package com.ruhuanxingyun.config;

import com.fasterxml.jackson.databind.ObjectMapper;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.http.SessionCreationPolicy;

import org.springframework.security.core.AuthenticationException;

import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;

import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;

import org.springframework.security.web.AuthenticationEntryPoint;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.util.HashMap;

import java.util.Map;

@Configuration

public class SecurityResourceConfig extends ResourceServerConfigurerAdapter {

    @Override

    public void configure(HttpSecurity http) throws Exception {

        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()

                .authorizeRequests().antMatchers("/api/1.0/**").access("#oauth2.hasScope('all')").and()

                .authorizeRequests().antMatchers("/public/**").permitAll().and()

                .authorizeRequests().antMatchers("/export/**").permitAll().and()

                .exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());

    }

    @Override

    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {

        resources.authenticationEntryPoint(new AuthExceptionEntryPoint());

    }

    class AuthExceptionEntryPoint implements AuthenticationEntryPoint {

        @Override

        public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws ServletException {

            Map<String, Object> map = new HashMap<>(9);

            Throwable cause = authException.getCause();

            if (cause instanceof InvalidTokenException) {

                map.put("code", 401);

                map.put("msg", "无效的token");

            } else {

                map.put("code", 401);

                map.put("msg", "访问此资源需要完全的身份验证");

            }

            map.put("data", authException.getMessage());

            map.put("success", false);

            map.put("path", request.getServletPath());

            map.put("timestamp", String.valueOf(System.currentTimeMillis()));

            response.setContentType("application/json");

            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

            try {

                ObjectMapper mapper = new ObjectMapper();

                mapper.writeValue(response.getOutputStream(), map);

            } catch (Exception e) {

                throw new ServletException();

            }

        }

    }

}