package juzu.plugin.authz;

import java.lang.reflect.Method;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import juzu.Response;
import juzu.impl.request.Request;
import juzu.impl.request.RequestFilter;
import juzu.impl.request.Stage;
import juzu.request.SecurityContext;

/* loaded from: input_file:juzu/plugin/authz/AuthzManager.class */
public class AuthzManager implements RequestFilter<Stage.Handler> {
    public Class<Stage.Handler> getStageType() {
        return Stage.Handler.class;
    }

    public Response handle(Stage.Handler handler) {
        Request request = handler.getRequest();
        Method method = request.getHandler().getMethod();
        RolesAllowed annotation = method.getAnnotation(RolesAllowed.class);
        PermitAll annotation2 = method.getAnnotation(PermitAll.class);
        DenyAll annotation3 = method.getAnnotation(DenyAll.class);
        if (annotation == null && annotation2 == null && annotation3 == null) {
            Class<?> declaringClass = method.getDeclaringClass();
            annotation = (RolesAllowed) declaringClass.getAnnotation(RolesAllowed.class);
            annotation3 = (DenyAll) declaringClass.getAnnotation(DenyAll.class);
        }
        boolean z = false;
        if (annotation3 != null) {
            z = false;
        } else if (annotation != null) {
            SecurityContext securityContext = request.getSecurityContext();
            String[] value = annotation.value();
            int length = value.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (securityContext.isUserInRole(value[i])) {
                    z = true;
                    break;
                }
                i++;
            }
        } else {
            z = true;
        }
        return !z ? new Response.Error.Forbidden("Access denied") : handler.invoke();
    }
}
