package com.gxzc.zen.umps.config

import com.gxzc.zen.api.sys.service.ISysUserService
import com.gxzc.zen.umps.common.ZenAuthToken
import com.gxzc.zen.umps.common.ZenSimpleByteSource
import org.apache.shiro.authc.*
import org.apache.shiro.authz.AuthorizationInfo
import org.apache.shiro.authz.SimpleAuthorizationInfo
import org.apache.shiro.realm.AuthorizingRealm
import org.apache.shiro.subject.PrincipalCollection
import org.slf4j.LoggerFactory
import org.springframework.beans.factory.annotation.Autowired

/**
 *
 * @author NorthLan
 * @date 2018/4/23
 * @url https://noahlan.com
 */
class ZenShiroRealm : AuthorizingRealm() {
    companion object {
        private val logger = LoggerFactory.getLogger(ZenShiroRealm::class.java)
    }

    @Autowired
    private lateinit var userService: ISysUserService

    init {
        this.name = "zen_realm"
    }

    /**
     * 登陆验证
     */
    override fun doGetAuthenticationInfo(token: AuthenticationToken): AuthenticationInfo {
        logger.debug("ZenShiroRealm doGetAuthenticationInfo [${token.principal}]")
        if (token !is ZenAuthToken) {
            throw AccountException("token must be ZenAuthToken")
        }
        // 获取用户信息
        val user = token.user ?: throw UnknownAccountException()

        // 账号锁定判定
        if (user.lock != null && user.lock!!) {
            throw LockedAccountException()
        }
        return SimpleAuthenticationInfo(user.account, user.password, ZenSimpleByteSource(user.account + user.salt), user.username)
    }

    /**
     * <p>调用subject的权限验证,如 hasRole,hasPermission <br>
     *     将调用此方法给subject设置定义的权限
     *     而后交由Realm处理 <br></p>
     * 现改为集中式基于数据库的动态权限管理,此功能不做任何处理
     */
    override fun doGetAuthorizationInfo(principals: PrincipalCollection?): AuthorizationInfo {
        logger.debug("ZenShiroRealm doGetAuthorizationInfo [${principals?.primaryPrincipal}]")
        return SimpleAuthorizationInfo()
    }
}