package eu.dnetlib.uoaauthorizationlibrary.security;

import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

public class AuthorizationFilterConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {

    private AuthorizationProvider authorizationProvider;
    private AuthorizationUtils utils;

    @Override
    public void init(HttpSecurity http) throws Exception {
        http.csrf().disable();
    }

    @Autowired
    public AuthorizationFilterConfigurer(AuthorizationProvider authorizationProvider, AuthorizationUtils utils) {
        this.authorizationProvider = authorizationProvider;
        this.utils = utils;
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        AuthorizationFilter customFilter = new AuthorizationFilter(authorizationProvider, utils);
        http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
    }

}