package com.jty.wsxt.infrastructure.config;

import com.jty.wsxt.infrastructure.code.ValidateCodeSecurityConfig;
import com.jty.wsxt.infrastructure.security.CustomAuthenticationFilter;
import com.jty.wsxt.infrastructure.security.CustomTokenFilter;
import com.jty.wsxt.infrastructure.security.embed.EmbedAuthenticationConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * 资源服务器启动配置类
 *
 * @author Jason
 * @since 2018/12/14 10:04
 */
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceConfigurer extends ResourceServerConfigurerAdapter {

    @Autowired
    protected AuthenticationSuccessHandler jtyAuthenticationSuccessHandler;
    @Autowired
    protected AuthenticationFailureHandler jtyAuthenticationFailureHandler;
    @Autowired
    private AuthenticationManager authenticationManager;
    @Autowired
    private ValidateCodeSecurityConfig validateCodeSecurityConfig;
    @Autowired
    private CustomTokenFilter customTokenFilter;
    @Autowired
    private EmbedAuthenticationConfig embedAuthenticationConfig;


    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf()
                .disable()
                .formLogin()
                .loginPage("/authentication/require")
                .loginProcessingUrl("/authentication/form")
                .successHandler(jtyAuthenticationSuccessHandler)
                .failureHandler(jtyAuthenticationFailureHandler)
                .and()
                .authorizeRequests()
                .antMatchers("/authentication/require", "/api/developer", "/code/**","/api/developer/password-reset","/authentication/api","/authentication/token","/api/apply","/srb/school-configs/loginByDomain","/forget/password","/srb/commons/code/verify","/srb/teachers/register","/check-user-exist/{phone}","/add","/client/{clientDecodeSecret}")
                .permitAll()
                .antMatchers("/api/manage/user**")
                .hasAuthority("API_MANAGE_USER")
                .antMatchers("/api/manage/developer**")
                .hasAuthority("API_MANAGE_DEVELOPER")
                .anyRequest().authenticated();
        http.addFilterAt(customAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class);
        http.apply(validateCodeSecurityConfig);
        http.apply(embedAuthenticationConfig);
        http.addFilterBefore(customTokenFilter, UsernamePasswordAuthenticationFilter.class);
    }

    //注册自定义的UsernamePasswordAuthenticationFilter
    @Bean
    CustomAuthenticationFilter customAuthenticationFilter() throws Exception {
        CustomAuthenticationFilter filter = new CustomAuthenticationFilter();
        filter.setAuthenticationSuccessHandler(jtyAuthenticationSuccessHandler);
        filter.setAuthenticationFailureHandler(jtyAuthenticationFailureHandler);
        filter.setFilterProcessesUrl("/authentication/form");
        filter.setAuthenticationManager(authenticationManager);
        return filter;
    }


}