Add additional authorization test

2025-03-09 14:33:32 +00:00 · 2018-11-07 11:01:29 +01:00 · 2018-11-07 11:01:29 +01:00 · 4b790eddb6
commit 4b790eddb6
parent 8796c1c5d2
3 changed files with 131 additions and 87 deletions
--- a/hapi-fhir-jpaserver-base/src/main/java/ca/uhn/fhir/jpa/search/reindex/ResourceReindexingSvcImpl.java
+++ b/hapi-fhir-jpaserver-base/src/main/java/ca/uhn/fhir/jpa/search/reindex/ResourceReindexingSvcImpl.java
@ -157,6 +157,9 @@ public class ResourceReindexingSvcImpl implements IResourceReindexingSvc {
 	@Transactional(Transactional.TxType.NEVER)
 	@Scheduled(fixedDelay = 10 * DateUtils.MILLIS_PER_SECOND)
 	public Integer runReindexingPass() {
 		if (myDaoConfig.isSchedulingDisabled()) {
 			return null;
 		}
 		if (myIndexingLock.tryLock()) {
 			try {
 				return doReindexingPassInsideLock();
--- a/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptor.java
+++ b/hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptor.java
@ -9,9 +9,9 @@ package ca.uhn.fhir.rest.server.interceptor.auth;
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
- * 
+ *
 * http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@ -87,7 +87,7 @@ public class AuthorizationInterceptor extends ServerOperationInterceptorAdapter
 			return;
 		}
-		handleDeny(decision);
+		handleDeny(theRequestDetails, decision);
 	}
 	@Override
@ -219,6 +219,19 @@ public class AuthorizationInterceptor extends ServerOperationInterceptorAdapter
 		return Collections.unmodifiableSet(myFlags);
 	}
 	/**
 	 * This property configures any flags affecting how authorization is
 	 * applied. By default no flags are applied.
 	 *
 	 * @param theFlags The flags (must not be null)
 	 * @see #setFlags(AuthorizationFlagsEnum...)
 	 */
 	public AuthorizationInterceptor setFlags(Collection<AuthorizationFlagsEnum> theFlags) {
 		Validate.notNull(theFlags, "theFlags must not be null");
 		myFlags = new HashSet<>(theFlags);
 		return this;
 	}
 	/**
 	 * This property configures any flags affecting how authorization is
 	 * applied. By default no flags are applied.
@ -238,6 +251,17 @@ public class AuthorizationInterceptor extends ServerOperationInterceptorAdapter
 	 * throw {@link ForbiddenOperationException} (HTTP 403) with error message citing the
 	 * rule name which trigered failure
 	 * </p>
 	 *
 	 * @since HAPI FHIR 3.6.0
 	 */
 	protected void handleDeny(RequestDetails theRequestDetails, Verdict decision) {
 		handleDeny(decision);
 	}
 	/**
 	 * This method should not be overridden. As of HAPI FHIR 3.6.0, you
 	 * should override {@link #handleDeny(RequestDetails, Verdict)} instead. This
 	 * method will be removed in the future.
 	 */
 	protected void handleDeny(Verdict decision) {
 		if (decision.getDecidingRule() != null) {
@ -350,51 +374,6 @@ public class AuthorizationInterceptor extends ServerOperationInterceptorAdapter
 		handleUserOperation(theRequest, theNewResource, RestOperationTypeEnum.UPDATE);
 	}
 	/**
 	 * This property configures any flags affecting how authorization is
 	 * applied. By default no flags are applied.
 	 *
 	 * @param theFlags The flags (must not be null)
 	 * @see #setFlags(AuthorizationFlagsEnum...)
 	 */
 	public AuthorizationInterceptor setFlags(Collection<AuthorizationFlagsEnum> theFlags) {
 		Validate.notNull(theFlags, "theFlags must not be null");
 		myFlags = new HashSet<>(theFlags);
 		return this;
 	}
 	private static UnsupportedOperationException failForDstu1() {
 		return new UnsupportedOperationException("Use of this interceptor on DSTU1 servers is not supportd");
 	}
 	static List<IBaseResource> toListOfResourcesAndExcludeContainer(IBaseResource theResponseObject, FhirContext fhirContext) {
 		if (theResponseObject == null) {
 			return Collections.emptyList();
 		}
 		List<IBaseResource> retVal;
 		boolean isContainer = false;
 		if (theResponseObject instanceof IBaseBundle) {
 			isContainer = true;
 		} else if (theResponseObject instanceof IBaseParameters) {
 			isContainer = true;
 		}
 		if (!isContainer) {
 			return Collections.singletonList(theResponseObject);
 		}
 		retVal = fhirContext.newTerser().getAllPopulatedChildElementsOfType(theResponseObject, IBaseResource.class);
 		// Exclude the container
 		if (retVal.size() > 0 && retVal.get(0) == theResponseObject) {
 			retVal = retVal.subList(1, retVal.size());
 		}
 		return retVal;
 	}
 	private enum OperationExamineDirection {
 		BOTH,
 		IN,
@ -432,4 +411,36 @@ public class AuthorizationInterceptor extends ServerOperationInterceptorAdapter
 	}
 	private static UnsupportedOperationException failForDstu1() {
 		return new UnsupportedOperationException("Use of this interceptor on DSTU1 servers is not supportd");
 	}
 	static List<IBaseResource> toListOfResourcesAndExcludeContainer(IBaseResource theResponseObject, FhirContext fhirContext) {
 		if (theResponseObject == null) {
 			return Collections.emptyList();
 		}
 		List<IBaseResource> retVal;
 		boolean isContainer = false;
 		if (theResponseObject instanceof IBaseBundle) {
 			isContainer = true;
 		} else if (theResponseObject instanceof IBaseParameters) {
 			isContainer = true;
 		}
 		if (!isContainer) {
 			return Collections.singletonList(theResponseObject);
 		}
 		retVal = fhirContext.newTerser().getAllPopulatedChildElementsOfType(theResponseObject, IBaseResource.class);
 		// Exclude the container
 		if (retVal.size() > 0 && retVal.get(0) == theResponseObject) {
 			retVal = retVal.subList(1, retVal.size());
 		}
 		return retVal;
 	}
 }
--- a/hapi-fhir-structures-dstu3/src/test/java/ca/uhn/fhir/rest/server/ServerExceptionDstu3Test.java
+++ b/hapi-fhir-structures-dstu3/src/test/java/ca/uhn/fhir/rest/server/ServerExceptionDstu3Test.java
@ -1,13 +1,14 @@
 package ca.uhn.fhir.rest.server;
-import static org.hamcrest.Matchers.containsString;
+import ca.uhn.fhir.context.FhirContext;
-import static org.junit.Assert.assertEquals;
+import ca.uhn.fhir.rest.annotation.Search;
-import static org.junit.Assert.assertThat;
+import ca.uhn.fhir.rest.server.exceptions.AuthenticationException;
-
+import ca.uhn.fhir.rest.server.exceptions.BaseServerResponseException;
-import java.nio.charset.StandardCharsets;
+import ca.uhn.fhir.rest.server.exceptions.InternalErrorException;
-import java.util.List;
+import ca.uhn.fhir.rest.server.exceptions.ResourceNotFoundException;
-import java.util.concurrent.TimeUnit;
+import ca.uhn.fhir.util.PortUtil;
-
+import ca.uhn.fhir.util.TestUtil;
 import com.google.common.base.Charsets;
 import org.apache.commons.io.IOUtils;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
@ -25,32 +26,32 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
-import ca.uhn.fhir.context.FhirContext;
+import java.nio.charset.StandardCharsets;
-import ca.uhn.fhir.rest.annotation.Search;
+import java.util.List;
-import ca.uhn.fhir.rest.server.exceptions.AuthenticationException;
+import java.util.concurrent.TimeUnit;
-import ca.uhn.fhir.rest.server.exceptions.BaseServerResponseException;
+
-import ca.uhn.fhir.rest.server.exceptions.ResourceNotFoundException;
+import static org.hamcrest.Matchers.containsString;
-import ca.uhn.fhir.util.PortUtil;
+import static org.junit.Assert.assertEquals;
-import ca.uhn.fhir.util.TestUtil;
+import static org.junit.Assert.assertThat;
 public class ServerExceptionDstu3Test {
 	private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(ServerExceptionDstu3Test.class);
 	public static BaseServerResponseException ourException;
 	private static CloseableHttpClient ourClient;
 	private static FhirContext ourCtx = FhirContext.forDstu3();
 	private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(ServerExceptionDstu3Test.class);
 	private static int ourPort;
 	private static Server ourServer;
 	public static BaseServerResponseException ourException;
 	@Test
 	public void testAddHeadersNotFound() throws Exception {
-		
+
 		OperationOutcome operationOutcome = new OperationOutcome();
 		operationOutcome.addIssue().setCode(IssueType.BUSINESSRULE);
-		
+
 		ourException = new ResourceNotFoundException("SOME MESSAGE");
 		ourException.addResponseHeader("X-Foo", "BAR BAR");
-		
+
 		HttpGet httpGet = new HttpGet("http://localhost:" + ourPort + "/Patient");
 		CloseableHttpResponse status = ourClient.execute(httpGet);
@ -58,7 +59,7 @@ public class ServerExceptionDstu3Test {
 			String responseContent = IOUtils.toString(status.getEntity().getContent(), StandardCharsets.UTF_8);
 			ourLog.info(status.getStatusLine().toString());
 			ourLog.info(responseContent);
-			
+
 			assertEquals(404, status.getStatusLine().getStatusCode());
 			assertEquals("BAR BAR", status.getFirstHeader("X-Foo").getValue());
 			assertThat(status.getFirstHeader("X-Powered-By").getValue(), containsString("HAPI FHIR"));
@ -68,21 +69,50 @@ public class ServerExceptionDstu3Test {
 	}
 	@Test
 	public void testResponseUsesCorrectEncoding() throws Exception {
 		OperationOutcome operationOutcome = new OperationOutcome();
 		operationOutcome
 			.addIssue()
 			.setCode(IssueType.PROCESSING)
 			.setSeverity(OperationOutcome.IssueSeverity.ERROR)
 			.setDiagnostics("El nombre está vacío");
 		ourException = new InternalErrorException("Error", operationOutcome);
 		HttpGet httpGet = new HttpGet("http://localhost:" + ourPort + "/Patient?_format=json");
 		CloseableHttpResponse status = ourClient.execute(httpGet);
 		try {
 			byte[] responseContentBytes = IOUtils.toByteArray(status.getEntity().getContent());
 			String responseContent = new String(responseContentBytes, Charsets.UTF_8);
 			ourLog.info(status.getStatusLine().toString());
 			ourLog.info(responseContent);
 			assertEquals(400, status.getStatusLine().getStatusCode());
 			assertEquals("BAR BAR", status.getFirstHeader("X-Foo").getValue());
 			assertThat(status.getFirstHeader("X-Powered-By").getValue(), containsString("HAPI FHIR"));
 		} finally {
 			IOUtils.closeQuietly(status.getEntity().getContent());
 		}
 	}
 	@Test
 	public void testAuthorize() throws Exception {
-		
+
 		OperationOutcome operationOutcome = new OperationOutcome();
 		operationOutcome.addIssue().setCode(IssueType.BUSINESSRULE);
-		
+
 		ourException = new AuthenticationException().addAuthenticateHeaderForRealm("REALM");
-		
+
 		HttpGet httpGet = new HttpGet("http://localhost:" + ourPort + "/Patient");
 		CloseableHttpResponse status = ourClient.execute(httpGet);
 		try {
 			String responseContent = IOUtils.toString(status.getEntity().getContent(), StandardCharsets.UTF_8);
 			ourLog.info(status.getStatusLine().toString());
 			ourLog.info(responseContent);
-			
+
 			assertEquals(401, status.getStatusLine().getStatusCode());
 			assertEquals("Basic realm=\"REALM\"", status.getFirstHeader("WWW-Authenticate").getValue());
 		} finally {
@ -91,6 +121,20 @@ public class ServerExceptionDstu3Test {
 	}
 	public static class DummyPatientResourceProvider implements IResourceProvider {
 		@Override
 		public Class<? extends IBaseResource> getResourceType() {
 			return Patient.class;
 		}
 		@Search()
 		public List<Patient> search() {
 			throw ourException;
 		}
 	}
 	@AfterClass
 	public static void afterClassClearContext() throws Exception {
 		ourServer.stop();
@ -121,18 +165,4 @@ public class ServerExceptionDstu3Test {
 	}
 	public static class DummyPatientResourceProvider implements IResourceProvider {
 		@Override
 		public Class<? extends IBaseResource> getResourceType() {
 			return Patient.class;
 		}
 		@Search()
 		public List<Patient> search() {
 			throw ourException;
 		}
 	}
 }