package com.bokesoft.scm.yigo.cloud.adapter.springcloud.service.configure;

import com.bokesoft.scm.yigo.cloud.service.configure.CloudServiceProperties;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.header.writers.StaticHeadersWriter;

/* loaded from: input_file:com/bokesoft/scm/yigo/cloud/adapter/springcloud/service/configure/WebSecurityConfig.class */
public class WebSecurityConfig {

    @Autowired
    private CloudServiceProperties serviceProperties;

    @ConditionalOnMissingBean
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.headers(headersConfigurer -> {
            headersConfigurer.frameOptions(frameOptionsConfig -> {
                frameOptionsConfig.sameOrigin();
            }).cacheControl().disable().addHeaderWriter(new StaticHeadersWriter("Allow", new String[]{HttpMethod.GET.toString() + "," + HttpMethod.POST.toString()}));
        }).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable().formLogin().disable().authorizeRequests().antMatchers(StringUtils.isNotBlank(this.serviceProperties.getMasterNodeName()) ? new String[]{"/error", "/mobile/**", "/objectExists/**", "/otherMobile/**", "/service/**"} : new String[]{"/error", "/mobile/**", "/objectExists/**", "/otherMobile/**", "/service/**", "/ssoAuth/**", "/auth/**", "/common/**", "/customize/**", "/session/**", "/rights/**"})).permitAll().anyRequest()).authenticated();
        return (SecurityFilterChain) httpSecurity.build();
    }
}
