package com.nanometer.smartlab.realm;

import com.nanometer.smartlab.entity.BaseRolePage;
import com.nanometer.smartlab.entity.SysUser;
import com.nanometer.smartlab.service.BaseRolePageService;
import com.nanometer.smartlab.service.SysUserService;
import com.nanometer.smartlab.util.Constants;
import org.apache.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;

import javax.annotation.Resource;
import java.util.ArrayList;
import java.util.List;

/**
 * @description：shiro权限认证
 * @author：zhixuan.wang
 * @date：2015/10/1 14:51
 */
public class ShiroDbRealm extends AuthorizingRealm {
    private static Logger LOGGER = Logger.getLogger(ShiroDbRealm.class);

    @Resource
    private SysUserService sysUserService;
    @Resource
    private BaseRolePageService baseRolePageService;

    public ShiroDbRealm(CacheManager cacheManager, CredentialsMatcher matcher) {
        super(cacheManager, matcher);
    }

    /**
     * Shiro登录认证(原理：用户提交 用户名和密码  --- shiro 封装令牌 ---- realm 通过用户名将密码查询返回 ---- shiro 自动去比较查询出密码和用户输入密码是否一致---- 进行登陆控制 )
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
        final String account = String.valueOf(usernamePasswordToken.getUsername());
        SysUser user = this.sysUserService.getSysUserByAccount(account);

        if (user == null) {
            throw new UnknownAccountException();
        }

        AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user.getAccount(), user.getPassword(), getName());

        return authenticationInfo;
    }

    /**
     * Shiro权限认证
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(
            PrincipalCollection principals) {
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

        String account = (String) super.getAvailablePrincipal(principals);
        List<String> roles = new ArrayList<String>();
        List<String> permissions = new ArrayList<String>();

        SysUser user = this.sysUserService.getSysUserByAccount(account);
        if(user != null && user.getRoleId() != null) {
            roles.add(user.getRoleName());

            List<BaseRolePage> baseRolePageList = baseRolePageService.getBaseRolePageList(user.getRoleId(), null);
            if (baseRolePageList != null && baseRolePageList.size() > 0) {
                for (BaseRolePage baseRolePage : baseRolePageList) {
                    permissions.add(baseRolePage.getPageId());
                }
            }
        }

        info.addRoles(roles);
        info.addStringPermissions(permissions);
        return info;
    }

    @Override
    public void onLogout(PrincipalCollection principals) {
        Subject currentUser = SecurityUtils.getSubject();
        currentUser.getSession(true).removeAttribute(Constants.SESSION_USER);
        super.onLogout(principals);
    }

    /**
     * 清除用户缓存
     * @param loginName
     */
    public void removeUserCache(String loginName){
        Cache<Object, AuthenticationInfo> cache = getAuthenticationCache();
        if (null != cache){
            cache.remove(loginName);
        }
        SimplePrincipalCollection principals = new SimplePrincipalCollection();
        principals.add(loginName, super.getName());
        super.clearCachedAuthenticationInfo(principals);
    }
}