package com.yunzhi.demo.shiro;

import com.yunzhi.demo.shiro.filters.JWTFilter;
import com.yunzhi.demo.shiro.matcher.JWTCredentialsMatcher;
import com.yunzhi.demo.shiro.realms.manager.IManagerService;
import com.yunzhi.demo.shiro.realms.manager.ManagerRealm;
import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.DefaultSubjectDAO;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.Filter;
import java.util.HashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {

    @Autowired
    IManagerService iManagerService;

    @Value("${shiro.unauthorizedUrl}")
    private String unauthorizedUrl;

    @Value("#{${shiro.filterRuleMap}}")
    private Map<String, String> filterRuleMap;

    @Bean
    public ManagerRealm managerRealm() {
        ManagerRealm realm = new ManagerRealm();
        realm.setManagerService(iManagerService);
        realm.setCredentialsMatcher(new JWTCredentialsMatcher());
        return realm;
    }

    @Bean("shiroFilterFactoryBean")
    public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();

        // 手动加入 JWTFilter
        JWTFilter jwtFilter = new JWTFilter();
        jwtFilter.setUnauthorizedUrl(unauthorizedUrl);

        Map<String, Filter> filterMap = new HashMap<>();
        filterMap.put("jwt", jwtFilter);
        factoryBean.setFilters(filterMap);

        factoryBean.setSecurityManager(securityManager);
        factoryBean.setUnauthorizedUrl(unauthorizedUrl);

        factoryBean.setFilterChainDefinitionMap(filterRuleMap);
        return factoryBean;
    }

    @Bean("securityManager")
    public DefaultWebSecurityManager securityManager() {
        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
        //  Use your own realm
        manager.setRealm(managerRealm());

        /*
         * 禁用 session
         */
        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
        manager.setSubjectDAO(subjectDAO);

        return manager;
    }
}