package org.apache.shiro.biz.web.filter;

import java.io.IOException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.biz.web.Constants;
import org.apache.shiro.biz.web.filter.authc.AbstractAuthenticatingFilter;
import org.apache.shiro.web.filter.PathMatchingFilter;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:org/apache/shiro/biz/web/filter/FormLoginFilter.class */
public class FormLoginFilter extends PathMatchingFilter {
    private String loginUrl = "/login.jsp";
    private String successUrl = "/";

    protected boolean onPreHandle(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        if (SecurityUtils.getSubject().isAuthenticated()) {
            return true;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!isLoginRequest(httpServletRequest)) {
            saveRequestAndRedirectToLogin(httpServletRequest, httpServletResponse);
            return false;
        }
        if ("post".equalsIgnoreCase(httpServletRequest.getMethod()) && login(httpServletRequest)) {
            return redirectToSuccessUrl(httpServletRequest, httpServletResponse);
        }
        return true;
    }

    private boolean redirectToSuccessUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        WebUtils.redirectToSavedRequest(httpServletRequest, httpServletResponse, this.successUrl);
        return false;
    }

    private void saveRequestAndRedirectToLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        WebUtils.saveRequest(httpServletRequest);
        WebUtils.issueRedirect(httpServletRequest, httpServletResponse, this.loginUrl);
    }

    private boolean login(HttpServletRequest httpServletRequest) {
        try {
            SecurityUtils.getSubject().login(new UsernamePasswordToken(httpServletRequest.getParameter(Constants.PARAM_USERNAME), httpServletRequest.getParameter("password")));
            return true;
        } catch (Exception e) {
            httpServletRequest.setAttribute(AbstractAuthenticatingFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, e.getClass());
            return false;
        }
    }

    private boolean isLoginRequest(HttpServletRequest httpServletRequest) {
        return pathsMatch(this.loginUrl, WebUtils.getPathWithinApplication(httpServletRequest));
    }
}
