package eu.dnetlib.uoaauthorizationlibrary.security;

import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@EnableWebSecurity
@ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.*"})
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private AuthorizationProvider authorizationProvider;
    private AuthorizationUtils utils;

    @Autowired
    WebSecurityConfig(AuthorizationProvider authorizationProvider, AuthorizationUtils utils) {
        this.authorizationProvider = authorizationProvider;
        this.utils = utils;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.apply(new AuthorizationFilterConfigurer(authorizationProvider, utils));
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.authorizeRequests().anyRequest().permitAll();
        http.httpBasic().authenticationEntryPoint(new EntryPoint());
    }

}