package org.argeo.security.jcr;

import java.util.Map;
import java.util.concurrent.Executor;

import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.RepositoryFactory;
import javax.jcr.Session;

import org.argeo.ArgeoException;
import org.argeo.jcr.JcrUtils;
import org.argeo.security.OsAuthenticationToken;
import org.argeo.security.core.OsAuthenticationProvider;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.userdetails.UserDetails;

public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
	private RepositoryFactory repositoryFactory;
	private Executor systemExecutor;
	private String homeBasePath = "/home";
	private String repositoryAlias = "node";
	private String workspace = null;

	public Authentication authenticate(Authentication authentication)
			throws AuthenticationException {
		final OsAuthenticationToken authen = (OsAuthenticationToken) super
				.authenticate(authentication);
		systemExecutor.execute(new Runnable() {
			public void run() {
				try {
					Session session = JcrUtils.getRepositoryByAlias(
							repositoryFactory, repositoryAlias)
							.login(workspace);
					Node userHome = JcrUtils.getUserHome(session,
							authen.getName());
					if (userHome == null)
						JcrUtils.createUserHome(session, homeBasePath,
								authen.getName());
					authen.setDetails(getUserDetails(userHome, authen));
				} catch (RepositoryException e) {
					throw new ArgeoException(
							"Unexpected exception when synchronizing OS and JCR security ",
							e);
				}
			}
		});
		return authen;
	}

	/** Builds user details based on the authentication and the user home. */
	protected UserDetails getUserDetails(Node userHome, Authentication authen) {
		try {
			// TODO: loads enabled, locked, etc. from the home node.
			return new JcrUserDetails(userHome.getPath(), authen.getPrincipal()
					.toString(), authen.getCredentials().toString(),
					isEnabled(userHome), true, true, true,
					authen.getAuthorities());
		} catch (Exception e) {
			throw new ArgeoException("Cannot get user details for " + userHome,
					e);
		}
	}

	protected Boolean isEnabled(Node userHome) {
		return true;
	}

	public void register(RepositoryFactory repositoryFactory,
			Map<String, String> parameters) {
		this.repositoryFactory = repositoryFactory;
	}

	public void unregister(RepositoryFactory repositoryFactory,
			Map<String, String> parameters) {
		this.repositoryFactory = null;
	}

	public void setSystemExecutor(Executor systemExecutor) {
		this.systemExecutor = systemExecutor;
	}

	public void setHomeBasePath(String homeBasePath) {
		this.homeBasePath = homeBasePath;
	}

	public void setRepositoryAlias(String repositoryAlias) {
		this.repositoryAlias = repositoryAlias;
	}

	public void setWorkspace(String workspace) {
		this.workspace = workspace;
	}

}