package com.softmotions.weboot.security.jwt;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:com/softmotions/weboot/security/jwt/JWTAuthenticationFilter.class */
public class JWTAuthenticationFilter extends AuthenticatingFilter {
    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        String header = WebUtils.toHttp(servletRequest).getHeader("Authorization");
        if (header == null) {
            throw new AuthenticationException("Missing 'Authorization' HTTP header");
        }
        return new JWTAuthenticationToken(header.substring(header.indexOf(32)).trim());
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        boolean z = false;
        String header = http.getHeader("Authorization");
        if (header != null && header.startsWith("Bearer ")) {
            z = executeLogin(servletRequest, servletResponse);
        }
        if (!z) {
            http2.setStatus(401);
        }
        return z;
    }
}
