package com.atlassian.confluence.xwork;

import com.atlassian.confluence.macro.browser.beans.MacroParameter;
import com.atlassian.confluence.setup.webwork.AbstractAwareInterceptor;
import com.atlassian.confluence.xwork.http.HttpMethodRequired;
import com.atlassian.xwork.HttpMethod;
import com.google.common.annotations.VisibleForTesting;
import com.opensymphony.webwork.ServletActionContext;
import com.opensymphony.xwork.ActionInvocation;
import com.opensymphony.xwork.config.entities.ActionConfig;
import java.lang.reflect.Method;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/atlassian/confluence/xwork/HttpMethodValidationInterceptor.class */
public class HttpMethodValidationInterceptor extends AbstractAwareInterceptor {
    static final String HTTP_METHOD_NOT_ALLOWED = "httpmethodnotallowed";

    @Override // com.atlassian.confluence.setup.webwork.AbstractAwareInterceptor
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        HttpServletRequest request = ServletActionContext.getRequest();
        Class<?> cls = actionInvocation.getAction().getClass();
        ActionConfig config = actionInvocation.getProxy().getConfig();
        try {
            Method actionMethod = WebWorkActionHelper.getActionMethod(cls, config.getMethodName());
            if (actionMethod.isAnnotationPresent(HttpMethodRequired.class)) {
                HttpMethod[] value = ((HttpMethodRequired) actionMethod.getAnnotation(HttpMethodRequired.class)).value();
                if (!isHttpMethodAllowed(request.getMethod(), value)) {
                    ServletActionContext.getResponse().setHeader("Allow", StringUtils.join(value, MacroParameter.DELIMITER_DEFAULT));
                    return HTTP_METHOD_NOT_ALLOWED;
                }
            }
            return actionInvocation.invoke();
        } catch (NoSuchMethodException e) {
            throw new RuntimeException("action method [ " + config.getMethodName() + " ] not found on [ " + actionInvocation.getAction().getClass().getName() + " ]", e);
        }
    }

    @VisibleForTesting
    static boolean isHttpMethodAllowed(String str, HttpMethod... httpMethodArr) {
        for (HttpMethod httpMethod : httpMethodArr) {
            if (httpMethod.matches(str)) {
                return true;
            }
        }
        return false;
    }
}
