/* (c) 2014 - 2017 Open Source Geospatial Foundation - all rights reserved
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */

package org.geoserver.geofence.services.rest.auth;


import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.security.SecurityContext;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;

/**
 *
 * Starting point was JAASLoginInterceptor
 *
 * @author ETj (etj at geo-solutions.it)
 */
public class GeofenceAuthenticationInterceptor extends AbstractPhaseInterceptor<Message>
{

    private static final Logger LOGGER = LogManager.getLogger(GeofenceAuthenticationInterceptor.class);

    // TODO: inject user service

    public GeofenceAuthenticationInterceptor()
    {
        super(Phase.UNMARSHAL);
    }

    @Override
    public void handleMessage(Message message) throws Fault
    {

        LOGGER.info("In handleMessage");
        LOGGER.info("Message --> " + message);

        String name = null;
        String password = null;

        AuthUser user = null;

        AuthorizationPolicy policy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class);
        if (policy != null)
        {
            name = policy.getUserName();
            password = policy.getPassword();

            LOGGER.info("Requesting user: " + name);
            // TODO: read user from DB
            // if user and pw do not match, throw new AuthenticationException("Unauthorized");

            user = new AuthUser();
            user.setName(name);

        }
        else
        {
            LOGGER.info("No requesting user -- GUEST access");
        }

        GeofenceSecurityContext securityContext = new GeofenceSecurityContext();
        GeofencePrincipal principal = (user != null) ? new GeofencePrincipal(user) : GeofencePrincipal.createGuest();
        securityContext.setPrincipal(principal);

        message.put(SecurityContext.class, securityContext);
    }
}