package edu.sjtu.infosec.ismp.security;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;

import edu.sjtu.infosec.ismp.manager.SYSM.user.self.service.UserService;

public class IPRoleAuthenticationFilter extends OncePerRequestFilter{
	
	private UserService userService;

	@Override
	protected void doFilterInternal(HttpServletRequest req,HttpServletResponse res, FilterChain chain)
		throws IOException, ServletException {
	      // before we allow the request to proceed, we'll first get the user's role
	      // and see if it's an administrator
	      final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
	      Object principal  = authentication.getPrincipal();
//	      if (principal instanceof OperatorDetails) {
//	    	  String username = ((OperatorDetails)principal).getUsername();
//	      } else {
//	    	  String username = principal.toString();
//	      }
//	      System.out.println("自定义过滤器:"+authentication);
//	      System.out.println("认证用户内容" + principal);
	      if (authentication != null&& principal instanceof OperatorDetails) {
//	          boolean shouldCheck = false;
	    	  OperatorDetails user = (OperatorDetails)principal;
//	    	  List<Domain> domains = user.getDomainList();
//	    	  for(Domain department:domains){
//	    		  System.out.println("用户管理的域:"+department.getDomainName());
//	    	  }
	    	  //对于不同角色的循环
	          for (GrantedAuthority authority : authentication.getAuthorities()) {
	        	  String ipaddress = req.getRemoteAddr();
	        	  boolean shouldAllow = true;
	        	  if(authority.getAuthority().trim().equals("ROLE_AdminAll")){
//	        		  System.out.println("@@@@@超级管里员"); 
	        		  shouldAllow = userService.loginService(ipaddress);
	        	  }else{
	        		  shouldAllow = userService.loginService(user.getDomainList(), ipaddress);
	        	  }
//	      		  if (list.get(0) == null) {
//	      			 shouldAllow = true;
//	      		  }
	      		  if(!shouldAllow) {
	                  // fail the requestAdvanced Confguration and Extension [ 160 ]
	                  throw new AccessDeniedException("Access has been denied for your IP address: "+req.getRemoteAddr());
	              }
//	              if(authority.getAuthority().equals(targetRole)) {
//	                  shouldCheck = true;
//	                  break;
//	                   }
//	          }
//	          // if we should check IP, then check
//	          if(shouldCheck && allowedIPAddresses.size() > 0) {
//	              boolean shouldAllow = false;
//	              for (String ipAddress : allowedIPAddresses) {
//	                  if(req.getRemoteAddr().equals(ipAddress)) {
//	                      shouldAllow = true;
//	                      break;
//	                  }
//	              }
//	              
//	              if(!shouldAllow) {
//	                  // fail the requestAdvanced Confguration and Extension [ 160 ]
//	                  throw new AccessDeniedException("Access has been denied for your IP address: "+req.getRemoteAddr());
//	              }
	          }
	      } else {
	        logger.warn("The IPRoleAuthenticationFilter should be placed after the user has been authenticated in the filter chain.");
	      }
	      chain.doFilter(req, res);  
	// accessors (getters and setters) omitted
	}
	public void setUserService(UserService userService) {
		this.userService = userService;
	}
}