package com.ibm.wsspi.rest.handler.helper;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.rest.handler.internal.TraceConstants;
import com.ibm.wsspi.rest.handler.RESTRequest;
import com.ibm.wsspi.rest.handler.RESTResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {DefaultAuthorizationHelper.class}, configurationPolicy = ConfigurationPolicy.IGNORE, immediate = true, property = {"service.vendor=IBM"})
@TraceOptions
/* loaded from: input_file:com/ibm/wsspi/rest/handler/helper/DefaultAuthorizationHelper.class */
public class DefaultAuthorizationHelper {
    static final long serialVersionUID = 3453361889577546646L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(DefaultAuthorizationHelper.class, TraceConstants.TRACE_GROUP, TraceConstants.TRACE_BUNDLE_CORE);
    private static final Set<String> REQUIRED_ROLES_DEFAULT = Collections.unmodifiableSet(new HashSet(Arrays.asList("Administrator")));
    private static final Set<String> REQUIRED_ROLES_GET = Collections.unmodifiableSet(new HashSet(Arrays.asList("Administrator", "Reader")));

    public boolean checkAdministratorRole(RESTRequest rESTRequest, RESTResponse rESTResponse) throws IOException {
        boolean equals = "GET".equals(rESTRequest.getMethod());
        boolean z = rESTRequest.isUserInRole("Administrator") || (equals && rESTRequest.isUserInRole("Reader"));
        if (!z) {
            rESTResponse.sendError(403, "Forbidden");
            rESTResponse.setRequiredRoles(equals ? REQUIRED_ROLES_GET : REQUIRED_ROLES_DEFAULT);
        }
        return z;
    }
}
