package io.springlets.security.web.config;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.header.writers.StaticHeadersWriter;

/* loaded from: input_file:io/springlets/security/web/config/SpringletsWebSecurityConfigurer.class */
class SpringletsWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
    boolean disableConcurrency = true;
    private static String DEFAULT_POLICY_DIRECTIVES = "script-src 'self' 'unsafe-inline' ";
    private static String CONTENT_SECURITY_POLICY_HEADER = "Content-Security-Policy";
    private static String LOGIN_FORM_URL = "/login";
    private static String X_CONTENT_SECURITY_POLICY_HEADER = "X-Content-Security-Policy";
    private static String X_WEBKIT_CSP_POLICY_HEADER = "X-WebKit-CSP";

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        if (this.disableConcurrency) {
            httpSecurity.sessionManagement().maximumSessions(1).expiredUrl("/login?expired");
        }
        httpSecurity.headers().addHeaderWriter(new StaticHeadersWriter(X_CONTENT_SECURITY_POLICY_HEADER, new String[]{DEFAULT_POLICY_DIRECTIVES})).addHeaderWriter(new StaticHeadersWriter(CONTENT_SECURITY_POLICY_HEADER, new String[]{DEFAULT_POLICY_DIRECTIVES})).addHeaderWriter(new StaticHeadersWriter(X_WEBKIT_CSP_POLICY_HEADER, new String[]{DEFAULT_POLICY_DIRECTIVES}));
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/public/**", "/webjars/**", "/resources/**", "/static/**", "/login/**"})).permitAll().anyRequest()).authenticated().and().formLogin().loginPage(LOGIN_FORM_URL).permitAll().and().logout().permitAll();
        httpSecurity.exceptionHandling().authenticationEntryPoint(new SpringletsSecurityWebAuthenticationEntryPoint()).accessDeniedHandler(new SpringletsSecurityWebAccessDeniedHandlerImpl());
    }
}
