package com.example.security;

import java.io.IOException;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

import javax.security.auth.login.LoginException;

import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;

import gs.scribblin.sysauth.*;

public class MyLoginModule extends UsernamePasswordLoginModule
{
	private transient SimpleGroup userRoles = new SimpleGroup("Roles");
	/** 
	 * Override validatePassword in the superclass. 
	 * This method will be called by the container when
	 * the user tries to log in.  The expectedPassword
	 * is irrelevant in this case as it will always be
	 * an empty string.  The password validation itself
	 * will be done by pam_userpass
	 * 
	 * @param inputPassword The password the user entered
	 * @param expectedPassword Do not pass anything here
	 * @return boolean True if the user is authenticated 
	 */
	public boolean validatePassword(String inputPassword, String expectedPassword){
		
		boolean result = false;
        result = SysAuth.isAllowed(getUsername(),inputPassword); 
		return result;
	}
	/**
	 * Returns blank as we shouldn't have access to this
	 * 
	 * @return password A blank string
	 */
	public String getUsersPassword() throws LoginException {
		return "";
	}
	
	/** 
	 * This should return at least one Group with the name "Roles",
	 * which will contain all the roles the user is in.
	 *
	 * @return roleSets 	The list of all the user's roles, inside a 
	 * 						Group called "Roles"
	 * @throws LoginException
	 */
	public Group[] getRoleSets() throws LoginException {
        userRoles.addMember(new SimplePrincipal("AuthenticatedUsers"));
		Group[] roleSets = {userRoles};
	    return roleSets;
	}
}