package org.apache.shiro.biz.web.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.biz.web.servlet.http.HttpStatus;
import org.apache.shiro.util.StringUtils;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:org/apache/shiro/biz/web/filter/AnyRolesFilter.class */
public class AnyRolesFilter extends AccessControlFilter {
    private String unauthorizedUrl = "/unauthorized.jsp";

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        String[] strArr = (String[]) obj;
        if (strArr == null) {
            return true;
        }
        for (String str : strArr) {
            if (getSubject(servletRequest, servletResponse).hasRole(str)) {
                return true;
            }
        }
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (getSubject(servletRequest, servletResponse).getPrincipal() == null) {
            saveRequest(servletRequest);
            WebUtils.issueRedirect(servletRequest, servletResponse, getLoginUrl());
            return false;
        }
        if (StringUtils.hasText(this.unauthorizedUrl)) {
            WebUtils.issueRedirect(servletRequest, servletResponse, this.unauthorizedUrl);
            return false;
        }
        WebUtils.toHttp(servletResponse).sendError(HttpStatus.SC_UNAUTHORIZED);
        return false;
    }
}
