package org.ametys.web;

import java.util.Collection;
import java.util.Map;
import org.ametys.runtime.authentication.AccessDeniedException;
import org.ametys.runtime.authentication.AuthenticateAction;
import org.ametys.runtime.config.Config;
import org.ametys.runtime.util.StringUtils;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;

/* loaded from: input_file:org/ametys/web/WebAuthenticateAction.class */
public class WebAuthenticateAction extends AuthenticateAction {
    protected boolean _checkAuth(Map map, Redirector redirector) throws Exception {
        Request request = ObjectModelHelper.getRequest(map);
        if (!"true".equals(request.getHeader("X-Ametys-FO"))) {
            return super._checkAuth(map, redirector);
        }
        Collection stringToCollection = StringUtils.stringToCollection(Config.getInstance().getValueAsString("org.ametys.web.front.ip"));
        String header = request.getHeader("X-Forwarded-For");
        String remoteAddr = header != null ? header.split(",")[0] : request.getRemoteAddr();
        if (!stringToCollection.contains(remoteAddr)) {
            throw new AccessDeniedException("IP '" + remoteAddr + "' is not allowed as front-office IP.");
        }
        request.setAttribute(WebConstants.FO_LOGIN, request.getHeader("X-Ametys-FO-Login"));
        return true;
    }
}
