package com.whyc.manager;

import com.whyc.constant.SuperConstant;
import io.jsonwebtoken.Claims;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.StringUtils;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.Serializable;

public class ShiroSessionManager extends DefaultWebSessionManager {

    public ShiroSessionManager() {
    }

    @Autowired
    JWTManager jwtManager;

    @Override
    protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
        //改变session模式后,解析携带的jwt
        String jwt = WebUtils.toHttp(request).getHeader(SuperConstant.AUTHORIZATION);
        if (StringUtils.isEmpty(jwt)){
            //如果没有携带jwt,则采用cookie方式
            return super.getSessionId(request,response);
        }else{
            //设置request属性为无状态,SessionId
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,SuperConstant.REFERENCED_SESSION_ID_RESOURCE);
            try {
                Claims claims = jwtManager.decodeToken(jwt);
                String sessionId = (String) claims.get("jti");
                request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sessionId);
                request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
                return sessionId;
            }catch (Exception e){
                //无法解密jwt,说明凭证有问题
                //e.printStackTrace();
                return null;
            }
        }
    }
}