[NAE-2127] Implement DelegatingContextFilter for Multi-Realm Support

application-engine/src/main/java/com/netgrif/application/engine/startup/runner/DefaultRealmRunner.java

@@ -21,12 +21,14 @@ public class DefaultRealmRunner implements ApplicationEngineStartupRunner {
 
     @Override
     public void run(ApplicationArguments args) throws Exception {
-        if (realmService.getDefaultRealm().isEmpty()) {
-            Realm createRequest = new com.netgrif.application.engine.adapter.spring.auth.domain.Realm("Default");
-            createRequest.setDescription("Default realm");
-            createRequest.setAdminRealm(true);
-            createRequest.setDefaultRealm(true);
-            realmService.createRealm(createRequest);
+        if (realmService.getDefaultRealm().isPresent()) {
+            return;
         }
+
+        Realm createRequest = new com.netgrif.application.engine.adapter.spring.auth.domain.Realm("Default");
+        createRequest.setDescription("Default realm");
+        createRequest.setAdminRealm(true);
+        createRequest.setDefaultRealm(true);
+        realmService.createRealm(createRequest);
     }
 }

nae-object-library/src/main/java/com/netgrif/application/engine/objects/auth/domain/Realm.java

@@ -2,6 +2,7 @@
 
 import com.netgrif.application.engine.objects.auth.provider.AuthMethodConfig;
 import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Positive;
 import lombok.Data;
 
 import java.io.Serial;
@@ -89,6 +90,19 @@ public abstract class Realm implements Serializable {
      */
     private Duration publicSessionTimeout = Duration.ofHours(2);
 
+    /**
+     * If true, the realm has enabled limit of maximum allowed sessions
+     * per user
+     */
+    private boolean enableLimitSessions = false;
+
+    /**
+     * Maximum allowed sessions per user. Attribute {@link #enableLimitSessions}
+     * must be enabled.
+     */
+    @Positive
+    private int maxSessionsAllowed = 1;
+
     /**
      * Constructs a new Realm instance with the specified name.
      *

nae-object-library/src/main/java/com/netgrif/application/engine/objects/auth/provider/AuthMethodConfig.java

@@ -17,6 +17,8 @@ public class AuthMethodConfig<T> implements Serializable {
     private boolean enabled;
     private T configuration;
     private String realmId;
+    /// lower number has bigger priority
+    private int order;
 
     public AuthMethodConfig() {
         if (this.id == null) {

nae-user-ce/src/main/java/com/netgrif/application/engine/auth/service/RealmServiceImpl.java

@@ -132,18 +132,15 @@ public Optional<Realm> getRealmByName(String name) {
     }
 
     @Override
-    public <C extends AbstractAuthConfig, T extends AuthMethod<C>> T addProvider(String realmId, AuthMethodConfig<C> config) {
+    public <C extends AbstractAuthConfig> Realm addProvider(String realmId, AuthMethodConfig<C> config) {
         AuthMethodProvider<C> provider = (AuthMethodProvider<C>) providerRegistry.getProvider(config.getType());
         if (provider == null) {
             throw new IllegalArgumentException("Provider type " + config.getType() + " not found");
         }
 
-        AuthMethod<C> authMethod = provider.createAuthMethod(config);
         Realm realm = getRealmById(realmId).orElseThrow(() -> new IllegalArgumentException("Realm with id " + realmId + " not found"));
         realm.addAuthMethod(config);
-        realmRepository.save((com.netgrif.application.engine.adapter.spring.auth.domain.Realm) realm);
-
-        return (T) authMethod;
+        return realmRepository.save((com.netgrif.application.engine.adapter.spring.auth.domain.Realm) realm);
     }
 
     @Override
@@ -173,6 +170,33 @@ public Realm updateRealm(String realmId, Realm update) {
         return realmRepository.save((com.netgrif.application.engine.adapter.spring.auth.domain.Realm) realm);
     }
 
+    @Override
+    public AuthMethodConfig<?> updateConfigInRealm(String realmId, AuthMethodConfig<?> config) {
+        if (config == null) {
+            throw new IllegalArgumentException("Authentication config not provided");
+        }
+
+        Realm realm = getRealmById(realmId).orElseThrow(() -> new IllegalArgumentException("Realm with id " + realmId + " not found"));
+        Optional<AuthMethodConfig<?>> configToUpdateOpt = realm.getAuthMethods().stream()
+                .filter(realmConfig -> realmConfig.getId().equals(config.getId()))
+                .findFirst();
+
+        if (configToUpdateOpt.isEmpty()) {
+            throw new IllegalArgumentException("Authentication config with id " + config.getId() + " not found in realm " + realmId);
+        }
+
+        AuthMethodConfig configToUpdate = configToUpdateOpt.get();
+        configToUpdate.setName(config.getName());
+        configToUpdate.setDescription(config.getDescription());
+        configToUpdate.setEnabled(config.isEnabled());
+        configToUpdate.setOrder(config.getOrder());
+        configToUpdate.setConfiguration(config.getConfiguration());
+
+        realmRepository.save((com.netgrif.application.engine.adapter.spring.auth.domain.Realm) realm);
+
+        return configToUpdate;
+    }
+
     @Override
     public void deleteRealm(String realmId) {
         if (!realmRepository.existsById(realmId)) {

nae-user-ce/src/main/java/com/netgrif/application/engine/auth/service/UserServiceImpl.java

@@ -141,9 +141,9 @@ public Optional<AbstractUser> findUserByUsername(String username, String realmId
         String collectionName = collectionNameProvider.getCollectionNameForRealm(realmId);
         Optional<AbstractUser> userOpt = userRepository.findByUsername(username, mongoTemplate, collectionName).map(user -> (AbstractUser) user);
         if (userOpt.isPresent()) {
-            log.debug("User [{}] found in realm [{}]", username, collectionName);
+            log.debug("User [{}] found in realm [{}]", username, realmId);
         } else {
-            log.warn("User [{}] not found in realm [{}]", username, collectionName);
+            log.warn("User [{}] not found in realm [{}]", username, realmId);
         }
         return userOpt;
     }

nae-user-common/src/main/java/com/netgrif/application/engine/auth/domain/NetgrifAuthenticationToken.java

@@ -1,17 +1,26 @@
 package com.netgrif.application.engine.auth.domain;
 
 
+import com.netgrif.application.engine.objects.auth.domain.Realm;
 import lombok.Getter;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 
 @Getter
 public class NetgrifAuthenticationToken extends UsernamePasswordAuthenticationToken {
 
-    private final String realmId;
+    private final String realmName;
+    private final Realm realm;
 
-    public NetgrifAuthenticationToken(Object principal, Object credentials, String realmId) {
+    public NetgrifAuthenticationToken(Object principal, Object credentials, String realmName) {
         super(principal, credentials);
-        this.realmId = realmId;
+        this.realmName = realmName;
+        this.realm = null;
+    }
+
+    public NetgrifAuthenticationToken(Object principal, Object credentials, Realm realm) {
+        super(principal, credentials);
+        this.realm = realm;
+        this.realmName = realm != null ? realm.getName() : null;
     }
 
 }

nae-user-common/src/main/java/com/netgrif/application/engine/auth/provider/AuthMethodConfigDeserializer.java

@@ -54,6 +54,16 @@ public AuthMethodConfig<?> deserialize(JsonParser jp, DeserializationContext ctx
             config.setEnabled(enabledNode.asBoolean());
         }
 
+        JsonNode descNode = node.get("description");
+        if (descNode != null) {
+            config.setDescription(descNode.asText());
+        }
+
+        JsonNode orderNode = node.get("order");
+        if (orderNode != null) {
+            config.setOrder(orderNode.asInt());
+        }
+
         config.setType(type);
         config.setRealmId(realmID);
 

nae-user-common/src/main/java/com/netgrif/application/engine/auth/provider/AuthMethodProvider.java

@@ -1,14 +1,11 @@
 package com.netgrif.application.engine.auth.provider;
 
 import com.netgrif.application.engine.objects.auth.provider.AuthMethod;
-import com.netgrif.application.engine.objects.auth.provider.AuthMethodConfig;
 
 public interface AuthMethodProvider<T extends AbstractAuthConfig> {
 
     String getProviderType();
 
-    AuthMethod<T> createAuthMethod(AuthMethodConfig<?> authMethodConfig);
-
     Class<T> getConfigClass();
 
     Class<? extends AuthMethod<T>> getAuthMethodClass();

nae-user-common/src/main/java/com/netgrif/application/engine/auth/provider/ProviderRegistry.java

@@ -4,19 +4,26 @@
 import org.springframework.stereotype.Component;
 
 import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
 
 @Slf4j
 @Component
 public class ProviderRegistry {
 
-    protected final Map<String, Class<? extends AbstractAuthConfig>> configClasses = new HashMap<>();
+    protected final Map<String, Class<? extends AbstractAuthConfig>> configClasses = new ConcurrentHashMap<>();
 
-    protected final Map<String, AuthMethodProvider<?>> providers = new HashMap<>();
+    protected final Map<String, AuthMethodProvider<?>> providers = new ConcurrentHashMap<>();
 
+    /**
+     * Registers provider into this bean
+     *
+     * @param type type of the provider. It's used as a key in the map registry
+     * @param provider provider instance to register. It's used as a value in the map registry
+     * */
     public void registerProvider(String type, AuthMethodProvider<?> provider) {
         providers.put(type.toLowerCase(), provider);
         configClasses.put(type.toLowerCase(), provider.getConfigClass());
-        log.info("Registered provider for type: " + type);
+        log.info("Registered provider for type: {}", type);
     }
 
     public Class<? extends AbstractAuthConfig> getConfigClass(String type) {

nae-user-common/src/main/java/com/netgrif/application/engine/auth/realm/RealmDto.java

@@ -6,5 +6,7 @@ public record RealmDto(String name,
                        Boolean adminRealm,
                        Boolean enableBlocking,
                        Integer maxFailedAttempts,
-                       Integer blockDurationMinutes) {
+                       Integer blockDurationMinutes,
+                       Boolean enableLimitSessions,
+                       Integer maxSessionsAllowed) {
 }

nae-user-common/src/main/java/com/netgrif/application/engine/auth/realm/request/RealmSearch.java

@@ -7,5 +7,7 @@ public record RealmSearch(String id,
                           Boolean adminRealm,
                           Boolean enableBlocking,
                           Integer maxFailedAttempts,
-                          Integer blockDurationMinutes) {
+                          Integer blockDurationMinutes,
+                          Boolean enableLimitSessions,
+                          Integer maxSessionsAllowed) {
 }

nae-user-common/src/main/java/com/netgrif/application/engine/auth/service/RealmService.java

@@ -32,11 +32,13 @@ public interface RealmService {
 
     Optional<Realm> getRealmByName(String name);
 
-    <C extends AbstractAuthConfig, T extends AuthMethod<C>> T addProvider(String realmId, AuthMethodConfig<C> config);
+    <C extends AbstractAuthConfig> Realm addProvider(String realmId, AuthMethodConfig<C> config);
 
     void removeProvider(String realmId, String providerId);
 
     Realm updateRealm(String realmId, Realm update);
 
+    AuthMethodConfig<?> updateConfigInRealm(String realmId, AuthMethodConfig<?> config);
+
     void deleteRealm(String realmId);
 }