package org.ros.chatto;

import org.ros.chatto.logged.MyLogoutSuccessHandler;
import org.ros.chatto.logged.MySimpleUrlAuthenticationSuccessHandler;
import org.ros.chatto.security.CustomBasicAuthenticationFilter;
import org.ros.chatto.security.MyUserDetailsService;
import org.ros.chatto.security.TokenAuthenticationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

	@Autowired
	private AuthenticationSuccessHandler authenticationSuccessHandler;
	@Autowired
	private MyUserDetailsService myUserDetailsService;
	@Autowired
	private PasswordEncoder passwordEncoder;

	@Override
	@Bean
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}

	@Bean
	public AuthenticationProvider authenticationProvider() {
		DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
		provider.setUserDetailsService(myUserDetailsService);
		provider.setPasswordEncoder(passwordEncoder);
		return provider;
	}

	@Bean
	public static PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}

	@Configuration
	@Order(1)
	public static class ApiWebSecurity extends WebSecurityConfigurerAdapter {
		@Autowired
		private RESTAuthenticationEntryPoint authenticationEntryPoint;
		
		@Autowired
		private CustomBasicAuthenticationFilter customBasicAuthFilter;

		@Autowired
		private TokenAuthenticationFilter tokenFilter;

		@Override
		protected void configure(HttpSecurity http) throws Exception {
			http.csrf().disable().exceptionHandling()

					.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
//					.cors().and()
					
					.antMatcher("/api/**").authorizeRequests()
					.antMatchers("/api/chat/**").hasAnyRole("USER", "ADMIN", "SUPER_USER")
					.antMatchers("/api/demo/**").hasRole("SUPER_USER")
//					.antMatchers("/perform-login").permitAll()
					
					.anyRequest()
//					.hasAnyRole("USER", "ADMIN", "SUPER_USER")
					.authenticated()
					.and().httpBasic().authenticationEntryPoint(authenticationEntryPoint)
//					.and()
//					.logout().invalidateHttpSession(true).clearAuthentication(true)
//					.logoutRequestMatcher(new AntPathRequestMatcher("/api/perform_logout"))
//					.logoutSuccessUrl("/").permitAll()
//					.and()
//					.formLogin()
//					.loginProcessingUrl("/api/perform_login").permitAll()
//					.and()
//				    .formLogin()
//				    .and()
//				    .logout();
			;
			
			http.addFilterBefore(tokenFilter, BasicAuthenticationFilter.class);

			// Creating token when basic authentication is successful and the same token can
			// be used to authenticate for further requests
//			final CustomBasicAuthenticationFilter customBasicAuthFilter = new CustomBasicAuthenticationFilter(
//					authenticationManagerBean());
			http.addFilter(customBasicAuthFilter);

		}

//		@Override
//		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//			auth.eraseCredentials(false);
//		}
//
//		public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
//
//		}

	}

	@Configuration
	@Order(2)
	public static class FormWebSecurity extends WebSecurityConfigurerAdapter {
		@Autowired
		private MySimpleUrlAuthenticationSuccessHandler mySimpleUrlAuthenticationSuccessHandler;

		@Autowired
		private MyLogoutSuccessHandler myLogoutSuccessHandler;

		@Override
		protected void configure(HttpSecurity httpSecurity) throws Exception {
			httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()

					.authorizeRequests()
//            		.antMatchers(HttpMethod.POST, "/api/**").permitAll()
					.antMatchers("/", "perform_login", "/logout**", "/favicon.ico", "/login*", "/registration",
							"/perform_registration", "/css/**", "/js/**", "/img/**")
					.permitAll()
//                    .antMatchers("/","/api**","/api/**","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll()
					.antMatchers("/user/**").hasAnyRole("USER", "ADMIN", "SUPER_USER").antMatchers("/admin/**")
					.hasAnyRole("ADMIN", "SUPER_USER")
//					.and()
//					.antMatcher("/api/**")
//					.authorizeRequests()
					.anyRequest().authenticated()

					.and()

					.formLogin().loginPage("/login").permitAll().loginProcessingUrl("/perform_login")
					.successHandler(mySimpleUrlAuthenticationSuccessHandler).and().logout()
					.logoutSuccessHandler(myLogoutSuccessHandler)
//					.failureUrl("/?login_error")
//					.and()
//					.logout().invalidateHttpSession(true)
//					.clearAuthentication(true)
//					.logoutRequestMatcher(new AntPathRequestMatcher("/perform_logout"))
//					.logoutSuccessUrl("/").permitAll()
//					.and().httpBasic();
//					.and().cors()
//					.and().csrf().disable();
			;
//    	    	httpSecurity
//    	    		.csrf().disable()
//    	    		.authorizeRequests().antMatchers("login").permitAll()
//    	    		.anyRequest().authenticated()
//    	    		.and()
//    	    		.formLogin()
//    	    		.loginPage("/login").permitAll()
//    	    		.and()
//    	    		.logout().invalidateHttpSession(true)
//    	    		.clearAuthentication(true)
//    	    		.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
//    	    		.logoutSuccessUrl("/").permitAll();
		}
//		@Override
//	    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//	        auth.eraseCredentials(false);
//	    }

	}

//	@Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth.eraseCredentials(false);
//    }

//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth.inMemoryAuthentication()
//                .withUser("user")
//                .password("{noop}user")
//                .roles("USER")
//                .and()
//                .withUser("admin")
//                .password("{noop}admin")
//                .roles("ADMIN");
////    	auth.userDetailsService(myUserDetailsService);
//        
//    }
//	    @Bean
//	    @Override
//	    public UserDetailsService userDetailsService(String usern) {
////	        UserDetails user =
////	             User.withDefaultPasswordEncoder()
////	                .username("user")
////	                .password("password")
////	                .roles("USER")
////	                .build();
////	
////	        return new InMemoryUserDetailsManager(user);
//	    	myUserDetailsService.loadUserByUsername(username)
//	    	
//	    }
//    @Override
//	  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//	      auth.userDetailsService(myUserDetailsService);
//    }
//  	auth.userDetailsService(myUserDetailsService);

//  }
}