package org.apache.shiro.biz.web.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.biz.utils.StringUtils;
import org.apache.shiro.biz.web.servlet.http.HttpStatus;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:org/apache/shiro/biz/web/filter/HttpServletRequestCrosFilter.class */
public class HttpServletRequestCrosFilter extends AccessControlFilter {
    public static final String DEFAULT_ACCESS_CONTROL_ALLOW_METHODS = "PUT,POST,GET,DELETE,OPTIONS";
    public static final String DEFAULT_ACCESS_CONTROL_ALLOW_HEADERS = "Origin, X-Requested-With, Content-Type, Accept";
    private boolean accessControlAllowCredentials = false;
    private String accessControlAllowOrigin = "*";
    private String accessControlAllowMethods = "PUT,POST,GET,DELETE,OPTIONS";
    private String accessControlAllowHeaders = DEFAULT_ACCESS_CONTROL_ALLOW_HEADERS;

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        String accessControlAllowOrigin = StringUtils.hasText(getAccessControlAllowOrigin()) ? getAccessControlAllowOrigin() : http.getHeader("Origin");
        String accessControlAllowMethods = StringUtils.hasText(getAccessControlAllowMethods()) ? getAccessControlAllowMethods() : "PUT,POST,GET,DELETE,OPTIONS";
        String accessControlAllowHeaders = StringUtils.hasText(getAccessControlAllowHeaders()) ? getAccessControlAllowHeaders() : http.getHeader("Access-Control-Request-Headers");
        http2.setHeader(HttpServletRequestHeaderFilter.ACCESS_CONTROL_ALLOW_CREDENTIALS_KEY, Boolean.toString(isAccessControlAllowCredentials()));
        http2.setHeader(HttpServletRequestHeaderFilter.ACCESS_CONTROL_ALLOW_ORIGIN_KEY, accessControlAllowOrigin);
        http2.setHeader(HttpServletRequestHeaderFilter.ACCESS_CONTROL_ALLOW_METHODS_KEY, accessControlAllowMethods);
        http2.setHeader(HttpServletRequestHeaderFilter.ACCESS_CONTROL_ALLOW_HEADERS_KEY, accessControlAllowHeaders);
        if (!http.getMethod().equals(RequestMethod.OPTIONS.name())) {
            return true;
        }
        http2.setStatus(HttpStatus.SC_OK);
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        return true;
    }

    public boolean isAccessControlAllowCredentials() {
        return this.accessControlAllowCredentials;
    }

    public void setAccessControlAllowCredentials(boolean z) {
        this.accessControlAllowCredentials = z;
    }

    public String getAccessControlAllowOrigin() {
        return this.accessControlAllowOrigin;
    }

    public void setAccessControlAllowOrigin(String str) {
        this.accessControlAllowOrigin = str;
    }

    public String getAccessControlAllowMethods() {
        return this.accessControlAllowMethods;
    }

    public void setAccessControlAllowMethods(String str) {
        this.accessControlAllowMethods = str;
    }

    public String getAccessControlAllowHeaders() {
        return this.accessControlAllowHeaders;
    }

    public void setAccessControlAllowHeaders(String str) {
        this.accessControlAllowHeaders = str;
    }
}
