package com.lyms.cm.shiro;

import java.util.HashSet;
import java.util.List;

import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

import com.lyms.base.common.entity.user.Users;
import com.lyms.base.common.enums.StatusEnum;
import com.lyms.base.common.service.role.PermissionsService;
import com.lyms.base.common.service.user.UsersService;
import com.lyms.shiro.ShiroWebUtils;
import com.lyms.util.CollectionUtils;
import com.lyms.util.MD5Utils;
import com.lyms.util.StrUtils;

/**
 * <li>@ClassName: ShiroRealm
 * <li>@Description: 自定义Realm授权与验证实现
 * <li>@author 方承
 * <li>@date 2015年12月29日
 * <li>
 */
public class ShiroRealm extends AuthorizingRealm {

	@SuppressWarnings("unused")
	private static Logger logger = LoggerFactory.getLogger(ShiroRealm.class);

	public ShiroRealm() {
		super(new AllowAllCredentialsMatcher());
		setAuthenticationTokenClass(UsernamePasswordToken.class);
		// FIXME: 暂时禁用Cache
		setCachingEnabled(false);
	}

	@Autowired
	private UsersService sysUsersService;

	private PermissionsService sysPermissionsService;

	// @Autowired
	// private ResourceService resourceService;

	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		String username = (String) principals.getPrimaryPrincipal();
		Users user = sysUsersService.getUserByUsername(username);
		// 授权
		SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
		List<String> roleIdList = sysUsersService.getRoleIdListByUserid(user.getId());
		if (CollectionUtils.isNotEmpty(roleIdList)) {
			authorizationInfo.setRoles(new HashSet<String>(roleIdList));
		}
		authorizationInfo.setStringPermissions(sysPermissionsService.getUserPermissionSet(user.getId(),"1"));
		return authorizationInfo;
	}

	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
			throws AuthenticationException {
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		String username = token.getUsername();
		Users user = sysUsersService.getUserByUsername(username);
		if (StatusEnum.isDisEnabled(user.getEnable())) {
			throw new AccountException("用户已经被禁用，请联系管理员！");
		}
		StringBuilder pwd = new StringBuilder(100);
		for (int i = 0; i < token.getPassword().length; i++) {
			pwd.append(token.getPassword()[i]);
		}
		if (!StrUtils.equals(user.getPwd(), MD5Utils.md5(pwd.toString()))) {
			throw new AccountException("用户名密码不一致");
		}
		ShiroWebUtils.saveCurrentUser(user);
		AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(username, pwd.toString(), username);
		return authcInfo;
		// User user = userService.getUserByUserName(username);
		// if (user == null) {
		// throw new UnknownAccountException("未知用户");
		// }
		// StringBuilder pwd = new StringBuilder(100);
		// for (int i = 0; i < token.getPassword().length; i++) {
		// pwd.append(token.getPassword()[i]);
		// }
		// if (!StrUtils.equals(user.getPassword(),
		// HashUtils.md5(pwd.toString()))) {
		// throw new AccountException("用户名密码不一致");
		// }
		// ShiroWebUtils.saveCurrentUser(user);
		// AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(username,
		// pwd.toString(), username);
		// return authcInfo;
	}

}