package com.lyms.cm.shiro;

import java.util.Arrays;
import java.util.HashSet;

import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

import com.lyms.cm.entity.sys.User;
import com.lyms.cm.service.sys.ResourceService;
import com.lyms.cm.service.sys.UserService;
import com.lyms.shiro.HashUtils;
import com.lyms.shiro.ShiroWebUtils;
import com.lyms.util.StrUtils;

/**
 * <li>@ClassName: ShiroRealm
 * <li>@Description: 自定义Realm授权与验证实现
 * <li>@author 方承
 * <li>@date 2015年12月29日
 * <li>
 */
public class ShiroRealm extends AuthorizingRealm {

	@SuppressWarnings("unused")
	private static Logger logger = LoggerFactory.getLogger(ShiroRealm.class);
	
	
	public ShiroRealm() {
        super(new AllowAllCredentialsMatcher());
        setAuthenticationTokenClass(UsernamePasswordToken.class);
        //FIXME: 暂时禁用Cache
        setCachingEnabled(false);
    }

	@Autowired
	private UserService userService;

	@Autowired
	private ResourceService resourceService;

	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		String username = (String) principals.getPrimaryPrincipal();
		User user = userService.getUserByUserName(username);
		// 授权
		SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
		if(StrUtils.isNotEmpty(user.getRoles())){
			authorizationInfo.setRoles(new HashSet<String>(Arrays.asList(user.getRoles().split(","))));
		}
		authorizationInfo.setStringPermissions(resourceService.getResourcePermissionSet(userService.getUserResourceIdSet(user)));
		return authorizationInfo;
	}

	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		String username = token.getUsername();
		User user = userService.getUserByUserName(username);
		if (user == null) {
			throw new UnknownAccountException("未知用户");
		}
		StringBuilder pwd = new StringBuilder(100);
		for (int i = 0; i < token.getPassword().length; i++) {
			pwd.append(token.getPassword()[i]);
		}
		if (!StrUtils.equals(user.getPassword(), HashUtils.md5(pwd.toString()))) {
			throw new AccountException("用户名密码不一致");
		}
		ShiroWebUtils.saveCurrentUser(user);
		AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(username, pwd.toString(), username);
		return authcInfo;
	}

}