/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.openejb.core.security;

import org.apache.geronimo.connector.work.WorkContextHandler;
import org.apache.openejb.loader.SystemInstance;
import org.apache.openejb.spi.SecurityService;

import javax.resource.spi.work.SecurityContext;
import javax.resource.spi.work.WorkCompletedException;
import javax.resource.spi.work.WorkContext;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;

public class SecurityContextHandler implements WorkContextHandler<SecurityContext> {

    private ConnectorCallbackHandler callbackHandler;
    private final String securityRealmName;

    public SecurityContextHandler(final String securityRealmName) {
        this.securityRealmName = securityRealmName;
    }

    @Override
    public void before(final SecurityContext securityContext) throws WorkCompletedException {
        if (securityContext != null) {
            callbackHandler = new ConnectorCallbackHandler(securityRealmName);

            final Subject clientSubject = new Subject();
            securityContext.setupSecurityContext(callbackHandler, clientSubject, null);
        }
    }

    @SuppressWarnings("unchecked")
    @Override
    public void after(final SecurityContext securityContext) throws WorkCompletedException {
        final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
        final Object loginObj = securityService.disassociate();
        if (loginObj != null) {
            try {
                securityService.logout(loginObj);
            } catch (final LoginException e) {
                //Ignore
            }
        }
    }

    @Override
    public boolean supports(final Class<? extends WorkContext> clazz) {
        return SecurityContext.class.isAssignableFrom(clazz);
    }

    @Override
    public boolean required() {
        return false;
    }

}