package weblogic.rmi.provider;

import java.security.AccessController;
import weblogic.iiop.Utils;
import weblogic.kernel.KernelStatus;
import weblogic.management.mbeanservers.edit.Change;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.AuthorizationManager;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.service.WorkContextResource;
import weblogic.security.subject.AbstractSubject;
import weblogic.security.subject.SubjectManager;
import weblogic.utils.StringUtils;
import weblogic.workarea.WorkContextMap;

/* loaded from: input_file:weblogic/rmi/provider/WorkContextAccessController.class */
public class WorkContextAccessController extends weblogic.workarea.spi.WorkContextAccessController {
    private static final String CONTEXT_DELIMITER = ".";
    private static final String[] ACTION_MAP = {"create", Utils.READ_METHOD, Change.MODIFY, "delete"};
    private static AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(SubjectManager.getKernelIdentityAction());

    public static void initialize() {
        new WorkContextAccessController();
    }

    protected WorkContextAccessController() {
    }

    @Override // weblogic.workarea.spi.WorkContextAccessController
    protected boolean checkAccess(String str, int i) {
        AbstractSubject currentSubject;
        if (i >= ACTION_MAP.length) {
            throw new IllegalArgumentException("Invalid action: " + i);
        }
        if (KernelStatus.isServer() && (currentSubject = SubjectManager.getSubjectManager().getCurrentSubject(kernelId)) != kernelId) {
            return ((AuthorizationManager) SecurityServiceManager.getSecurityService(kernelId, SecurityServiceManager.defaultRealmName, SecurityService.ServiceType.AUTHORIZE)).isAccessAllowed((AuthenticatedSubject) currentSubject, new WorkContextResource(StringUtils.splitCompletely(str, "."), ACTION_MAP[i]), null);
        }
        return true;
    }

    @Override // weblogic.workarea.spi.WorkContextAccessController
    protected WorkContextMap getPriviledgedWrapper(WorkContextMap workContextMap) {
        return new PriviledgedWorkContextMap(workContextMap);
    }
}
