package no.fintlabs.securityconfig;

import no.fintlabs.opa.OpaAuthorizationManager;
import no.vigoiks.resourceserver.security.FintJwtUserConverter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;

@Configuration
@EnableWebFluxSecurity
/* loaded from: input_file:no/fintlabs/securityconfig/FintKontrollSecurityConfig.class */
public class FintKontrollSecurityConfig {

    @Autowired
    private OpaAuthorizationManager opaAuthorizationManager;

    @Bean
    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity serverHttpSecurity) {
        serverHttpSecurity.authorizeExchange(authorizeExchangeSpec -> {
            ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) authorizeExchangeSpec.pathMatchers(new String[]{"/**"})).access(this.opaAuthorizationManager).anyExchange().authenticated();
        }).oauth2ResourceServer(oAuth2ResourceServerSpec -> {
            oAuth2ResourceServerSpec.jwt(jwtSpec -> {
                jwtSpec.jwtAuthenticationConverter(new FintJwtUserConverter());
            });
        });
        return serverHttpSecurity.build();
    }
}
