honeymoose
/
hapi-fhir
mirror of https://github.com/hapifhir/hapi-fhir.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

More work on auth module

This commit is contained in:
jamesagnew 2016-04-02 08:59:01 -04:00
parent bb96ae4e25
commit 6d0dcc0213
25 changed files with 690 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/gclient/IUpdateTyped.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.gclient;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
import org.hl7.fhir.instance.model.api.IIdType;
public interface IUpdateTyped extends IUpdateExecutable {

20
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/method/IRequestOperationCallback.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.method;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
import java.util.Collection;
import org.hl7.fhir.instance.model.api.IBaseResource;

20
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/IServerOperationInterceptor.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.server.interceptor;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
import org.hl7.fhir.instance.model.api.IBaseResource;
import ca.uhn.fhir.rest.method.RequestDetails;

20
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/AppliesTypeEnum.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
enum AppliesTypeEnum {
ALL_RESOURCES, TYPES

24
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptor.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
import static org.apache.commons.lang3.StringUtils.defaultString;
import java.util.ArrayList;
@ -69,7 +89,7 @@ public class AuthorizationInterceptor extends InterceptorAdapter implements ISer
IAuthRule decidingRule = null;
for (IAuthRule nextRule : theRules) {
RuleModeEnum decision = nextRule.applyRule(theOperation, theRequestDetails, theInputResource, theOutputResource);
RuleVerdictEnum decision = nextRule.applyRule(theOperation, theRequestDetails, theInputResource, theOutputResource);
switch (decision) {
case NO_DECISION:
@ -127,7 +147,7 @@ public class AuthorizationInterceptor extends InterceptorAdapter implements ISer
case EXTENDED_OPERATION_TYPE:
case METADATA:
// Security does not apply to these operations
return OperationExamineDirection.NONE;
return OperationExamineDirection.IN;
case DELETE:
// Delete is a special case

20
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/ClassifierTypeEnum.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
enum ClassifierTypeEnum {
IN_COMPARTMENT, ANY_ID

24
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/IAuthRule.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
import org.hl7.fhir.instance.model.api.IBaseResource;
import ca.uhn.fhir.rest.api.RestOperationTypeEnum;
@ -18,9 +38,9 @@ public interface IAuthRule {
* The resource being input by the client, or <code>null</code>
* @param theOutputResource
* The resource being returned by the server, or <code>null</code>
* @return Returns a policy decision, or <code>null</code> if the rule does not apply
* @return Returns a policy decision, or {@link RuleVerdictEnum#NO_DECISION} if the rule does not apply
*/
RuleModeEnum applyRule(RestOperationTypeEnum theOperation, RequestDetails theRequestDetails, IBaseResource theInputResource, IBaseResource theOutputResource);
RuleVerdictEnum applyRule(RestOperationTypeEnum theOperation, RequestDetails theRequestDetails, IBaseResource theInputResource, IBaseResource theOutputResource);
/**
* Returns a name for this rule, to be used in logs and error messages

20
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/IAuthRuleBuilder.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
/**
* Used by {@link AuthorizationInterceptor} in order to allow user code to define authorization
* rules.

41
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/IAuthRuleBuilderRule.java
View File

@ -1,7 +1,36 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
public interface IAuthRuleBuilderRule {
/**
* This rules applies to the metadata operation (retrieve the
* server's conformance statement)
* <p>
* This call completes the rule and adds the rule to the chain.
* </p>
*/
IAuthRuleBuilderRuleOpClassifierFinished metadata();
/**
* This rule applies to any FHIR operation involving reading, including
* <code>read</code>, <code>vread</code>, <code>search</code>, and
@ -9,16 +38,16 @@ public interface IAuthRuleBuilderRule {
*/
IAuthRuleBuilderRuleOp read();
/**
* This rule applies to any FHIR operation involving writing, including
* <code>create</code>, and <code>update</code>
*/
IAuthRuleBuilderRuleOp write();
/**
* This rule applies to the FHIR transaction operation. Transaction is a special
* case in that it bundles other operations
*/
IAuthRuleBuilderRuleTransaction transaction();
/**
* This rule applies to any FHIR operation involving writing, including
* <code>create</code>, and <code>update</code>
*/
IAuthRuleBuilderRuleOp write();
}

20
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/IAuthRuleBuilderRuleOp.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
import org.hl7.fhir.instance.model.api.IBaseResource;
public interface IAuthRuleBuilderRuleOp {

20
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/IAuthRuleBuilderRuleOpClassifier.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
import java.util.Collection;
import org.hl7.fhir.instance.model.api.IIdType;

20
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/IAuthRuleBuilderRuleOpClassifierFinished.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
public interface IAuthRuleBuilderRuleOpClassifierFinished {
/**

22
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/IAuthRuleBuilderRuleTransaction.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
public interface IAuthRuleBuilderRuleTransaction {
/**
@ -9,5 +29,5 @@ public interface IAuthRuleBuilderRuleTransaction {
* This call completes the rule and adds the rule to the chain.
* </p>
*/
IAuthRuleBuilderRuleOpClassifierFinished withAnyOperation();
IAuthRuleBuilderRuleTransactionOp withAnyOperation();
}

22
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/IAuthRuleBuilderRuleTransactionOp.java
View File

@ -1,5 +1,27 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
public interface IAuthRuleBuilderRuleTransactionOp {
IAuthRuleBuilderRuleOpClassifierFinished andApplyNormalRules();
}

20
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/PolicyEnum.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
public enum PolicyEnum {
ALLOW,

40
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/Rule.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
import java.util.Collection;
import java.util.Set;
@ -18,7 +38,7 @@ class Rule implements IAuthRule {
private String myClassifierCompartmentName;
private Collection<? extends IIdType> myClassifierCompartmentOwners;
private ClassifierTypeEnum myClassifierType;
private RuleModeEnum myMode;
private RuleVerdictEnum myMode;
private String myName;
private RuleOpEnum myOp;
private TransactionAppliesToEnum myTransactionAppliesToOp;
@ -28,7 +48,7 @@ class Rule implements IAuthRule {
}
@Override
public RuleModeEnum applyRule(RestOperationTypeEnum theOperation, RequestDetails theRequestDetails, IBaseResource theInputResource, IBaseResource theOutputResource) {
public RuleVerdictEnum applyRule(RestOperationTypeEnum theOperation, RequestDetails theRequestDetails, IBaseResource theInputResource, IBaseResource theOutputResource) {
FhirContext ctx = theRequestDetails.getServer().getFhirContext();
IBaseResource appliesTo;
@ -42,9 +62,15 @@ class Rule implements IAuthRule {
case TRANSACTION:
return myMode;
case ALLOW_ALL:
return RuleModeEnum.ALLOW;
return RuleVerdictEnum.ALLOW;
case DENY_ALL:
return RuleModeEnum.DENY;
return RuleVerdictEnum.DENY;
case METADATA:
if (theOperation == RestOperationTypeEnum.METADATA) {
return myMode;
} else {
return RuleVerdictEnum.NO_DECISION;
}
default:
// Should not happen
throw new IllegalStateException("Unable to apply security to event of type " + theOperation);
@ -55,7 +81,7 @@ class Rule implements IAuthRule {
break;
case TYPES:
if (myAppliesToTypes.contains(appliesTo.getClass()) == false) {
return RuleModeEnum.NO_DECISION;
return RuleVerdictEnum.NO_DECISION;
}
break;
default:
@ -75,7 +101,7 @@ class Rule implements IAuthRule {
}
}
if (!foundMatch) {
return RuleModeEnum.NO_DECISION;
return RuleVerdictEnum.NO_DECISION;
}
break;
default:
@ -114,7 +140,7 @@ class Rule implements IAuthRule {
myClassifierType = theClassifierType;
}
public void setMode(RuleModeEnum theRuleMode) {
public void setMode(RuleVerdictEnum theRuleMode) {
myMode = theRuleMode;
}

64
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
import java.util.Collection;
import java.util.Collections;
import java.util.List;
@ -11,7 +31,7 @@ import org.hl7.fhir.instance.model.api.IIdType;
class RuleBuilder implements IAuthRuleBuilder {
private RuleModeEnum myRuleMode;
private RuleVerdictEnum myRuleMode;
private String myRuleName;
@ -28,7 +48,7 @@ class RuleBuilder implements IAuthRuleBuilder {
@Override
public IAuthRuleBuilderRule allow(String theRuleName) {
myRuleMode = RuleModeEnum.ALLOW;
myRuleMode = RuleVerdictEnum.ALLOW;
myRuleName = theRuleName;
return new RuleBuilderRule();
}
@ -51,7 +71,7 @@ class RuleBuilder implements IAuthRuleBuilder {
@Override
public IAuthRuleBuilderRule deny(String theRuleName) {
myRuleMode = RuleModeEnum.DENY;
myRuleMode = RuleVerdictEnum.DENY;
myRuleName = theRuleName;
return new RuleBuilderRule();
}
@ -84,18 +104,27 @@ class RuleBuilder implements IAuthRuleBuilder {
private RuleOpEnum myRuleOp;
@Override
public RuleBuilderFinished metadata() {
Rule rule = new Rule(myRuleName);
rule.setOp(RuleOpEnum.METADATA);
rule.setMode(myRuleMode);
myRules.add(rule);
return new RuleBuilderFinished(myRules);
}
@Override
public IAuthRuleBuilderRuleOp read() {
myRuleOp = RuleOpEnum.READ;
return new RuleBuilderRuleOp();
}
@Override
public IAuthRuleBuilderRuleTransaction transaction() {
myRuleOp = RuleOpEnum.TRANSACTION;
return new RuleBuilderRuleTransaction();
}
@Override
public IAuthRuleBuilderRuleOp write() {
myRuleOp = RuleOpEnum.WRITE;
@ -179,17 +208,28 @@ class RuleBuilder implements IAuthRuleBuilder {
}
}
public class RuleBuilderRuleTransaction implements IAuthRuleBuilderRuleTransaction {
@Override
public IAuthRuleBuilderRuleOpClassifierFinished withAnyOperation() {
Rule rule = new Rule(myRuleName);
rule.setOp(myRuleOp);
rule.setTransactionAppliesToOp(TransactionAppliesToEnum.ANY_OPERATION);
myRules.add(rule);
return new RuleBuilderFinished(myRules);
public IAuthRuleBuilderRuleTransactionOp withAnyOperation() {
return new RuleBuilderRuleTransactionOp();
}
class RuleBuilderRuleTransactionOp implements IAuthRuleBuilderRuleTransactionOp {
@Override
public IAuthRuleBuilderRuleOpClassifierFinished andApplyNormalRules() {
Rule rule = new Rule(myRuleName);
rule.setOp(myRuleOp);
rule.setTransactionAppliesToOp(TransactionAppliesToEnum.ANY_OPERATION);
myRules.add(rule);
return new RuleBuilderFinished(myRules);
}
}
}
}

7
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/RuleModeEnum.java
View File

@ -1,7 +0,0 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
enum RuleModeEnum {
ALLOW,
DENY,
NO_DECISION
}

23
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/RuleOpEnum.java
View File

@ -1,9 +1,30 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
enum RuleOpEnum {
READ,
WRITE,
ALLOW_ALL,
DENY_ALL,
TRANSACTION
TRANSACTION,
METADATA
}

27
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/RuleVerdictEnum.java Normal file
View File

@ -0,0 +1,27 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
enum RuleVerdictEnum {
ALLOW,
DENY,
NO_DECISION
}

20
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/server/interceptor/auth/TransactionAppliesToEnum.java
View File

@ -1,5 +1,25 @@
package ca.uhn.fhir.rest.server.interceptor.auth;
/*
* #%L
* HAPI FHIR - Core Library
* %%
* Copyright (C) 2014 - 2016 University Health Network
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
enum TransactionAppliesToEnum {
ANY_OPERATION

34
hapi-fhir-structures-dstu2/src/test/java/ca/uhn/fhir/rest/client/GenericClientDstu2Test.java
View File

@ -46,12 +46,15 @@ import org.mockito.stubbing.Answer;
import ca.uhn.fhir.context.FhirContext;
import ca.uhn.fhir.model.api.Bundle;
import ca.uhn.fhir.model.api.ExtensionDt;
import ca.uhn.fhir.model.api.Include;
import ca.uhn.fhir.model.api.ResourceMetadataKeyEnum;
import ca.uhn.fhir.model.dstu2.composite.IdentifierDt;
import ca.uhn.fhir.model.dstu2.composite.MetaDt;
import ca.uhn.fhir.model.dstu2.resource.Bundle.Entry;
import ca.uhn.fhir.model.dstu2.resource.Bundle.Link;
import ca.uhn.fhir.model.dstu2.resource.Conformance.Rest;
import ca.uhn.fhir.model.dstu2.resource.Conformance.RestSecurity;
import ca.uhn.fhir.model.dstu2.resource.Conformance;
import ca.uhn.fhir.model.dstu2.resource.Observation;
import ca.uhn.fhir.model.dstu2.resource.OperationOutcome;
@ -165,6 +168,37 @@ public class GenericClientDstu2Test {
idx++;
}
/**
* See #322
*/
@Test
public void testFetchConformanceWithSmartExtensions() throws Exception {
final String respString = IOUtils.toString(GenericClientDstu2Test.class.getResourceAsStream("/conformance_322.json"));
ArgumentCaptor<HttpUriRequest> capt = ArgumentCaptor.forClass(HttpUriRequest.class);
when(myHttpClient.execute(capt.capture())).thenReturn(myHttpResponse);
when(myHttpResponse.getStatusLine()).thenReturn(new BasicStatusLine(new ProtocolVersion("HTTP", 1, 1), 200, "OK"));
when(myHttpResponse.getEntity().getContentType()).thenReturn(new BasicHeader("content-type", Constants.CT_FHIR_JSON + "; charset=UTF-8"));
when(myHttpResponse.getEntity().getContent()).thenAnswer(new Answer<ReaderInputStream>() {
@Override
public ReaderInputStream answer(InvocationOnMock theInvocation) throws Throwable {
return new ReaderInputStream(new StringReader(respString), Charset.forName("UTF-8"));
}
});
IGenericClient client = ourCtx.newRestfulGenericClient("http://localhost:8080/fhir");
Conformance conf = client.fetchConformance().ofType(Conformance.class).execute();
Rest rest = conf.getRest().get(0);
RestSecurity security = rest.getSecurity();
List<ExtensionDt> ext = security.getUndeclaredExtensionsByUrl("http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris");
List<ExtensionDt> tokenExts = ext.get(0).getUndeclaredExtensionsByUrl("token");
ExtensionDt tokenExt = tokenExts.get(0);
UriDt value = (UriDt) tokenExt.getValue();
assertEquals("https://my-server.org/token", value.getValueAsString());
}
@Test
public void testAcceptHeaderPreflightConformance() throws Exception {
String methodName = "testAcceptHeaderPreflightConformance";

68
hapi-fhir-structures-dstu2/src/test/java/ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptorDstu2Test.java
View File

@ -109,6 +109,74 @@ public class AuthorizationInterceptorDstu2Test {
return responseContent;
}
@Test
public void testMetadataAllow() throws Exception {
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
@Override
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
theRuleBuilder.allow("Rule 1").metadata();
}
});
HttpGet httpGet;
HttpResponse status;
String response;
ourReturn = Arrays.asList(createPatient(2));
ourHitMethod = false;
httpGet = new HttpGet("http://localhost:" + ourPort + "/metadata");
status = ourClient.execute(httpGet);
extractResponseAndClose(status);
assertEquals(200, status.getStatusLine().getStatusCode());
}
@Test
public void testTransactionWriteGood() throws Exception {
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
@Override
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
theRuleBuilder
.allow("Rule 1").transaction().withAnyOperation().andApplyNormalRules().andThen()
.allow("Rule 2").write().allResources().inCompartment("Patient", new IdDt("Patient/1")).andThen()
.allow("Rule 2").read().allResources().inCompartment("Patient", new IdDt("Patient/1")).andThen();
}
});
// HttpGet httpGet;
// HttpResponse status;
// String response;
//
// ourReturn = Arrays.asList(createPatient(2));
// ourHitMethod = false;
// httpGet = new HttpGet("http://localhost:" + ourPort + "/metadata");
// status = ourClient.execute(httpGet);
// extractResponseAndClose(status);
// assertEquals(200, status.getStatusLine().getStatusCode());
}
@Test
public void testMetadataDeny() throws Exception {
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.ALLOW) {
@Override
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
theRuleBuilder.deny("Rule 1").metadata();
}
});
HttpGet httpGet;
HttpResponse status;
String response;
ourReturn = Arrays.asList(createPatient(2));
ourHitMethod = false;
httpGet = new HttpGet("http://localhost:" + ourPort + "/metadata");
status = ourClient.execute(httpGet);
extractResponseAndClose(status);
assertEquals(401, status.getStatusLine().getStatusCode());
}
@Test
public void testReadByAnyId() throws Exception {
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {

110
hapi-fhir-structures-dstu2/src/test/resources/conformance_322.json Normal file
View File

@ -0,0 +1,110 @@
{
"resourceType":"Conformance",
"publisher":"Cloudyle",
"date":"2016-03-30T14:53:23+02:00",
"kind":"instance",
"software":{
"name":"HAPI FHIR Server",
"version":"1.4"
},
"fhirVersion":"1.0.2",
"acceptUnknown":"both",
"format":[
"application/xml+fhir",
"application/json+fhir"
],
"rest":[
{
"mode":"server",
"security":{
"extension":[
{
"url":"http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris",
"extension":[
{
"url":"token",
"valueuri":"https://my-server.org/token"
},
{
"url":"authorize",
"valueuri":"https://my-server.org/authorize"
}
]
}
],
"service":[
{
"coding":[
{
"system":"http://hl7.org/fhir/restful-security-service",
"code":"SMART-on-FHIR"
}
],
"text":"OAuth2 using SMART-on-FHIR profile (see http://docs.smarthealthit.org)"
}
]
},
"resource":[
{
"type":"Observation",
"profile":{
"reference":"http://hl7.org/fhir/profiles/Observation"
},
"interaction":[
{
"code":"search-type"
}
],
"searchParam":[
{
"name":"code",
"type":"token",
"documentation":"The code of the observation type"
},
{
"name":"subject",
"type":"string",
"documentation":"The subject that the observation is about"
}
]
},
{
"type":"OperationDefinition",
"profile":{
"reference":"http://hl7.org/fhir/profiles/OperationDefinition"
},
"interaction":[
{
"code":"read"
}
]
},
{
"type":"Patient",
"profile":{
"reference":"http://hl7.org/fhir/profiles/Patient"
},
"interaction":[
{
"code":"read"
}
]
},
{
"type":"StructureDefinition",
"profile":{
"reference":"http://hl7.org/fhir/profiles/StructureDefinition"
},
"interaction":[
{
"code":"read"
},
{
"code":"search-type"
}
]
}
]
}
]
}

5
hapi-fhir-structures-dstu3/src/test/java/ca/uhn/fhir/validation/FhirInstanceValidatorDstu3Test.java
View File

@ -23,19 +23,18 @@ import org.apache.commons.io.IOUtils;
import org.hl7.fhir.dstu3.hapi.validation.DefaultProfileValidationSupport;
import org.hl7.fhir.dstu3.hapi.validation.FhirInstanceValidator;
import org.hl7.fhir.dstu3.hapi.validation.IValidationSupport;
import org.hl7.fhir.dstu3.hapi.validation.ValidationSupportChain;
import org.hl7.fhir.dstu3.hapi.validation.IValidationSupport.CodeValidationResult;
import org.hl7.fhir.dstu3.hapi.validation.ValidationSupportChain;
import org.hl7.fhir.dstu3.model.CodeType;
import org.hl7.fhir.dstu3.model.Observation;
import org.hl7.fhir.dstu3.model.Observation.ObservationStatus;
import org.hl7.fhir.dstu3.model.Patient;
import org.hl7.fhir.dstu3.model.StringType;
import org.hl7.fhir.dstu3.model.ValueSet;
import org.hl7.fhir.dstu3.model.Observation.ObservationStatus;
import org.hl7.fhir.dstu3.model.ValueSet.ConceptDefinitionComponent;
import org.hl7.fhir.dstu3.model.ValueSet.ConceptSetComponent;
import org.hl7.fhir.dstu3.model.ValueSet.ValueSetExpansionComponent;
import org.hl7.fhir.instance.model.api.IBaseResource;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.Ignore;