package compbio.spring.security;

import java.util.Collection;
import java.util.HashSet;
import java.util.Set;

import javax.annotation.Resource;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;

/**
 * The class maps LDAP groups defined in the LDAP service to the ProteoCache
 * roles for a specific user. The class implements the standard Spring Security
 * GrantedAuthoritiesMapper interface and should replace the standard
 * Authorities Mapper in security configuration XML file.
 * 
 * @version 1.0 January 2014
 * 
 * @author Alexaner Sherstnev
 * 
 */
@Resource
public class LDAPAuthorityMapper implements GrantedAuthoritiesMapper {

	private static final Log logger = LogFactory.getLog(LDAPAuthorityMapper.class);

	public LDAPAuthorityMapper() {
	}

	/**
	 * the real mapping method. Currently, all users who are able to
	 * authenticate are assigned with the same ROLE_LDAP_USER.
	 * 
	 * @param authorities a set of original granted authorities assigned by ldapAuthProvider
	 * @return a new set of granted authorities greated in the method
	 */
	public Collection<? extends GrantedAuthority> mapAuthorities(final Collection<? extends GrantedAuthority> authorities) {
		SimpleGrantedAuthority sa = new SimpleGrantedAuthority("ROLE_LDAP_USER");
		Set<GrantedAuthority> roles = new HashSet<GrantedAuthority>();
		roles.add(sa);
		logger.info("LDAPAuthorityMapper: set new role ROLE_LDAP_USER");
		return roles;
	}
}