package com.takipArac.wsTakipArac.core.utilities.configuration;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;


@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
	@Autowired
	UserAuthService userAuthService;
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.csrf().disable();
		http.httpBasic().authenticationEntryPoint(new AuthenticationEntryPoint() {
			@Override
			public void commence(HttpServletRequest request, HttpServletResponse response,
					AuthenticationException authException) throws IOException, ServletException {
				response.sendError(HttpStatus.UNAUTHORIZED.value(),HttpStatus.UNAUTHORIZED.getReasonPhrase());
			}
		});
		http.authorizeRequests()
		
				
				
				  
				/*
				 * .antMatchers("/api/1.0/auth").hasAnyAuthority("Role_admin",
				 * "Role_companyUser", "Role_driver")
				 * .antMatchers("/api/1.0/admin/**").hasAuthority("Role_admin")
				 * .antMatchers("/api/1.0/companyUser/**").hasAuthority("Role_companyUser")
				 * .antMatchers("/api/1.0/driver/**").hasAuthority("Role_driver")
				 * .antMatchers("/api/1.0/adminCompany/**").hasAnyAuthority("Role_admin",
				 * "Role_companyUser")
				 * .antMatchers("/api/1.0/adminDriver/**").hasAnyAuthority("Role_admin",
				 * "Role_driver")
				 * .antMatchers("/api/1.0/companyDriver/**").hasAnyAuthority("Role_admin",
				 * "Role_driver") .antMatchers("/api/1.0/all/**").hasAnyAuthority("Role_admin",
				 * "Role_companyUser","Role_driver") .anyRequest().authenticated() .and()
				 * .formLogin().permitAll() .and() .logout().permitAll() .and()
				 * .exceptionHandling().accessDeniedPage("/403");
				 */
				 
				 
		 
					
					.and() .authorizeRequests().anyRequest().permitAll();
					 
		http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
	}
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(userAuthService).passwordEncoder(new BCryptPasswordEncoder());
	}
}