package org.sonatype.nexus.security.filter.authz;

import java.io.IOException;
import javax.inject.Inject;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonatype.nexus.auth.ClientInfo;
import org.sonatype.nexus.auth.NexusAuthorizationEvent;
import org.sonatype.nexus.auth.ResourceInfo;
import org.sonatype.nexus.proxy.access.Action;
import org.sonatype.nexus.rest.RemoteIPFinder;
import org.sonatype.nexus.security.filter.NexusJSecurityFilter;
import org.sonatype.plexus.appevents.ApplicationEventMulticaster;
import org.sonatype.security.SecuritySystem;

/* loaded from: input_file:org/sonatype/nexus/security/filter/authz/FailureLoggingHttpMethodPermissionFilter.class */
public class FailureLoggingHttpMethodPermissionFilter extends HttpMethodPermissionFilter {
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @Inject
    private SecuritySystem securitySystem;

    @Inject
    private ApplicationEventMulticaster applicationEventMulticaster;

    protected Logger getLogger() {
        return this.logger;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        recordAuthzFailureEvent(servletRequest, servletResponse);
        servletRequest.setAttribute(NexusJSecurityFilter.REQUEST_IS_AUTHZ_REJECTED, Boolean.TRUE);
        return false;
    }

    private void recordAuthzFailureEvent(ServletRequest servletRequest, ServletResponse servletResponse) {
        Subject subject = getSubject(servletRequest, servletResponse);
        if (this.securitySystem.getAnonymousUsername().equals(subject.getPrincipal())) {
            return;
        }
        this.applicationEventMulticaster.notifyEventListeners(new NexusAuthorizationEvent(this, new ClientInfo(String.valueOf(subject.getPrincipal()), RemoteIPFinder.findIP((HttpServletRequest) servletRequest), "n/a"), new ResourceInfo("HTTP", ((HttpServletRequest) servletRequest).getMethod(), Action.valueOf(getHttpMethodAction(servletRequest)), ((HttpServletRequest) servletRequest).getRequestURI()), false));
    }

    protected Object getAttribute(String str) {
        return getFilterConfig().getServletContext().getAttribute(str);
    }
}
