package com.keao.edu.user.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

import com.keao.edu.common.security.BaseAccessDeniedHandler;
import com.keao.edu.common.security.BaseAuthenticationEntryPoint;

@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private BaseAccessDeniedHandler baseAccessDeniedHandler;

    @Autowired
    private BaseAuthenticationEntryPoint baseAuthenticationEntryPoint;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/task/*","/v2/api-docs", "/su/**", "/student/apply", "/examRegistration/ocr", "/examOrder/paymentResult",
                        "/examOrder/notify","/examinationBasic/getInfo","/examOrder/executePayment","/examOrder/pageList","/studentExamResult/recordSync")
                .permitAll()
                .anyRequest().authenticated().and().csrf().disable().exceptionHandling().accessDeniedHandler(baseAccessDeniedHandler)
                .authenticationEntryPoint(baseAuthenticationEntryPoint).and();
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.authenticationEntryPoint(baseAuthenticationEntryPoint).accessDeniedHandler(baseAccessDeniedHandler);
    }

}