/*
 * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *         http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.argeo.security.activemq;

import org.apache.activemq.broker.BrokerPluginSupport;
import org.apache.activemq.broker.ConnectionContext;
import org.apache.activemq.command.ConnectionInfo;
import org.argeo.ArgeoException;
import org.argeo.security.core.InternalAuthentication;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;

public class ActiveMqSecurityBrokerPlugin extends BrokerPluginSupport {
//	private final static Log log = LogFactory
//			.getLog(ActiveMqSecurityBrokerPlugin.class);

	private AuthenticationManager authenticationManager;
	private String systemUsername = InternalAuthentication.DEFAULT_SYSTEM_USERNAME;
	private String systemRole = InternalAuthentication.DEFAULT_SYSTEM_ROLE;

	@Override
	public void addConnection(ConnectionContext context, ConnectionInfo info)
			throws Exception {
		String username = info.getUserName();
		if (username == null)
			throw new ArgeoException("No user name provided");
		String password = info.getPassword();
		if (password == null) {
			password = context.getConnection().getRemoteAddress().substring(1);
			password = password.substring(0, password.lastIndexOf(':'));
		}

		SecurityContext securityContext = SecurityContextHolder.getContext();

		final Authentication authRequest;
		if (username.equals(systemUsername))
			authRequest = new InternalAuthentication(password, username,
					systemRole);
		else
			authRequest = new UsernamePasswordAuthenticationToken(username,
					password);

		final Authentication auth = authenticationManager
				.authenticate(authRequest);
		securityContext.setAuthentication(auth);
		context.setSecurityContext(new ActiveMqSpringSecurityContext(
				securityContext));

		super.addConnection(context, info);
	}

	public void setAuthenticationManager(
			AuthenticationManager authenticationManager) {
		this.authenticationManager = authenticationManager;
	}

	public void setSystemUsername(String systemUsername) {
		this.systemUsername = systemUsername;
	}

	public void setSystemRole(String systemRole) {
		this.systemRole = systemRole;
	}

}