package no.fintlabs.securityconfig;

import no.fintlabs.opa.KontrollAuthorizationManager;
import no.fintlabs.util.JwtUserConverter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:no/fintlabs/securityconfig/FintKontrollSecurityConfig.class */
public class FintKontrollSecurityConfig {

    @Autowired
    private KontrollAuthorizationManager kontrollAuthorizationManager;

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new String[]{"/swagger-ui/**", "/swagger-ui**", "/api/api-docs/**", "/api/api-docs**", "/api/accessmanagement/v1/opabundle**"})).permitAll().anyRequest()).access(this.kontrollAuthorizationManager);
        }).oauth2ResourceServer(oAuth2ResourceServerConfigurer -> {
            oAuth2ResourceServerConfigurer.jwt(jwtConfigurer -> {
                jwtConfigurer.jwtAuthenticationConverter(new JwtUserConverter());
            });
        });
        return (SecurityFilterChain) httpSecurity.build();
    }
}
