package com.imcode.imcms.servlet;

import com.imcode.imcms.util.l10n.LocalizedMessage;
import imcode.server.Imcms;
import imcode.server.ImcmsServices;
import imcode.server.user.UserDomainObject;
import imcode.util.Utility;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/imcode/imcms/servlet/ImcmsMultipleUserLoginFilter.class */
public class ImcmsMultipleUserLoginFilter implements Filter {
    public static final String TOO_MANY_SESSIONS = "TooManySessions";
    public static final LocalizedMessage LOGIN_MSG_TOO_MANY_SESSIONS = new LocalizedMessage("templates/login/TooManySessions");

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        servletRequest.setCharacterEncoding("UTF-8");
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession();
        ImcmsServices services = Imcms.getServices();
        UserDomainObject loggedOnUser = Utility.getLoggedOnUser(httpServletRequest);
        if (loggedOnUser != null && !loggedOnUser.isDefaultUser() && services.getConfig().isDenyMultipleUserLogin()) {
            String id = session.getId();
            String userSessionId = services.getImcmsAuthenticatorAndUserAndRoleMapper().getUserSessionId(loggedOnUser);
            if (userSessionId != null && !userSessionId.equals(id)) {
                session.invalidate();
                httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/login?" + TOO_MANY_SESSIONS);
                return;
            }
        }
        if (httpServletRequest.getParameter(TOO_MANY_SESSIONS) != null) {
            httpServletRequest.setAttribute(VerifyUser.REQUEST_ATTRIBUTE__ERROR, LOGIN_MSG_TOO_MANY_SESSIONS);
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}
