package com.rocoinfo.rocomall.shiro.filter;

import ch.qos.logback.classic.spi.CallerData;
import com.rocoinfo.rocomall.entity.account.AdminUser;
import com.rocoinfo.rocomall.enumconst.SwitchStatus;
import com.rocoinfo.rocomall.service.impl.AdminUserService;
import com.rocoinfo.rocomall.utils.WebUtils;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.poi.ddf.EscherProperties;
import org.apache.shiro.web.filter.authc.UserFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springside.modules.utils.Encodes;

@Component
/* loaded from: input_file:WEB-INF/classes/com/rocoinfo/rocomall/shiro/filter/MultipleViewUserFilter.class */
public class MultipleViewUserFilter extends UserFilter {
    private static final String USR_ID = "userId";

    @Autowired
    private AdminUserService adminService;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.filter.authc.UserFilter, org.apache.shiro.web.filter.AccessControlFilter
    public boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        Long loggedUserId = WebUtils.getLoggedUserId();
        if (null != loggedUserId) {
            AdminUser byId = this.adminService.getById(loggedUserId);
            if (byId == null) {
                return false;
            }
            if (byId.getStatus() == SwitchStatus.LOCK) {
                getSubject(servletRequest, servletResponse).logout();
                servletRequest.setAttribute(USR_ID, loggedUserId);
                return false;
            }
        }
        return super.isAccessAllowed(servletRequest, servletResponse, obj);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.filter.authc.UserFilter, org.apache.shiro.web.filter.AccessControlFilter
    public boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String contextPath = httpServletRequest.getSession().getServletContext().getContextPath();
        String substring = httpServletRequest.getRequestURI().substring(contextPath.length());
        Object attribute = servletRequest.getAttribute(USR_ID);
        if (WebUtils.isAjaxRequest(httpServletRequest)) {
            httpServletResponse.setStatus(attribute != null ? EscherProperties.THREED__METALLIC : EscherProperties.THREED__USEEXTRUSIONCOLOR);
            return false;
        }
        if (!substring.startsWith("/")) {
            return super.onAccessDenied(servletRequest, servletResponse);
        }
        StringBuilder sb = new StringBuilder();
        sb.append(contextPath);
        sb.append("/login");
        sb.append("?successUrl=").append(getRedirectUrlOnLoginSuccess(httpServletRequest));
        httpServletResponse.sendRedirect(sb.toString());
        return false;
    }

    private String getRedirectUrlOnLoginSuccess(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder(httpServletRequest.getRequestURL().toString());
        String queryString = httpServletRequest.getQueryString();
        if (StringUtils.isNotBlank(queryString)) {
            sb.append(CallerData.NA).append(queryString);
        }
        return Encodes.urlEncode(sb.toString());
    }
}
