package com.zoniot.ccrc.security;

import com.zoniot.ccrc.security.integration.IntegrationSecurityConfig;
import com.zoniot.ccrc.security.mobile.MobileLoginUserDetailService;
import com.zoniot.ccrc.security.mobile.MobileSecurityConfig;
import com.zoniot.ccrc.security.openid.OpenidSecurityConfig;
import com.zoniot.ccrc.security.smsCode.SmsCodeCheckUserFilter;
import com.zoniot.ccrc.security.smsCode.SmsCodeSecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

/**
 * SpringSecurity 核心配置类
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)  //  启用方法级别的权限认证
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    @Qualifier("userAuthenticationSuccessHandler")
    private AuthenticationSuccessHandler authenticationSuccessHandler;
    @Autowired
    @Qualifier("userAuthenticationFailureHandler")
    private AuthenticationFailureHandler authenticationFailureHandler;
    @Autowired
    @Qualifier("userLogoutSuccessHandler")
    private LogoutSuccessHandler logoutSuccessHandler;
    @Autowired
    @Qualifier("userAuthenticationEntryPoint")
    private AuthenticationEntryPoint authenticationEntryPoint;
    @Autowired
    @Qualifier("userAccessDeniedHandler")
    private AccessDeniedHandler accessDeniedHandler;
    @Autowired
    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
    @Autowired
    private SecurityCrossFilter securityCrossFilter;
    @Autowired
    private MobileSecurityConfig mobileSecurityConfig;
    @Autowired
    private MobileLoginUserDetailService mobileLoginUserDetailService;
    @Autowired
    private SmsCodeCheckUserFilter smsCodeCheckUserFilter;
    @Autowired
    private SmsCodeSecurityConfig smsCodeSecurityConfig;
    @Autowired
    private OpenidSecurityConfig openidSecurityConfig;
    @Autowired
    private IntegrationSecurityConfig integrationSecurityConfig;




    /*@Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(mobileLoginUserDetailService).passwordEncoder(passwordEncoder());
    }*/

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(mobileLoginUserDetailService);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers( "/swagger-ui.html", "/webjars/**", "/swagger-resources/**", "/v2/**", "/test/**")
                .antMatchers( "/validateCode/image", "/validateCode/test")
                .antMatchers("/statics/**", "/sms/send/**","/sms/v2/send/**","/file/**")
                .antMatchers("/druid/**")
                .antMatchers("/integration/user/save","/integration/user/del")
                .antMatchers("/external/getSiteCustomerIds");

    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                //.addFilterBefore(smsCodeCheckUserFilter, UsernamePasswordAuthenticationFilter.class)

                .csrf().disable()
                // 基于token，所以不需要session
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and().authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
               // .anyRequest().authenticated()
                .and()
                .formLogin()
                .successHandler(authenticationSuccessHandler)//登陆成功处理
                .failureHandler(authenticationFailureHandler)//登陆失败
                .and().logout().permitAll()
                .logoutSuccessHandler(logoutSuccessHandler).permitAll();


        http.exceptionHandling()
                .authenticationEntryPoint(authenticationEntryPoint)//未授权处理
                // 已经认证的用户访问自己没有权限的资源处理
                .accessDeniedHandler(accessDeniedHandler)//权限不足处理
                //.and().addFilterBefore(securityCrossFilter, UsernamePasswordAuthenticationFilter.class)
                .and().addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class)
                .apply(mobileSecurityConfig)
                .and()
                .apply(smsCodeSecurityConfig)
                .and()
                .apply(integrationSecurityConfig)
                .and()
                .apply(openidSecurityConfig);

    }

}