package org.apache.shiro.biz.web.filter;

import java.io.IOException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.biz.utils.WebUtils;
import org.apache.shiro.biz.web.servlet.http.HttpStatus;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/shiro/biz/web/filter/HttpServletRequestMethodFilter.class */
public class HttpServletRequestMethodFilter extends AccessControlFilter {
    private static final Logger LOG = LoggerFactory.getLogger(HttpServletRequestMethodFilter.class);
    public static final String DEFAULT_ACCESS_CONTROL_ALLOW_METHODS = "PUT,POST,GET,DELETE,OPTIONS";
    private String[] allowedHTTPMethods;

    public String[] getAllowedHTTPMethods() {
        return this.allowedHTTPMethods;
    }

    public void setAllowedHTTPMethods(String[] strArr) {
        this.allowedHTTPMethods = strArr;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        if (this.allowedHTTPMethods == null || this.allowedHTTPMethods.length == 0) {
            return false;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("HttpServletRequestMethodFilter has config allowed http method:{}.", StringUtils.join(this.allowedHTTPMethods, ","));
        }
        String method = WebUtils.toHttp(servletRequest).getMethod();
        boolean z = false;
        for (String str : this.allowedHTTPMethods) {
            if (str != null && str.equalsIgnoreCase(method)) {
                z = true;
            }
        }
        if (LOG.isDebugEnabled() && !z) {
            LOG.debug("Request Method:{} is Not Allowed!.Request will be returned with a 403 response!", method);
        }
        return z;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        String format = String.format("Request Denied! Request Method {%s} is Not Allowed.", WebUtils.toHttp(servletRequest).getMethod());
        if (WebUtils.isAjaxRequest(servletRequest)) {
            WebUtils.writeJSONString(servletResponse, HttpStatus.SC_FORBIDDEN, format);
            return false;
        }
        try {
            WebUtils.toHttp(servletResponse).sendError(HttpStatus.SC_FORBIDDEN, format);
            return false;
        } catch (IOException e) {
            if (LOG.isErrorEnabled()) {
                LOG.error("Send Response Error:{}.", e.getCause());
            }
            throw e;
        }
    }
}
