package org.apache.shiro.biz.web.filter;

import java.io.IOException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.biz.utils.WebUtils;
import org.apache.shiro.biz.web.servlet.http.HttpStatus;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/shiro/biz/web/filter/HttpServletSessionExpiredFilter.class */
public class HttpServletSessionExpiredFilter extends AccessControlFilter {
    private static final Logger LOG = LoggerFactory.getLogger(HttpServletSessionExpiredFilter.class);

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        Subject subject = getSubject(servletRequest, servletResponse);
        if (subject == null) {
            return true;
        }
        return subject.isAuthenticated();
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (WebUtils.isAjaxRequest(servletRequest)) {
            WebUtils.toHttp(servletResponse).setHeader("session-status", "timeout");
            WebUtils.writeJSONString(servletResponse, HttpStatus.SC_FORBIDDEN, "Request Denied! Session is Expired.");
            return false;
        }
        try {
            WebUtils.toHttp(servletResponse).sendError(HttpStatus.SC_FORBIDDEN, "Request Denied! Session is Expired.");
            return false;
        } catch (IOException e) {
            if (LOG.isErrorEnabled()) {
                LOG.error("Send Response Error:{}.", e.getCause());
            }
            throw e;
        }
    }
}
