package ee.bitweb.core.actuator;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;

@Configuration
@ConditionalOnProperty(value = {"ee.bitweb.core.actuator.security.enabled"}, havingValue = "true")
@Order(110)
/* loaded from: input_file:ee/bitweb/core/actuator/ActuatorSecurity.class */
public class ActuatorSecurity extends WebSecurityConfigurerAdapter {
    private static final Logger log = LoggerFactory.getLogger("ee.bitweb.core.actuator");
    private final ActuatorSecurityProperties actuatorSecurityProperties;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        String role = this.actuatorSecurityProperties.getRole();
        httpSecurity.requestMatcher(EndpointRequest.toAnyEndpoint().excluding(new String[]{"health"})).csrf().disable().authenticationProvider(new ActuatorAuthenticationProvider(this.actuatorSecurityProperties)).authorizeRequests(expressionInterceptUrlRegistry -> {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.anyRequest()).hasRole(role);
        }).httpBasic();
        log.info("Configured security for actuator endpoints excluding health, allowing roles {}", role);
    }

    public ActuatorSecurity(ActuatorSecurityProperties actuatorSecurityProperties) {
        this.actuatorSecurityProperties = actuatorSecurityProperties;
    }
}
