//package com.landtool.lanbase.config;
//
//import javax.net.ssl.HostnameVerifier;
//import javax.net.ssl.HttpsURLConnection;
//import javax.net.ssl.SSLSession;
//
//import org.jasig.cas.client.session.SingleSignOutFilter;
//import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
//import org.jasig.cas.client.util.AssertionThreadLocalFilter;
//import org.jasig.cas.client.util.HttpServletRequestWrapperFilter;
//import org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.beans.factory.annotation.Value;
//import org.springframework.boot.web.servlet.FilterRegistrationBean;
//import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.web.authentication.logout.LogoutFilter;
//import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
//
//import com.landtool.lanbase.common.shiro.CasAuthenticationFilter;
//
//@Configuration
//public class CasConfig {
//
//	@Autowired
//	CasConfigProperties config;
//
//	// 是否开启CAS过滤 true开启 false关闭
//	@Value("${spring.cas.casEnabled: #{false}}")
//	private boolean casEnabled;
//	// private static boolean casEnabled = true;
//
//	public CasConfig() {
//	}
//
//	@Bean
//	public CasConfigProperties getCasConfigProperties() {
//		return new CasConfigProperties();
//	}
//
//	/**
//	 * 用于实现单点登出功能
//	 */
//	@Bean
//	public ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> singleSignOutHttpSessionListener() {
//		ServletListenerRegistrationBean<SingleSignOutHttpSessionListener> listener = new ServletListenerRegistrationBean<>();
//		listener.setEnabled(casEnabled);
//		listener.setListener(new SingleSignOutHttpSessionListener());
//		listener.setOrder(1);
//		return listener;
//	}
//
//	/**
//	 * 该过滤器用于实现单点登出功能，单点退出配置，一定要放在其他filter之前
//	 */
//	@Bean
//	public FilterRegistrationBean logOutFilter() {
//		FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
//		LogoutFilter logoutFilter = new LogoutFilter(
//				config.getCasServerUrlPrefix() + "/logout?service=" + config.getServerName(),
//				new SecurityContextLogoutHandler());
//		filterRegistration.setFilter(logoutFilter);
//		filterRegistration.setEnabled(casEnabled);
//		if (config.getSignOutFilters().size() > 0) {
//			filterRegistration.setUrlPatterns(config.getSignOutFilters());
//		} else {
//			filterRegistration.addUrlPatterns("/logout");
//		}
//		filterRegistration.addInitParameter("casServerUrlPrefix", config.getCasServerUrlPrefix());
//		filterRegistration.addInitParameter("serverName", config.getServerName());
//		filterRegistration.setOrder(2);
//		return filterRegistration;
//	}
//
//	/**
//	 * 该过滤器用于实现单点登出功能，单点退出配置，一定要放在其他filter之前
//	 */
//	@Bean
//	public FilterRegistrationBean singleSignOutFilter() {
//		FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
//		filterRegistration.setFilter(new SingleSignOutFilter());
//		filterRegistration.setEnabled(casEnabled);
//		if (config.getSignOutFilters().size() > 0) {
//			filterRegistration.setUrlPatterns(config.getSignOutFilters());
//		} else {
//			filterRegistration.addUrlPatterns("/*");
//		}
//		filterRegistration.addInitParameter("casServerUrlPrefix", config.getCasServerUrlPrefix());
//		filterRegistration.addInitParameter("serverName", config.getServerName());
//		filterRegistration.setOrder(3);
//		return filterRegistration;
//	}
//
//	/**
//	 * 该过滤器负责用户的认证工作
//	 */
//	@Bean
//	public FilterRegistrationBean authenticationFilter() {
//		FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
//		filterRegistration.setFilter(new CasAuthenticationFilter());
//		filterRegistration.setEnabled(casEnabled);
//		if (config.getAuthFilters().size() > 0) {
//			filterRegistration.setUrlPatterns(config.getAuthFilters());
//		} else {
//			filterRegistration.addUrlPatterns("/*");
//		}
//		// casServerLoginUrl:cas服务的登陆url
//		filterRegistration.addInitParameter("casServerLoginUrl", config.getCasServerLoginUrl());
//		// 本项目登录ip+port
//		filterRegistration.addInitParameter("serverName", config.getServerName());
//		filterRegistration.addInitParameter("useSession", config.isUseSession() ? "true" : "false");
//		filterRegistration.addInitParameter("redirectAfterValidation",
//				config.isRedirectAfterValidation() ? "true" : "false");
//		filterRegistration.setOrder(4);
//		return filterRegistration;
//	}
//
//	/**
//	 * 该过滤器负责对Ticket的校验工作
//	 */
//	@Bean
//	public FilterRegistrationBean cas20ProxyReceivingTicketValidationFilter() {
//		
//		try {
//			trustAllHttpsCertificates();
//			HttpsURLConnection.setDefaultHostnameVerifier(hv);  
//		} catch (Exception e) {
//			// TODO Auto-generated catch block
//			e.printStackTrace();
//		}  
//		
//		FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
//		Cas20ProxyReceivingTicketValidationFilter cas20ProxyReceivingTicketValidationFilter = new Cas20ProxyReceivingTicketValidationFilter();
//		// cas20ProxyReceivingTicketValidationFilter.setTicketValidator(cas20ServiceTicketValidator());
//		cas20ProxyReceivingTicketValidationFilter.setServerName(config.getServerName());
//		filterRegistration.setFilter(cas20ProxyReceivingTicketValidationFilter);
//		filterRegistration.setEnabled(casEnabled);
//		if (config.getValidateFilters().size() > 0) {
//			filterRegistration.setUrlPatterns(config.getValidateFilters());
//		} else {
//			filterRegistration.addUrlPatterns("/*");
//		}
//		filterRegistration.addInitParameter("casServerUrlPrefix", config.getCasServerUrlPrefix());
//		filterRegistration.addInitParameter("serverName", config.getServerName());
//		filterRegistration.setOrder(5);
//		return filterRegistration;
//	}
//
//	/**
//	 * 该过滤器对HttpServletRequest请求包装，
//	 * 可通过HttpServletRequest的getRemoteUser()方法获得登录用户的登录名
//	 * 
//	 */
//	@Bean
//	public FilterRegistrationBean httpServletRequestWrapperFilter() {
//		FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
//		filterRegistration.setFilter(new HttpServletRequestWrapperFilter());
//		filterRegistration.setEnabled(true);
//		if (config.getRequestWrapperFilters().size() > 0) {
//			filterRegistration.setUrlPatterns(config.getRequestWrapperFilters());
//		} else {
//			filterRegistration.addUrlPatterns("/*");
//		}
//		filterRegistration.setOrder(6);
//		return filterRegistration;
//	}
//
//	/**
//	 * 该过滤器使得可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
//	 * 比如AssertionHolder.getAssertion().getPrincipal().getName()。
//	 * 这个类把Assertion信息放在ThreadLocal变量中，这样应用程序不在web层也能够获取到当前登录信息
//	 */
//	@Bean
//	public FilterRegistrationBean assertionThreadLocalFilter() {
//		FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
//		filterRegistration.setFilter(new AssertionThreadLocalFilter());
//		filterRegistration.setEnabled(true);
//		if (config.getAssertionFilters().size() > 0) {
//			filterRegistration.setUrlPatterns(config.getAssertionFilters());
//		} else {
//			filterRegistration.addUrlPatterns("/*");
//		}
//		filterRegistration.setOrder(7);
//		return filterRegistration;
//	}
//
//	HostnameVerifier hv = new HostnameVerifier() {
//		public boolean verify(String urlHostName, SSLSession session) {
//			System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
//			return true;
//		}
//	};
//
//	private static void trustAllHttpsCertificates() throws Exception {
//		javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
//		javax.net.ssl.TrustManager tm = new miTM();
//		trustAllCerts[0] = tm;
//		javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
//		sc.init(null, trustAllCerts, null);
//		javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
//	}
//
//	static class miTM implements javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager {
//		public java.security.cert.X509Certificate[] getAcceptedIssuers() {
//			return null;
//		}
//
//		public boolean isServerTrusted(java.security.cert.X509Certificate[] certs) {
//			return true;
//		}
//
//		public boolean isClientTrusted(java.security.cert.X509Certificate[] certs) {
//			return true;
//		}
//
//		public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
//				throws java.security.cert.CertificateException {
//			return;
//		}
//
//		public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
//				throws java.security.cert.CertificateException {
//			return;
//		}
//	}
//
//}