package hudson.security;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.context.SecurityContextRepository;

/* loaded from: input_file:WEB-INF/lib/hudson-core-3.3.1.jar:hudson/security/HttpSessionContextIntegrationFilter2.class */
public class HttpSessionContextIntegrationFilter2 extends SecurityContextPersistenceFilter {
    private final SecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository() { // from class: hudson.security.HttpSessionContextIntegrationFilter2.1
        @Override // org.springframework.security.web.context.HttpSessionSecurityContextRepository
        protected SecurityContext generateNewContext() {
            return new NotSerilizableSecurityContext();
        }
    };

    public HttpSessionContextIntegrationFilter2() throws ServletException {
        super.setSecurityContextRepository(this.securityContextRepository);
    }

    public void doFilterHttp(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        SecurityContext securityContext;
        Authentication authentication;
        HttpSession session = ((HttpServletRequest) servletRequest).getSession(false);
        if (session != null && (securityContext = (SecurityContext) session.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)) != null && (authentication = securityContext.getAuthentication()) != null && (authentication.getPrincipal() instanceof InvalidatableUserDetails) && ((InvalidatableUserDetails) authentication.getPrincipal()).isInvalid()) {
            session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, null);
        }
        super.doFilter(servletRequest, servletResponse, filterChain);
    }
}
