package io.druid.server.http.security;

import com.google.inject.Inject;
import com.sun.jersey.spi.container.ContainerRequest;
import io.druid.server.security.Access;
import io.druid.server.security.AuthorizationUtils;
import io.druid.server.security.AuthorizerMapper;
import io.druid.server.security.ForbiddenException;
import io.druid.server.security.Resource;
import io.druid.server.security.ResourceAction;
import io.druid.server.security.ResourceType;

/* loaded from: input_file:io/druid/server/http/security/StateResourceFilter.class */
public class StateResourceFilter extends AbstractResourceFilter {
    @Inject
    public StateResourceFilter(AuthorizerMapper authorizerMapper) {
        super(authorizerMapper);
    }

    public ContainerRequest filter(ContainerRequest containerRequest) {
        Access authorizeResourceAction = AuthorizationUtils.authorizeResourceAction(getReq(), new ResourceAction(new Resource("STATE", ResourceType.STATE), getAction(containerRequest)), getAuthorizerMapper());
        if (authorizeResourceAction.isAllowed()) {
            return containerRequest;
        }
        throw new ForbiddenException(authorizeResourceAction.toString());
    }

    @Override // io.druid.server.http.security.AbstractResourceFilter
    public boolean isApplicable(String str) {
        return str.startsWith("druid/broker/v1") || str.startsWith("druid/coordinator/v1") || str.startsWith("druid/historical/v1") || str.startsWith("druid/indexer/v1") || str.startsWith("druid/coordinator/v1/rules") || str.startsWith("druid/coordinator/v1/tiers") || str.startsWith("druid/worker/v1") || str.startsWith("druid/coordinator/v1/servers") || str.startsWith("druid/v2") || str.startsWith("status");
    }
}
