package org.geoserver.script.rest.callback;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.geoserver.rest.DispatcherCallbackAdapter;
import org.geoserver.rest.RestException;
import org.geoserver.script.ScriptManager;
import org.geoserver.security.GeoServerSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/geoserver/script/rest/callback/SecurityCallback.class */
public class SecurityCallback extends DispatcherCallbackAdapter {

    @Autowired
    ScriptManager scriptManager;

    public void init(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        GeoServerSecurityManager securityManager = this.scriptManager.getSecurityManager();
        if (httpServletRequest.getRequestURI().contains("geoserver/rest/scripts")) {
            if (!securityManager.checkAuthenticationForAdminRole()) {
                throw new RestException("", HttpStatus.UNAUTHORIZED);
            }
            if (securityManager.checkForDefaultAdminPassword()) {
                throw new RestException("insecure password", HttpStatus.FORBIDDEN);
            }
        }
    }
}
