package com.sonatype.nexus.plugins.healthcheck.service.impl;

import com.sonatype.nexus.plugins.healthcheck.service.SecurityService;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Response;
import org.antlr.stringtemplate.StringTemplate;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.sonatype.nexus.security.filter.authc.NexusHttpAuthenticationFilter;
import org.sonatype.security.configuration.SecurityConfigurationManager;
import org.sonatype.sisu.siesta.common.error.WebApplicationMessageException;

@Singleton
@Named
/* loaded from: input_file:WEB-INF/plugin-repository/nexus-healthcheck-oss-plugin-2.14.2-01/dependencies/nexus-healthcheck-base-2.14.2-01.jar:com/sonatype/nexus/plugins/healthcheck/service/impl/SecurityServiceImpl.class */
public class SecurityServiceImpl implements SecurityService {
    private final SecurityConfigurationManager securityConfig;

    @Inject
    public SecurityServiceImpl(SecurityConfigurationManager securityConfigurationManager) {
        this.securityConfig = securityConfigurationManager;
    }

    @Override // com.sonatype.nexus.plugins.healthcheck.service.SecurityService
    public boolean isAnonymousUser(HttpServletRequest httpServletRequest) {
        Subject subject = SecurityUtils.getSubject();
        String anonymousUsername = this.securityConfig.getAnonymousUsername();
        if (StringUtils.isEmpty(anonymousUsername)) {
            anonymousUsername = StringTemplate.ANONYMOUS_ST_NAME;
        }
        return subject == null || Boolean.TRUE.equals(httpServletRequest.getAttribute(NexusHttpAuthenticationFilter.ANONYMOUS_LOGIN)) || anonymousUsername.equals(subject.getPrincipal());
    }

    @Override // com.sonatype.nexus.plugins.healthcheck.service.SecurityService
    public void blockAnonymousUser(HttpServletRequest httpServletRequest) {
        if (isAnonymousUser(httpServletRequest)) {
            throw new WebApplicationMessageException(Response.Status.FORBIDDEN, "Anonymous users may never access sensitive information");
        }
    }
}
