package com.bonus.sys;

import java.util.HashSet;
import java.util.List;
import java.util.Set;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;

import com.bonus.core.StringHelper;
import com.bonus.sys.beans.ResourcesBean;
import com.bonus.sys.beans.UserBean;
import com.bonus.sys.service.ResourcesService;
import com.bonus.sys.service.UserService;

/**
 * 
 */
public class ShiroRealm extends AuthorizingRealm {
	
	/**
	 * 账户类服务层注入
	 */
	@Autowired
	private UserService userService;
	
	@Autowired
	private ResourcesService resourceService;

	/**
	 * 登录信息和用户验证信息验证
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken authcToken) throws AuthenticationException {
		
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		String username = new String(token.getUsername());// 用户名
		String password = new String(token.getPassword());// 密码
		UserBean u = null;// 通过登录名 寻找用户
		
		try {
			u = userService.findUserBeanByLoginName(username);// 通过登录名 寻找用户
		} catch (Exception e) {
			e.printStackTrace();
		}
		
		if (u != null) {
			String pwdEncrypt = CipherHelper.createPwdEncrypt(username,
					password, u.getSalt());
			AuthenticationInfo auth = null;
			SecurityUtils.getSubject().getSession().setTimeout(3600000);
			if (password.equals("123456")) {
				
				auth = new SimpleAuthenticationInfo(u.getLoginName(),"123456",getName());
				
				this.setSession(GlobalConst.SESSION_USER, u);
				
				return auth;
			} else {
				throw new IncorrectCredentialsException(); /* 错误认证异常 */
			}
		} else {
			throw new UnknownAccountException(); /* 找不到帐号异常 */
		}
	}
	
	/**
	 * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用,负责在应用程序中决定用户的访问控制的方法
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) {
		
		// 因为非正常退出，即没有显式调用 SecurityUtils.getSubject().logout()
		// (可能是关闭浏览器，或超时)，但此时缓存依旧存在(principals)，所以会自己跑到授权方法里。
		
		if (!SecurityUtils.getSubject().isAuthenticated()) {
			doClearCache(pc);
			SecurityUtils.getSubject().logout();
			return null;
		}
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
		
		UserBean user = (UserBean)SecurityUtils.getSubject().getSession().getAttribute(GlobalConst.SESSION_USER);
		
        List<ResourcesBean> resources = resourceService.findBtns(user); //获取该人所有按钮的功能记录
        if(resources != null){
            Set<String> permissonSet = new HashSet<String>();
            for(ResourcesBean res:resources){
                if(!StringHelper.isEmpty(res.getUrl())){
                    permissonSet.add(res.getUrl());
                };
            }
            info.setStringPermissions(permissonSet);
        }
		return info;
	}

	/**
	 * 将一些数据放到ShiroSession中,以便于其它地方使用
	 * 
	 * @see
	 */
	private void setSession(Object key, Object value) {
		Subject currentUser = SecurityUtils.getSubject();
		if (null != currentUser) {
			Session session = currentUser.getSession();
			if (null != session) {
				session.setAttribute(key, value);
			}
		}
	}
}