package web.war.jaxrs.securitycontext;

import javax.annotation.security.RolesAllowed;
import javax.inject.Inject;
import javax.security.enterprise.SecurityContext;
import javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters;
import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
import javax.security.enterprise.credential.Password;
import javax.security.enterprise.credential.UsernamePasswordCredential;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;

@BasicAuthenticationMechanismDefinition(realmName = "testRealm")
@Produces({"text/plain"})
@Path("scham")
/* loaded from: input_file:web/war/jaxrs/securitycontext/SecurityContextHamApp.class */
public class SecurityContextHamApp extends CommonJaxRSApp {

    @Inject
    private SecurityContext securityContext;

    @GET
    @Path("hello")
    public String hello() {
        return "Hello!";
    }

    @GET
    @Path("callerName")
    public String getCallerName(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        if (this.securityContext == null) {
            return "Null SecurityContext!";
        }
        this.securityContext.authenticate(httpServletRequest, httpServletResponse, AuthenticationParameters.withParams().credential(new UsernamePasswordCredential(httpServletRequest.getParameter("username"), new Password(httpServletRequest.getParameter("password")))));
        return "authenticated callerPrincipal: " + this.securityContext.getCallerPrincipal().getName();
    }

    @GET
    @Path("authCallerName")
    @RolesAllowed({"Employee"})
    public String getAuthCallerName(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        return this.securityContext != null ? "callerPrincipal: " + this.securityContext.getCallerPrincipal().getName() : "Null SecurityContext!";
    }

    @GET
    @Path("hasRole")
    @RolesAllowed({"Employee", "Manager"})
    public String hasRole(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("role");
        return this.securityContext != null ? this.securityContext.isCallerInRole(parameter) ? "callerPrincipal " + this.securityContext.getCallerPrincipal().getName() + " is in role " + parameter + "." : "callerPrincipal " + this.securityContext.getCallerPrincipal().getName() + " is not in role " + parameter + "." : "Null SecurityContext!";
    }
}
