package com.framework.shiro;

import java.util.Date;
import java.util.List;
import java.util.Set;

import javax.annotation.Resource;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;

import com.google.common.collect.Sets;
import com.agent.entity.system.PermissionEntity;
import com.agent.entity.system.UserEntity;
import com.agent.service.system.RoleService;
import com.agent.service.system.UserService;

public class UserRealm extends AuthorizingRealm{
	
	@Resource
	private UserService userService;
	
	@Resource
	private RoleService roleService;
	

	/**
	 * 返回当前subject的授权信息
	 * 交由shiro的Authorizer鉴权
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
		String loginAccount = (String) principals.getPrimaryPrincipal();
		UserEntity user = userService.findByLoginaccount(loginAccount);
		//System.out.println("user role id"+user.getRole().getId()+" role name:"+user.getRole().getRolename()+" :" + 
		//user.getRole().getRolecode()
		//		);
		
		Set<String> roles = Sets.newHashSet(user.getRole().getRolecode());//  user.getRole().getId().toString());
		authorizationInfo.setRoles(roles);
		//查询权限字符串
		List<PermissionEntity> list = roleService.findAllPermisstionByRole(user.getRole());
		Set<String> permisstions = Sets.newTreeSet();
		for(PermissionEntity permisstion:list) {
			
			permisstions.add(permisstion.getMenu().getPermission());
		}
		authorizationInfo.setStringPermissions(permisstions);
		return authorizationInfo;
	}

	/**
	 * 返回用户身份认证信息
	 * 交由shiro的Authenticator验证
	 * 
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		String loginAccount = (String) token.getPrincipal();
		UserEntity user = userService.findByLoginaccount(loginAccount);
		if(user==null){
			throw new UnknownAccountException();
		}
		user.setLastLoginTime(new Date());
		userService.save(user);
		Subject subject = SecurityUtils.getSubject();
		SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user.getLoginaccount(),user.getPassword(),getName());
		//创建会话
        subject.getSession().setAttribute("user", user);
        //System.out.println("role:"+user.getRole().getId()+" name:"+user.getRole().getRolename());
        //缓存用户菜单权限
        subject.getSession().setAttribute("menuList", roleService.findAllFunctionByRole(user.getRole()));
		
        return authenticationInfo;
	}

}