package hudson.security;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.model.User;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jenkins.security.SecurityListener;
import jenkins.security.seed.UserSeedProperty;
import jenkins.util.SystemProperties;
import org.apache.http.client.methods.HttpPost;
import org.eclipse.jetty.security.authentication.FormAuthenticator;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Restricted({NoExternalUse.class})
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.436-rc34455.eb_cb_b_60ffa_e5.jar:hudson/security/AuthenticationProcessingFilter2.class */
public final class AuthenticationProcessingFilter2 extends UsernamePasswordAuthenticationFilter {
    private static final Logger LOGGER = Logger.getLogger(AuthenticationProcessingFilter2.class.getName());

    @SuppressFBWarnings(value = {"HARD_CODE_PASSWORD"}, justification = "This is a password parameter, not a password")
    public AuthenticationProcessingFilter2(String str) {
        setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/" + str, HttpPost.METHOD_NAME));
        setUsernameParameter(FormAuthenticator.__J_USERNAME);
        setPasswordParameter(FormAuthenticator.__J_PASSWORD);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    @SuppressFBWarnings(value = {"RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT"}, justification = "request.getSession(true) does in fact have a side effect")
    public void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        if (SystemProperties.getInteger(SecurityRealm.class.getName() + ".sessionFixationProtectionMode", 1).intValue() == 2) {
            httpServletRequest.getSession().invalidate();
            httpServletRequest.getSession(true);
        }
        super.successfulAuthentication(httpServletRequest, httpServletResponse, filterChain, authentication);
        HttpSession session = httpServletRequest.getSession();
        if (!UserSeedProperty.DISABLE_USER_SEED) {
            session.setAttribute(UserSeedProperty.USER_SESSION_SEED, ((UserSeedProperty) User.getById(authentication.getName(), true).getProperty(UserSeedProperty.class)).getSeed());
        }
        SecurityListener.fireLoggedIn(authentication.getName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        super.unsuccessfulAuthentication(httpServletRequest, httpServletResponse, authenticationException);
        LOGGER.log(Level.FINE, "Login attempt failed", (Throwable) authenticationException);
    }
}
