package de.enterprise.spring.boot.application.starter.actuate.reactive;

import java.util.Collection;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest;
import org.springframework.boot.actuate.health.HealthEndpoint;
import org.springframework.boot.actuate.info.InfoEndpoint;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.autoconfigure.security.reactive.PathRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;

@ConditionalOnProperty(name = {"enterprise-application.actuator.endpoint-security-enabled"}, havingValue = "true", matchIfMissing = true)
@Configuration(proxyBeanMethods = false)
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
/* loaded from: input_file:de/enterprise/spring/boot/application/starter/actuate/reactive/ReactiveActuatorSecurityConfiguration.class */
public class ReactiveActuatorSecurityConfiguration {

    @Autowired
    private SecurityProperties securityProperties;

    @Bean
    public MapReactiveUserDetailsService userDetailsService() {
        return new MapReactiveUserDetailsService(new UserDetails[]{User.builder().username(this.securityProperties.getUser().getName()).password(this.securityProperties.getUser().getPassword()).authorities((Collection) this.securityProperties.getUser().getRoles().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList())).build()});
    }

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity serverHttpSecurity) {
        serverHttpSecurity.securityMatcher(EndpointRequest.toAnyEndpoint());
        serverHttpSecurity.authorizeExchange(authorizeExchangeSpec -> {
            ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) authorizeExchangeSpec.matchers(new ServerWebExchangeMatcher[]{EndpointRequest.to(new Class[]{HealthEndpoint.class, InfoEndpoint.class})})).permitAll();
            ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) authorizeExchangeSpec.matchers(new ServerWebExchangeMatcher[]{EndpointRequest.toAnyEndpoint()})).hasAuthority("MANAGE_ADMIN");
            ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) authorizeExchangeSpec.matchers(new ServerWebExchangeMatcher[]{PathRequest.toStaticResources().atCommonLocations()})).permitAll();
        });
        serverHttpSecurity.httpBasic();
        serverHttpSecurity.csrf().disable();
        return serverHttpSecurity.build();
    }
}
