package com.adobe.granite.security.user.internal.servlets;

import com.adobe.granite.security.user.UserManagementService;
import com.adobe.granite.security.user.UserPropertiesManager;
import com.adobe.granite.security.user.UserPropertiesService;
import com.adobe.granite.security.user.util.AuthorizableJSONWriter;
import com.adobe.granite.security.user.util.PropConstants;
import com.adobe.granite.xss.XSSFilter;
import com.day.cq.i18n.I18n;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.LoginException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.servlet.ServletException;
import org.apache.commons.collections.IteratorUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.util.Text;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.request.RequestParameter;
import org.apache.sling.api.request.RequestParameterMap;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.servlets.HtmlResponse;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.io.JSONWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(metatype = false)
@Properties({@Property(name = "sling.servlet.paths", value = {"rep/User/rw.json.GET.servlet", "rep/Group/rw.json.GET.servlet", "rep/SystemUser/rw.json.GET.servlet", "/libs/granite/security/currentuser.json", "rep/User/rw.html.POST.servlet", "rep/Group/rw.html.POST.servlet", "rep/SystemUser/rw.html.POST.servlet", "/libs/granite/security/post/authorizables"})})
/* loaded from: input_file:com/adobe/granite/security/user/internal/servlets/AuthorizableServlet.class */
public class AuthorizableServlet extends AbstractServlet {
    private static final String PARAM_DELETE = "deleteAuthorizable";
    private static final String PARAM_CREATE_USER = "createUser";
    private static final String PARAM_CREATE_GROUP = "createGroup";
    private static final int ACTION_CREATE_USER = 1;
    private static final int ACTION_CREATE_GROUP = 2;
    private static final int ACTION_DELETE = 4;
    private static final int ACTION_EDIT = 8;
    private static final String PARAM_AUTHORIZABLE_ID = "authorizableId";
    private static final String PARAM_PASSWORD = "rep:password";
    private static final String PARAM_CURRENT_PASSWORD = ":currentPassword";
    private static final String PARAM_PRINCIPAL_NAME = "rep:principalName";
    private static final String PARAM_INTERMEDIATE_PATH = "intermediatePath";
    private static final String PARAM_DISABLE = "disableUser";
    private static final String PARAM_ADD_IMPERSONATORS = "addImpersonators";
    private static final String PARAM_REMOVE_IMPERSONATORS = "removeImpersonators";
    private static final String PARAM_ADD_MEMBERS = "addMembers";
    private static final String PARAM_REMOVE_MEMBERS = "removeMembers";
    private static final String PARAM_COPY_MEMBERS_FROM_GROUP = "copyFromGroup";
    private static final String PARAM_MEMBERSHIP = "membership";
    private static final String PARAM_NAMED = "named";
    private static final String PROP_LASTMODIFIED = "cq:lastModified";
    private static final String PROP_LASTMODIFIEDBY = "cq:lastModifiedBy";

    @Reference
    private UserPropertiesService upService;

    @Reference
    private UserManagementService umService;

    @Reference
    private XSSFilter xss;
    private static final Logger log = LoggerFactory.getLogger(AuthorizableServlet.class);
    private static final Set<String> RESERVED = new HashSet();

    /* JADX WARN: Finally extract failed */
    protected void doGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        HtmlResponse htmlResponse = null;
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        Authorizable authorizable = (Authorizable) slingHttpServletRequest.getResource().adaptTo(Authorizable.class);
        if (authorizable == null) {
            authorizable = (Authorizable) resourceResolver.adaptTo(Authorizable.class);
        }
        try {
            try {
                if (authorizable != null) {
                    Session session = (Session) resourceResolver.adaptTo(Session.class);
                    UserPropertiesManager createUserPropertiesManager = this.upService.createUserPropertiesManager(session, resourceResolver);
                    RequestParameterMap requestParameterMap = slingHttpServletRequest.getRequestParameterMap();
                    Set<String> props = getProps(requestParameterMap);
                    setJsonResponseHeader(slingHttpServletResponse);
                    JSONWriter jSONWriter = new JSONWriter(slingHttpServletResponse.getWriter());
                    AuthorizableJSONWriter authorizableJSONWriter = new AuthorizableJSONWriter(createUserPropertiesManager, resourceResolver, session, props, this.xss);
                    authorizableJSONWriter.setLimit(PropConstants.MEMBERS, getNonNegativeValue(requestParameterMap, "ml", -1L));
                    authorizableJSONWriter.setLimit(PropConstants.OFFSET, getNonNegativeValue(requestParameterMap, PropConstants.OFFSET, -1L));
                    authorizableJSONWriter.setFilterPredicates(slingHttpServletRequest.getParameterValues(PARAM_NAMED));
                    authorizableJSONWriter.write(jSONWriter, authorizable);
                } else {
                    String path = slingHttpServletRequest.getResource().getPath();
                    log.debug("No valid authorizable at path: {}", path);
                    htmlResponse = createErrorResponse(404, "No valid authorizable at path: " + path);
                }
                if (htmlResponse != null) {
                    htmlResponse.send(slingHttpServletResponse, true);
                }
            } catch (JSONException | RepositoryException e) {
                log.error("Error while processing AuthorizableServlet GET: {}", htmlResponse.getStatusMessage());
                HtmlResponse createErrorResponse = createErrorResponse(e);
                if (createErrorResponse != null) {
                    createErrorResponse.send(slingHttpServletResponse, true);
                }
            }
        } catch (Throwable th) {
            if (htmlResponse != null) {
                htmlResponse.send(slingHttpServletResponse, true);
            }
            throw th;
        }
    }

    protected void doPost(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        I18n i18n = new I18n(slingHttpServletRequest);
        HtmlResponse htmlResponse = null;
        boolean z = false;
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        Session session = (Session) resourceResolver.adaptTo(Session.class);
        UserManager userManager = (UserManager) resourceResolver.adaptTo(UserManager.class);
        Authorizable authorizable = (Authorizable) slingHttpServletRequest.getResource().adaptTo(Authorizable.class);
        try {
            try {
                try {
                    try {
                        try {
                            if (userManager.isAutoSave()) {
                                userManager.autoSave(false);
                                z = ACTION_CREATE_USER;
                            }
                            RequestParameterMap requestParameterMap = slingHttpServletRequest.getRequestParameterMap();
                            int action = getAction(requestParameterMap);
                            auditAuthorizableAction(resourceResolver, requestParameterMap, action, authorizable);
                            HtmlResponse htmlResponse2 = new HtmlResponse();
                            if (action == ACTION_DELETE) {
                                if (authorizable == null) {
                                    htmlResponse = createErrorResponse(404, "No valid authorizable at " + slingHttpServletRequest.getResource().getPath());
                                } else {
                                    htmlResponse2.setPath(authorizable.getPath());
                                    authorizable.remove();
                                }
                            } else if (action == ACTION_CREATE_USER || action == ACTION_CREATE_GROUP) {
                                Authorizable create = create(requestParameterMap, userManager, this.upService.createUserPropertiesManager(resourceResolver), action == ACTION_CREATE_GROUP);
                                if (create == null) {
                                    htmlResponse = createErrorResponse(400, "Incomplete request, failed to create user/group.");
                                } else {
                                    htmlResponse2.setCreateRequest(true);
                                    htmlResponse2.setPath(create.getPath());
                                    update(create, requestParameterMap, userManager, session);
                                }
                            } else if (authorizable == null) {
                                htmlResponse = createErrorResponse(404, "No valid authorizable at " + slingHttpServletRequest.getResource().getPath());
                            } else {
                                htmlResponse2.setPath(authorizable.getPath());
                                update(authorizable, requestParameterMap, userManager, session);
                            }
                            if (htmlResponse == null) {
                                session.save();
                                htmlResponse2.send(slingHttpServletResponse, true);
                            }
                        } catch (AuthorizableExistsException e) {
                            log.debug(e.getMessage(), e);
                            HtmlResponse createErrorResponse = createErrorResponse(409, i18n.get("Authorizable already exists"));
                            if (z) {
                                try {
                                    userManager.autoSave(true);
                                } catch (RepositoryException e2) {
                                    log.debug("Cannot revert autosave mode of user manager", e2.getMessage());
                                }
                            }
                            if (createErrorResponse != null) {
                                try {
                                    session.refresh(false);
                                } catch (RepositoryException e3) {
                                    log.warn("Cannot revert transient modifications.", e3.getMessage());
                                }
                                createErrorResponse.send(slingHttpServletResponse, true);
                            }
                        }
                    } catch (ConstraintViolationException e4) {
                        log.debug(e4.getMessage(), e4);
                        HtmlResponse createErrorResponse2 = createErrorResponse(409, e4.getMessage());
                        if (z) {
                            try {
                                userManager.autoSave(true);
                            } catch (RepositoryException e5) {
                                log.debug("Cannot revert autosave mode of user manager", e5.getMessage());
                            }
                        }
                        if (createErrorResponse2 != null) {
                            try {
                                session.refresh(false);
                            } catch (RepositoryException e6) {
                                log.warn("Cannot revert transient modifications.", e6.getMessage());
                            }
                            createErrorResponse2.send(slingHttpServletResponse, true);
                        }
                    }
                } catch (Exception e7) {
                    log.error("Error while processing AuthorizableServlet POST: {}", e7.getMessage(), e7);
                    HtmlResponse createErrorResponse3 = createErrorResponse(e7);
                    if (z) {
                        try {
                            userManager.autoSave(true);
                        } catch (RepositoryException e8) {
                            log.debug("Cannot revert autosave mode of user manager", e8.getMessage());
                        }
                    }
                    if (createErrorResponse3 != null) {
                        try {
                            session.refresh(false);
                        } catch (RepositoryException e9) {
                            log.warn("Cannot revert transient modifications.", e9.getMessage());
                        }
                        createErrorResponse3.send(slingHttpServletResponse, true);
                    }
                }
            } finally {
                if (z) {
                    try {
                        userManager.autoSave(true);
                    } catch (RepositoryException e10) {
                        log.debug("Cannot revert autosave mode of user manager", e10.getMessage());
                    }
                }
                if (htmlResponse != null) {
                    try {
                        session.refresh(false);
                    } catch (RepositoryException e11) {
                        log.warn("Cannot revert transient modifications.", e11.getMessage());
                    }
                    htmlResponse.send(slingHttpServletResponse, true);
                }
            }
        } catch (LoginException | AccessDeniedException e12) {
            log.debug(e12.getMessage(), e12);
            HtmlResponse createErrorResponse4 = createErrorResponse(403, i18n.get(e12.getMessage()));
            if (z) {
                try {
                    userManager.autoSave(true);
                } catch (RepositoryException e13) {
                    log.debug("Cannot revert autosave mode of user manager", e13.getMessage());
                }
            }
            if (createErrorResponse4 != null) {
                try {
                    session.refresh(false);
                } catch (RepositoryException e14) {
                    log.warn("Cannot revert transient modifications.", e14.getMessage());
                }
                createErrorResponse4.send(slingHttpServletResponse, true);
            }
        }
    }

    private static Authorizable create(RequestParameterMap requestParameterMap, UserManager userManager, UserPropertiesManager userPropertiesManager, boolean z) throws RepositoryException {
        Group group = null;
        if (requestParameterMap.containsKey("authorizableId")) {
            String str = null;
            if (requestParameterMap.containsKey("authorizableId")) {
                str = requestParameterMap.getValue("authorizableId").getString();
            }
            final String string = requestParameterMap.containsKey(PARAM_PRINCIPAL_NAME) ? requestParameterMap.getValue(PARAM_PRINCIPAL_NAME).getString() : str;
            Principal principal = new Principal() { // from class: com.adobe.granite.security.user.internal.servlets.AuthorizableServlet.1
                @Override // java.security.Principal
                public String getName() {
                    return string;
                }
            };
            String str2 = null;
            if (requestParameterMap.containsKey(PARAM_INTERMEDIATE_PATH)) {
                str2 = requestParameterMap.getValue(PARAM_INTERMEDIATE_PATH).getString();
            }
            if (z) {
                group = userManager.createGroup(str, principal, str2);
            } else {
                RequestParameter value = requestParameterMap.getValue(PARAM_PASSWORD);
                group = userManager.createUser(str, value == null ? null : (String) StringUtils.defaultIfEmpty(value.getString(), (CharSequence) null), principal, str2);
                userPropertiesManager.createUserProperties(str, UserPropertiesService.PROFILE_PATH);
                userPropertiesManager.createUserProperties(str, UserPropertiesService.PUBLIC_PROFILE);
            }
        } else {
            log.debug("Missing parameter {} : Cannot create new user/group", "authorizableId");
        }
        return group;
    }

    private static void update(Authorizable authorizable, RequestParameterMap requestParameterMap, UserManager userManager, Session session) throws RepositoryException, IOException {
        if (authorizable.isGroup()) {
            Group group = (Group) authorizable;
            if (requestParameterMap.containsKey(PARAM_COPY_MEMBERS_FROM_GROUP)) {
                copyMembers(group, requestParameterMap.getValue(PARAM_COPY_MEMBERS_FROM_GROUP), userManager);
            }
            if (requestParameterMap.containsKey(PARAM_ADD_MEMBERS)) {
                editMembers(group, requestParameterMap.getValues(PARAM_ADD_MEMBERS), userManager, false);
            }
            if (requestParameterMap.containsKey(PARAM_REMOVE_MEMBERS)) {
                editMembers(group, requestParameterMap.getValues(PARAM_REMOVE_MEMBERS), userManager, true);
            }
        } else {
            User user = (User) authorizable;
            if (requestParameterMap.containsKey(PARAM_PASSWORD) && getAction(requestParameterMap) != ACTION_CREATE_USER) {
                String string = requestParameterMap.getValue(PARAM_PASSWORD).getString();
                String string2 = requestParameterMap.containsKey(PARAM_CURRENT_PASSWORD) ? requestParameterMap.getValue(PARAM_CURRENT_PASSWORD).getString() : "";
                if (!"".equals(string)) {
                    if (user.getID().equals(session.getUserID())) {
                        user.changePassword(string, string2);
                    } else {
                        Session session2 = null;
                        try {
                            session2 = session.getRepository().login(new SimpleCredentials(session.getUserID(), string2.toCharArray()));
                            user.changePassword(string);
                            if (session2 != null) {
                                session2.logout();
                            }
                        } catch (Throwable th) {
                            if (session2 != null) {
                                session2.logout();
                            }
                            throw th;
                        }
                    }
                }
            }
            if (requestParameterMap.containsKey(PARAM_ADD_IMPERSONATORS)) {
                editImpersonation(user, requestParameterMap.getValues(PARAM_ADD_IMPERSONATORS), session, false);
            }
            if (requestParameterMap.containsKey(PARAM_REMOVE_IMPERSONATORS)) {
                editImpersonation(user, requestParameterMap.getValues(PARAM_REMOVE_IMPERSONATORS), session, true);
            }
            if (requestParameterMap.containsKey(PARAM_DISABLE)) {
                String stringValue = getStringValue(requestParameterMap, PARAM_DISABLE, null);
                if ("".equals(stringValue)) {
                    stringValue = null;
                }
                user.disable(stringValue);
            }
        }
        if (requestParameterMap.containsKey(PARAM_MEMBERSHIP)) {
            editMembership(authorizable, requestParameterMap.getValues(PARAM_MEMBERSHIP), userManager);
        }
        ValueFactory valueFactory = session.getValueFactory();
        for (String str : requestParameterMap.keySet()) {
            if (!isReservedParameter(str, RESERVED)) {
                RequestParameter[] values = requestParameterMap.getValues(str);
                ArrayList arrayList = new ArrayList(values.length);
                for (int i = 0; i < values.length; i += ACTION_CREATE_USER) {
                    if (values[i].isFormField()) {
                        String string3 = values[i].getString();
                        if (string3 != null && string3.length() > 0) {
                            arrayList.add(valueFactory.createValue(string3));
                        }
                    } else {
                        arrayList.add(valueFactory.createValue(values[i].getInputStream()));
                    }
                }
                switch (arrayList.size()) {
                    case 0:
                        authorizable.removeProperty(str);
                        break;
                    case ACTION_CREATE_USER /* 1 */:
                        authorizable.setProperty(str, (Value) arrayList.get(0));
                        break;
                    default:
                        authorizable.setProperty(str, (Value[]) arrayList.toArray(new Value[arrayList.size()]));
                        break;
                }
            }
        }
        Calendar calendar = Calendar.getInstance();
        if (session.hasPermission(authorizable.getPath(), "set_property")) {
            authorizable.setProperty("{http://www.jcp.org/jcr/1.0}lastModified", valueFactory.createValue(calendar));
            authorizable.setProperty("{http://www.jcp.org/jcr/1.0}lastModifiedBy", valueFactory.createValue(session.getUserID()));
            authorizable.setProperty(PROP_LASTMODIFIED, valueFactory.createValue(calendar));
            authorizable.setProperty(PROP_LASTMODIFIEDBY, valueFactory.createValue(session.getUserID()));
        }
    }

    private static int getAction(RequestParameterMap requestParameterMap) {
        return requestParameterMap.containsKey(PARAM_DELETE) ? ACTION_DELETE : requestParameterMap.containsKey(PARAM_CREATE_USER) ? ACTION_CREATE_USER : requestParameterMap.containsKey(PARAM_CREATE_GROUP) ? ACTION_CREATE_GROUP : ACTION_EDIT;
    }

    private static void editImpersonation(User user, RequestParameter[] requestParameterArr, Session session, boolean z) throws RepositoryException {
        PrincipalManager principalManager = getPrincipalManager(session);
        if (principalManager == null) {
            throw new RepositoryException("Cannot grant impersonation: PrincipalManager not available.");
        }
        Impersonation impersonation = user.getImpersonation();
        int length = requestParameterArr.length;
        for (int i = 0; i < length; i += ACTION_CREATE_USER) {
            String unescape = Text.unescape(requestParameterArr[i].getString());
            Principal principal = principalManager.getPrincipal(unescape);
            if (principal == null) {
                throw new RepositoryException("Cannot grant impersonation: Invalid principalName " + unescape);
            }
            if (z) {
                impersonation.revokeImpersonation(principal);
            } else {
                impersonation.grantImpersonation(principal);
            }
        }
    }

    private static void copyMembers(Group group, RequestParameter requestParameter, UserManager userManager) throws RepositoryException {
        Group authorizable = userManager.getAuthorizable(Text.unescape(requestParameter.getString()));
        if (authorizable == null || !authorizable.isGroup()) {
            return;
        }
        Iterator declaredMembers = authorizable.getDeclaredMembers();
        while (declaredMembers.hasNext()) {
            group.addMember((Authorizable) declaredMembers.next());
        }
    }

    private static void editMembers(Group group, RequestParameter[] requestParameterArr, UserManager userManager, boolean z) throws RepositoryException {
        int length = requestParameterArr.length;
        for (int i = 0; i < length; i += ACTION_CREATE_USER) {
            String unescape = Text.unescape(requestParameterArr[i].getString());
            Authorizable authorizable = userManager.getAuthorizable(unescape);
            if (authorizable == null) {
                throw new RepositoryException("Attempt to add/remove non-existing member " + unescape + " to group + " + group.getID() + ".");
            }
            if (!(z ? group.removeMember(authorizable) : group.addMember(authorizable))) {
                log.warn(String.format(z ? "Failed to remove member '%s' from '%s'" : "Failed to add member '%s' to '%s'", unescape, group.getID()));
            }
        }
    }

    private static void editMembership(Authorizable authorizable, RequestParameter[] requestParameterArr, UserManager userManager) throws RepositoryException {
        List<Group> list = IteratorUtils.toList(authorizable.declaredMemberOf());
        int length = requestParameterArr.length;
        for (int i = 0; i < length; i += ACTION_CREATE_USER) {
            String unescape = Text.unescape(requestParameterArr[i].getString());
            Group authorizable2 = userManager.getAuthorizable(unescape);
            if (authorizable2 == null || !authorizable2.isGroup()) {
                throw new RepositoryException("Cannot edit membership: No valid group found for " + unescape);
            }
            Group group = authorizable2;
            if (!list.remove(group) && !group.addMember(authorizable)) {
                throw new RepositoryException("Cannot add '" + authorizable.getID() + " as member of " + unescape);
            }
        }
        for (Group group2 : list) {
            if (!group2.removeMember(authorizable)) {
                throw new RepositoryException("Cannot remove '" + authorizable.getID() + "' from group " + group2.getID());
            }
        }
    }

    private static PrincipalManager getPrincipalManager(Session session) throws RepositoryException {
        if (session instanceof JackrabbitSession) {
            return ((JackrabbitSession) session).getPrincipalManager();
        }
        return null;
    }

    private void auditAuthorizableAction(ResourceResolver resourceResolver, RequestParameterMap requestParameterMap, int i, Authorizable authorizable) throws RepositoryException {
        User user = (User) resourceResolver.adaptTo(User.class);
        String obj = user != null ? user.toString() : this.umService.getAnonymousId();
        String str = Boolean.valueOf(user != null ? user.isAdmin() : false).booleanValue() ? "administrator" : "not administrator";
        String actionName = getActionName(requestParameterMap, i, authorizable != null ? authorizable.isGroup() : false);
        String string = requestParameterMap.containsKey("authorizableId") ? requestParameterMap.getValue("authorizableId").getString() : "";
        if ((string == null || string.length() == 0) && authorizable != null) {
            string = authorizable.getID();
        }
        log.info("{} '{}' operation initiated by {} ({})", new Object[]{actionName, string, obj, str});
    }

    private static String getActionName(RequestParameterMap requestParameterMap, int i, boolean z) {
        switch (i) {
            case ACTION_CREATE_USER /* 1 */:
                return "Create User";
            case ACTION_CREATE_GROUP /* 2 */:
                return "Create Group";
            case 3:
            case 5:
            case 6:
            case 7:
            default:
                return "";
            case ACTION_DELETE /* 4 */:
                return z ? "Delete Group" : "Delete User";
            case ACTION_EDIT /* 8 */:
                return !z ? requestParameterMap.containsKey(PARAM_PASSWORD) ? "Password Change for User" : "Edit User" : "Edit Membership for Group";
        }
    }

    static {
        RESERVED.add(PARAM_CREATE_USER);
        RESERVED.add(PARAM_CREATE_GROUP);
        RESERVED.add("authorizableId");
        RESERVED.add(PARAM_PASSWORD);
        RESERVED.add(PARAM_PRINCIPAL_NAME);
        RESERVED.add(PARAM_INTERMEDIATE_PATH);
        RESERVED.add(PARAM_DISABLE);
        RESERVED.add(PARAM_ADD_IMPERSONATORS);
        RESERVED.add(PARAM_REMOVE_IMPERSONATORS);
        RESERVED.add(PARAM_ADD_MEMBERS);
        RESERVED.add(PARAM_REMOVE_MEMBERS);
        RESERVED.add(PARAM_MEMBERSHIP);
        RESERVED.add(PARAM_NAMED);
        RESERVED.add("_charset_");
    }

    protected void bindUpService(UserPropertiesService userPropertiesService) {
        this.upService = userPropertiesService;
    }

    protected void unbindUpService(UserPropertiesService userPropertiesService) {
        if (this.upService == userPropertiesService) {
            this.upService = null;
        }
    }

    protected void bindUmService(UserManagementService userManagementService) {
        this.umService = userManagementService;
    }

    protected void unbindUmService(UserManagementService userManagementService) {
        if (this.umService == userManagementService) {
            this.umService = null;
        }
    }

    protected void bindXss(XSSFilter xSSFilter) {
        this.xss = xSSFilter;
    }

    protected void unbindXss(XSSFilter xSSFilter) {
        if (this.xss == xSSFilter) {
            this.xss = null;
        }
    }
}
