    }

    public void setXFrameOptions(String str) {
        this.XFrameOptions = str;
    }

    public String getXContentTypeOptions() {
        return this.XContentTypeOptions;
    }

    public void setXContentTypeOptions(String str) {
        this.XContentTypeOptions = str;
    }
}
