package com.hazelcast.webmonitor.session;

import com.hazelcast.webmonitor.configreplacer.SystemProperties;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/classes/com/hazelcast/webmonitor/session/SessionControlAuthenticationStrategy.class
 */
/* loaded from: input_file:com/hazelcast/webmonitor/session/SessionControlAuthenticationStrategy.class */
public class SessionControlAuthenticationStrategy extends ConcurrentSessionControlAuthenticationStrategy {
    public static final String ALLOW_MULTIPLE_LOGIN = "hazelcast.mc.allowMultipleLogin";
    public static final String FORCE_LOGOUT_ON_MULTIPLE_LOGIN = "hazelcast.mc.forceLogoutOnMultipleLogin";
    public static final String INVALIDATE_OTHER_SESSIONS_KEY = "invalidate-other-sessions";
    private final SessionRegistry sessionRegistry;
    private final boolean allowMultipleLogins;

    public SessionControlAuthenticationStrategy(SessionRegistry sessionRegistry) {
        super(sessionRegistry);
        this.allowMultipleLogins = SystemProperties.getBoolean(ALLOW_MULTIPLE_LOGIN, true);
        this.sessionRegistry = sessionRegistry;
        if (this.allowMultipleLogins) {
            setMaximumSessions(Integer.MAX_VALUE);
        } else {
            setMaximumSessions(1);
            setExceptionIfMaximumExceeded(!SystemProperties.getBoolean(FORCE_LOGOUT_ON_MULTIPLE_LOGIN));
        }
    }

    @Override // org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy, org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
    public void onAuthentication(Authentication authentication, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!this.allowMultipleLogins && Boolean.parseBoolean(httpServletRequest.getParameter(INVALIDATE_OTHER_SESSIONS_KEY))) {
            String id = httpServletRequest.getSession().getId();
            this.sessionRegistry.getAllSessions(authentication.getPrincipal(), false).stream().filter(sessionInformation -> {
                return !Objects.equals(sessionInformation.getSessionId(), id);
            }).forEach((v0) -> {
                v0.expireNow();
            });
        }
        super.onAuthentication(authentication, httpServletRequest, httpServletResponse);
    }
}
