Work on auth interceptor
This commit is contained in:
parent
a6b6f5467b
commit
891dddff1e
|
@ -117,23 +117,22 @@ public class AuthorizationInterceptor extends InterceptorAdapter implements ISer
|
||||||
return new Verdict(result, decidingRule);
|
return new Verdict(result, decidingRule);
|
||||||
}
|
}
|
||||||
|
|
||||||
private List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
|
||||||
ArrayList<IAuthRule> retVal = new ArrayList<IAuthRule>();
|
|
||||||
buildRuleList(theRequestDetails, new RuleBuilder(retVal));
|
|
||||||
return retVal;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Subclasses should override this method to supply the set of rules to be applied to
|
* Subclasses should override this method to supply the set of rules to be applied to
|
||||||
* this individual request.
|
* this individual request.
|
||||||
|
* <p>
|
||||||
|
* Typically this is done by examining <code>theRequestDetails</code> to find
|
||||||
|
* out who the current user is and then using a {@link RuleBuilder} to create
|
||||||
|
* an appropriate rule chain.
|
||||||
|
* </p>
|
||||||
*
|
*
|
||||||
* @param theRequestDetails The individual request currently being applied
|
* @param theRequestDetails The individual request currently being applied
|
||||||
* @param theRuleBuilder The builder used to create the rules
|
|
||||||
*/
|
*/
|
||||||
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
|
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||||
// nothing by default
|
return new ArrayList<IAuthRule>();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
private OperationExamineDirection determineOperationDirection(RestOperationTypeEnum theOperation) {
|
private OperationExamineDirection determineOperationDirection(RestOperationTypeEnum theOperation) {
|
||||||
switch (theOperation) {
|
switch (theOperation) {
|
||||||
case ADD_TAGS:
|
case ADD_TAGS:
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
package ca.uhn.fhir.rest.server.interceptor.auth;
|
package ca.uhn.fhir.rest.server.interceptor.auth;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* #%L
|
* #%L
|
||||||
* HAPI FHIR - Core Library
|
* HAPI FHIR - Core Library
|
||||||
|
@ -33,11 +35,6 @@ public interface IAuthRuleBuilder {
|
||||||
*/
|
*/
|
||||||
IAuthRuleBuilderRule allow();
|
IAuthRuleBuilderRule allow();
|
||||||
|
|
||||||
/**
|
|
||||||
* Start a new rule to deny a given operation
|
|
||||||
*/
|
|
||||||
IAuthRuleBuilderRule deny();
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Start a new rule to allow a given operation
|
* Start a new rule to allow a given operation
|
||||||
*
|
*
|
||||||
|
@ -48,16 +45,6 @@ public interface IAuthRuleBuilder {
|
||||||
*/
|
*/
|
||||||
IAuthRuleBuilderRule allow(String theRuleName);
|
IAuthRuleBuilderRule allow(String theRuleName);
|
||||||
|
|
||||||
/**
|
|
||||||
* Start a new rule to deny a given operation
|
|
||||||
*
|
|
||||||
* @param theRuleName
|
|
||||||
* The name of this rule. The rule name is used for logging and error messages,
|
|
||||||
* and could be shown to the client, but has no semantic meaning within
|
|
||||||
* HAPI FHIR.
|
|
||||||
*/
|
|
||||||
IAuthRuleBuilderRule deny(String theRuleName);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This rule allows any invocation to proceed. It is intended to be
|
* This rule allows any invocation to proceed. It is intended to be
|
||||||
* used at the end of a chain that contains {@link #deny()} rules in
|
* used at the end of a chain that contains {@link #deny()} rules in
|
||||||
|
@ -82,6 +69,26 @@ public interface IAuthRuleBuilder {
|
||||||
*/
|
*/
|
||||||
IAuthRuleBuilderRuleOpClassifierFinished allowAll(String theRuleName);
|
IAuthRuleBuilderRuleOpClassifierFinished allowAll(String theRuleName);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Build the rule list
|
||||||
|
*/
|
||||||
|
List<IAuthRule> build();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Start a new rule to deny a given operation
|
||||||
|
*/
|
||||||
|
IAuthRuleBuilderRule deny();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Start a new rule to deny a given operation
|
||||||
|
*
|
||||||
|
* @param theRuleName
|
||||||
|
* The name of this rule. The rule name is used for logging and error messages,
|
||||||
|
* and could be shown to the client, but has no semantic meaning within
|
||||||
|
* HAPI FHIR.
|
||||||
|
*/
|
||||||
|
IAuthRuleBuilderRule deny(String theRuleName);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This rule allows any invocation to proceed. It is intended to be
|
* This rule allows any invocation to proceed. It is intended to be
|
||||||
* used at the end of a chain that contains {@link #allow()} rules in
|
* used at the end of a chain that contains {@link #allow()} rules in
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
package ca.uhn.fhir.rest.server.interceptor.auth;
|
package ca.uhn.fhir.rest.server.interceptor.auth;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* #%L
|
* #%L
|
||||||
* HAPI FHIR - Core Library
|
* HAPI FHIR - Core Library
|
||||||
|
@ -21,10 +23,14 @@ package ca.uhn.fhir.rest.server.interceptor.auth;
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public interface IAuthRuleBuilderRuleOpClassifierFinished {
|
public interface IAuthRuleBuilderRuleOpClassifierFinished {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Start another rule
|
* Start another rule
|
||||||
*/
|
*/
|
||||||
IAuthRuleBuilder andThen();
|
IAuthRuleBuilder andThen();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Build the rule list
|
||||||
|
*/
|
||||||
|
List<IAuthRule> build();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
package ca.uhn.fhir.rest.server.interceptor.auth;
|
package ca.uhn.fhir.rest.server.interceptor.auth;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* #%L
|
* #%L
|
||||||
* HAPI FHIR - Core Library
|
* HAPI FHIR - Core Library
|
||||||
|
@ -29,16 +31,12 @@ import org.apache.commons.lang3.Validate;
|
||||||
import org.hl7.fhir.instance.model.api.IBaseResource;
|
import org.hl7.fhir.instance.model.api.IBaseResource;
|
||||||
import org.hl7.fhir.instance.model.api.IIdType;
|
import org.hl7.fhir.instance.model.api.IIdType;
|
||||||
|
|
||||||
class RuleBuilder implements IAuthRuleBuilder {
|
public class RuleBuilder implements IAuthRuleBuilder {
|
||||||
|
|
||||||
private RuleVerdictEnum myRuleMode;
|
private ArrayList<IAuthRule> myRules;
|
||||||
|
|
||||||
private String myRuleName;
|
public RuleBuilder() {
|
||||||
|
myRules = new ArrayList<IAuthRule>();
|
||||||
private List<IAuthRule> myRules;
|
|
||||||
|
|
||||||
public RuleBuilder(List<IAuthRule> theRules) {
|
|
||||||
myRules = theRules;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -48,9 +46,7 @@ class RuleBuilder implements IAuthRuleBuilder {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public IAuthRuleBuilderRule allow(String theRuleName) {
|
public IAuthRuleBuilderRule allow(String theRuleName) {
|
||||||
myRuleMode = RuleVerdictEnum.ALLOW;
|
return new RuleBuilderRule(RuleVerdictEnum.ALLOW, theRuleName);
|
||||||
myRuleName = theRuleName;
|
|
||||||
return new RuleBuilderRule();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -61,7 +57,12 @@ class RuleBuilder implements IAuthRuleBuilder {
|
||||||
@Override
|
@Override
|
||||||
public IAuthRuleBuilderRuleOpClassifierFinished allowAll(String theRuleName) {
|
public IAuthRuleBuilderRuleOpClassifierFinished allowAll(String theRuleName) {
|
||||||
myRules.add(new Rule(theRuleName).setOp(RuleOpEnum.ALLOW_ALL));
|
myRules.add(new Rule(theRuleName).setOp(RuleOpEnum.ALLOW_ALL));
|
||||||
return new RuleBuilderFinished(myRules);
|
return new RuleBuilderFinished();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<IAuthRule> build() {
|
||||||
|
return myRules;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -71,9 +72,7 @@ class RuleBuilder implements IAuthRuleBuilder {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public IAuthRuleBuilderRule deny(String theRuleName) {
|
public IAuthRuleBuilderRule deny(String theRuleName) {
|
||||||
myRuleMode = RuleVerdictEnum.DENY;
|
return new RuleBuilderRule(RuleVerdictEnum.DENY, theRuleName);
|
||||||
myRuleName = theRuleName;
|
|
||||||
return new RuleBuilderRule();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -84,25 +83,32 @@ class RuleBuilder implements IAuthRuleBuilder {
|
||||||
@Override
|
@Override
|
||||||
public IAuthRuleBuilderRuleOpClassifierFinished denyAll(String theRuleName) {
|
public IAuthRuleBuilderRuleOpClassifierFinished denyAll(String theRuleName) {
|
||||||
myRules.add(new Rule(theRuleName).setOp(RuleOpEnum.DENY_ALL));
|
myRules.add(new Rule(theRuleName).setOp(RuleOpEnum.DENY_ALL));
|
||||||
return new RuleBuilderFinished(myRules);
|
return new RuleBuilderFinished();
|
||||||
}
|
}
|
||||||
|
|
||||||
private static final class RuleBuilderFinished implements IAuthRuleBuilderRuleOpClassifierFinished {
|
private final class RuleBuilderFinished implements IAuthRuleBuilderRuleOpClassifierFinished {
|
||||||
private List<IAuthRule> myRules;
|
|
||||||
|
|
||||||
public RuleBuilderFinished(List<IAuthRule> theRules) {
|
|
||||||
myRules = theRules;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public IAuthRuleBuilder andThen() {
|
public IAuthRuleBuilder andThen() {
|
||||||
return new RuleBuilder(myRules);
|
return RuleBuilder.this;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<IAuthRule> build() {
|
||||||
|
return myRules;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class RuleBuilderRule implements IAuthRuleBuilderRule {
|
private class RuleBuilderRule implements IAuthRuleBuilderRule {
|
||||||
|
|
||||||
private RuleOpEnum myRuleOp;
|
private RuleOpEnum myRuleOp;
|
||||||
|
private RuleVerdictEnum myRuleMode;
|
||||||
|
private String myRuleName;
|
||||||
|
|
||||||
|
public RuleBuilderRule(RuleVerdictEnum theRuleMode, String theRuleName) {
|
||||||
|
myRuleMode = theRuleMode;
|
||||||
|
myRuleName = theRuleName;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public RuleBuilderFinished metadata() {
|
public RuleBuilderFinished metadata() {
|
||||||
|
@ -110,7 +116,7 @@ class RuleBuilder implements IAuthRuleBuilder {
|
||||||
rule.setOp(RuleOpEnum.METADATA);
|
rule.setOp(RuleOpEnum.METADATA);
|
||||||
rule.setMode(myRuleMode);
|
rule.setMode(myRuleMode);
|
||||||
myRules.add(rule);
|
myRules.add(rule);
|
||||||
return new RuleBuilderFinished(myRules);
|
return new RuleBuilderFinished();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -131,7 +137,7 @@ class RuleBuilder implements IAuthRuleBuilder {
|
||||||
return new RuleBuilderRuleOp();
|
return new RuleBuilderRuleOp();
|
||||||
}
|
}
|
||||||
|
|
||||||
public class RuleBuilderRuleOp implements IAuthRuleBuilderRuleOp {
|
private class RuleBuilderRuleOp implements IAuthRuleBuilderRuleOp {
|
||||||
|
|
||||||
private AppliesTypeEnum myAppliesTo;
|
private AppliesTypeEnum myAppliesTo;
|
||||||
private Set<?> myAppliesToTypes;
|
private Set<?> myAppliesToTypes;
|
||||||
|
@ -150,7 +156,7 @@ class RuleBuilder implements IAuthRuleBuilder {
|
||||||
return new RuleBuilderRuleOpClassifier();
|
return new RuleBuilderRuleOpClassifier();
|
||||||
}
|
}
|
||||||
|
|
||||||
public class RuleBuilderRuleOpClassifier implements IAuthRuleBuilderRuleOpClassifier {
|
private class RuleBuilderRuleOpClassifier implements IAuthRuleBuilderRuleOpClassifier {
|
||||||
|
|
||||||
private ClassifierTypeEnum myClassifierType;
|
private ClassifierTypeEnum myClassifierType;
|
||||||
private String myInCompartmentName;
|
private String myInCompartmentName;
|
||||||
|
@ -168,7 +174,7 @@ class RuleBuilder implements IAuthRuleBuilder {
|
||||||
rule.setClassifierCompartmentOwners(myInCompartmentOwners);
|
rule.setClassifierCompartmentOwners(myInCompartmentOwners);
|
||||||
myRules.add(rule);
|
myRules.add(rule);
|
||||||
|
|
||||||
return new RuleBuilderFinished(myRules);
|
return new RuleBuilderFinished();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -209,23 +215,22 @@ class RuleBuilder implements IAuthRuleBuilder {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public class RuleBuilderRuleTransaction implements IAuthRuleBuilderRuleTransaction {
|
private class RuleBuilderRuleTransaction implements IAuthRuleBuilderRuleTransaction {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public IAuthRuleBuilderRuleTransactionOp withAnyOperation() {
|
public IAuthRuleBuilderRuleTransactionOp withAnyOperation() {
|
||||||
return new RuleBuilderRuleTransactionOp();
|
return new RuleBuilderRuleTransactionOp();
|
||||||
}
|
}
|
||||||
|
private class RuleBuilderRuleTransactionOp implements IAuthRuleBuilderRuleTransactionOp {
|
||||||
|
|
||||||
class RuleBuilderRuleTransactionOp implements IAuthRuleBuilderRuleTransactionOp {
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public IAuthRuleBuilderRuleOpClassifierFinished andApplyNormalRules() {
|
public IAuthRuleBuilderRuleOpClassifierFinished andApplyNormalRules() {
|
||||||
Rule rule = new Rule(myRuleName);
|
Rule rule = new Rule(myRuleName);
|
||||||
|
rule.setMode(myRuleMode);
|
||||||
rule.setOp(myRuleOp);
|
rule.setOp(myRuleOp);
|
||||||
rule.setTransactionAppliesToOp(TransactionAppliesToEnum.ANY_OPERATION);
|
rule.setTransactionAppliesToOp(TransactionAppliesToEnum.ANY_OPERATION);
|
||||||
myRules.add(rule);
|
myRules.add(rule);
|
||||||
return new RuleBuilderFinished(myRules);
|
return new RuleBuilderFinished();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
package ca.uhn.fhir.rest.server.interceptor.auth;
|
package ca.uhn.fhir.rest.server.interceptor.auth;
|
||||||
|
|
||||||
import static org.hamcrest.Matchers.containsString;
|
import static org.hamcrest.Matchers.containsString;
|
||||||
import static org.junit.Assert.*;
|
import static org.junit.Assert.assertEquals;
|
||||||
|
import static org.junit.Assert.assertFalse;
|
||||||
|
import static org.junit.Assert.assertThat;
|
||||||
|
import static org.junit.Assert.assertTrue;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
@ -34,8 +37,10 @@ import org.junit.Test;
|
||||||
import ca.uhn.fhir.context.FhirContext;
|
import ca.uhn.fhir.context.FhirContext;
|
||||||
import ca.uhn.fhir.model.api.IResource;
|
import ca.uhn.fhir.model.api.IResource;
|
||||||
import ca.uhn.fhir.model.dstu2.composite.ResourceReferenceDt;
|
import ca.uhn.fhir.model.dstu2.composite.ResourceReferenceDt;
|
||||||
|
import ca.uhn.fhir.model.dstu2.resource.Bundle;
|
||||||
import ca.uhn.fhir.model.dstu2.resource.Observation;
|
import ca.uhn.fhir.model.dstu2.resource.Observation;
|
||||||
import ca.uhn.fhir.model.dstu2.resource.Patient;
|
import ca.uhn.fhir.model.dstu2.resource.Patient;
|
||||||
|
import ca.uhn.fhir.model.dstu2.valueset.BundleTypeEnum;
|
||||||
import ca.uhn.fhir.model.primitive.IdDt;
|
import ca.uhn.fhir.model.primitive.IdDt;
|
||||||
import ca.uhn.fhir.rest.annotation.Create;
|
import ca.uhn.fhir.rest.annotation.Create;
|
||||||
import ca.uhn.fhir.rest.annotation.Delete;
|
import ca.uhn.fhir.rest.annotation.Delete;
|
||||||
|
@ -43,6 +48,8 @@ import ca.uhn.fhir.rest.annotation.IdParam;
|
||||||
import ca.uhn.fhir.rest.annotation.Read;
|
import ca.uhn.fhir.rest.annotation.Read;
|
||||||
import ca.uhn.fhir.rest.annotation.ResourceParam;
|
import ca.uhn.fhir.rest.annotation.ResourceParam;
|
||||||
import ca.uhn.fhir.rest.annotation.Search;
|
import ca.uhn.fhir.rest.annotation.Search;
|
||||||
|
import ca.uhn.fhir.rest.annotation.Transaction;
|
||||||
|
import ca.uhn.fhir.rest.annotation.TransactionParam;
|
||||||
import ca.uhn.fhir.rest.annotation.Update;
|
import ca.uhn.fhir.rest.annotation.Update;
|
||||||
import ca.uhn.fhir.rest.api.MethodOutcome;
|
import ca.uhn.fhir.rest.api.MethodOutcome;
|
||||||
import ca.uhn.fhir.rest.method.IRequestOperationCallback;
|
import ca.uhn.fhir.rest.method.IRequestOperationCallback;
|
||||||
|
@ -61,7 +68,7 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
private static boolean ourHitMethod;
|
private static boolean ourHitMethod;
|
||||||
private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(AuthorizationInterceptorDstu2Test.class);
|
private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(AuthorizationInterceptorDstu2Test.class);
|
||||||
private static int ourPort;
|
private static int ourPort;
|
||||||
private static List<IBaseResource> ourReturn;
|
private static List<IResource> ourReturn;
|
||||||
private static Server ourServer;
|
private static Server ourServer;
|
||||||
private static RestfulServer ourServlet;
|
private static RestfulServer ourServlet;
|
||||||
|
|
||||||
|
@ -80,7 +87,7 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
return new StringEntity(out, ContentType.create(Constants.CT_FHIR_JSON, "UTF-8"));
|
return new StringEntity(out, ContentType.create(Constants.CT_FHIR_JSON, "UTF-8"));
|
||||||
}
|
}
|
||||||
|
|
||||||
private IBaseResource createObservation(Integer theId, String theSubjectId) {
|
private IResource createObservation(Integer theId, String theSubjectId) {
|
||||||
Observation retVal = new Observation();
|
Observation retVal = new Observation();
|
||||||
if (theId != null) {
|
if (theId != null) {
|
||||||
retVal.setId(new IdDt("Observation", (long) theId));
|
retVal.setId(new IdDt("Observation", (long) theId));
|
||||||
|
@ -90,7 +97,7 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
return retVal;
|
return retVal;
|
||||||
}
|
}
|
||||||
|
|
||||||
private IBaseResource createPatient(Integer theId) {
|
private IResource createPatient(Integer theId) {
|
||||||
Patient retVal = new Patient();
|
Patient retVal = new Patient();
|
||||||
if (theId != null) {
|
if (theId != null) {
|
||||||
retVal.setId(new IdDt("Patient", (long) theId));
|
retVal.setId(new IdDt("Patient", (long) theId));
|
||||||
|
@ -113,8 +120,12 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
public void testMetadataAllow() throws Exception {
|
public void testMetadataAllow() throws Exception {
|
||||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
||||||
@Override
|
@Override
|
||||||
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
|
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||||
theRuleBuilder.allow("Rule 1").metadata();
|
//@formatter:off
|
||||||
|
return new RuleBuilder()
|
||||||
|
.allow("Rule 1").metadata()
|
||||||
|
.build();
|
||||||
|
//@formatter:on
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -134,34 +145,48 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
public void testTransactionWriteGood() throws Exception {
|
public void testTransactionWriteGood() throws Exception {
|
||||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
||||||
@Override
|
@Override
|
||||||
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
|
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||||
theRuleBuilder
|
//@formatter:off
|
||||||
|
return new RuleBuilder()
|
||||||
.allow("Rule 1").transaction().withAnyOperation().andApplyNormalRules().andThen()
|
.allow("Rule 1").transaction().withAnyOperation().andApplyNormalRules().andThen()
|
||||||
.allow("Rule 2").write().allResources().inCompartment("Patient", new IdDt("Patient/1")).andThen()
|
.allow("Rule 2").write().allResources().inCompartment("Patient", new IdDt("Patient/1")).andThen()
|
||||||
.allow("Rule 2").read().allResources().inCompartment("Patient", new IdDt("Patient/1")).andThen();
|
.allow("Rule 2").read().allResources().inCompartment("Patient", new IdDt("Patient/1")).andThen()
|
||||||
|
.build();
|
||||||
|
//@formatter:on
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
Bundle input = new Bundle();
|
||||||
|
input.setType(BundleTypeEnum.TRANSACTION);
|
||||||
|
input.addEntry().setResource(createPatient(1)).getRequest().setUrl("/Patient");
|
||||||
|
|
||||||
|
Bundle output = new Bundle();
|
||||||
|
output.setType(BundleTypeEnum.TRANSACTION_RESPONSE);
|
||||||
|
output.addEntry().getResponse().setLocation("/Patient/1");
|
||||||
|
|
||||||
// HttpGet httpGet;
|
HttpPost httpPost;
|
||||||
// HttpResponse status;
|
HttpResponse status;
|
||||||
// String response;
|
String response;
|
||||||
//
|
|
||||||
// ourReturn = Arrays.asList(createPatient(2));
|
ourReturn = Arrays.asList((IResource)output);
|
||||||
// ourHitMethod = false;
|
ourHitMethod = false;
|
||||||
// httpGet = new HttpGet("http://localhost:" + ourPort + "/metadata");
|
httpPost = new HttpPost("http://localhost:" + ourPort + "/");
|
||||||
// status = ourClient.execute(httpGet);
|
httpPost.setEntity(createFhirResourceEntity(input));
|
||||||
// extractResponseAndClose(status);
|
status = ourClient.execute(httpPost);
|
||||||
// assertEquals(200, status.getStatusLine().getStatusCode());
|
extractResponseAndClose(status);
|
||||||
|
assertEquals(200, status.getStatusLine().getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testMetadataDeny() throws Exception {
|
public void testMetadataDeny() throws Exception {
|
||||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.ALLOW) {
|
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.ALLOW) {
|
||||||
@Override
|
@Override
|
||||||
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
|
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||||
theRuleBuilder.deny("Rule 1").metadata();
|
//@formatter:off
|
||||||
|
return new RuleBuilder()
|
||||||
|
.deny("Rule 1").metadata()
|
||||||
|
.build();
|
||||||
|
//@formatter:on
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -181,8 +206,12 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
public void testReadByAnyId() throws Exception {
|
public void testReadByAnyId() throws Exception {
|
||||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
||||||
@Override
|
@Override
|
||||||
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
|
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||||
theRuleBuilder.allow("Rule 1").read().resourcesOfType(Patient.class).withAnyId();
|
//@formatter:off
|
||||||
|
return new RuleBuilder()
|
||||||
|
.allow("Rule 1").read().resourcesOfType(Patient.class).withAnyId()
|
||||||
|
.build();
|
||||||
|
//@formatter:on
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -234,9 +263,13 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
public void testAllowAll() throws Exception {
|
public void testAllowAll() throws Exception {
|
||||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
||||||
@Override
|
@Override
|
||||||
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
|
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||||
theRuleBuilder.deny("Rule 1").read().resourcesOfType(Patient.class).withAnyId();
|
//@formatter:off
|
||||||
theRuleBuilder.allowAll("Default Rule");
|
return new RuleBuilder()
|
||||||
|
.deny("Rule 1").read().resourcesOfType(Patient.class).withAnyId().andThen()
|
||||||
|
.allowAll("Default Rule")
|
||||||
|
.build();
|
||||||
|
//@formatter:on
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -267,10 +300,14 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
public void testDenyAll() throws Exception {
|
public void testDenyAll() throws Exception {
|
||||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
||||||
@Override
|
@Override
|
||||||
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
|
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||||
theRuleBuilder.allow().read().resourcesOfType(Patient.class).withAnyId();
|
//@formatter:off
|
||||||
theRuleBuilder.denyAll("Default Rule");
|
return new RuleBuilder()
|
||||||
}
|
.allow().read().resourcesOfType(Patient.class).withAnyId().andThen()
|
||||||
|
.denyAll("Default Rule")
|
||||||
|
.build();
|
||||||
|
//@formatter:on
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
HttpGet httpGet;
|
HttpGet httpGet;
|
||||||
|
@ -301,9 +338,13 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
public void testReadByCompartmentRight() throws Exception {
|
public void testReadByCompartmentRight() throws Exception {
|
||||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
||||||
@Override
|
@Override
|
||||||
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
|
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||||
theRuleBuilder.allow("Rule 1").read().resourcesOfType(Patient.class).inCompartment("Patient", new IdDt("Patient/1"));
|
//@formatter:off
|
||||||
theRuleBuilder.allow("Rule 2").read().resourcesOfType(Observation.class).inCompartment("Patient", new IdDt("Patient/1"));
|
return new RuleBuilder()
|
||||||
|
.allow("Rule 1").read().resourcesOfType(Patient.class).inCompartment("Patient", new IdDt("Patient/1")).andThen()
|
||||||
|
.allow("Rule 2").read().resourcesOfType(Observation.class).inCompartment("Patient", new IdDt("Patient/1"))
|
||||||
|
.build();
|
||||||
|
//@formatter:on
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -340,9 +381,13 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
public void testReadByCompartmentWrong() throws Exception {
|
public void testReadByCompartmentWrong() throws Exception {
|
||||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
||||||
@Override
|
@Override
|
||||||
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
|
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||||
theRuleBuilder.allow("Rule 1").read().resourcesOfType(Patient.class).inCompartment("Patient", new IdDt("Patient/1"));
|
//@formatter:off
|
||||||
theRuleBuilder.allow("Rule 2").read().resourcesOfType(Observation.class).inCompartment("Patient", new IdDt("Patient/1"));
|
return new RuleBuilder()
|
||||||
|
.allow("Rule 1").read().resourcesOfType(Patient.class).inCompartment("Patient", new IdDt("Patient/1")).andThen()
|
||||||
|
.allow("Rule 2").read().resourcesOfType(Observation.class).inCompartment("Patient", new IdDt("Patient/1"))
|
||||||
|
.build();
|
||||||
|
//@formatter:on
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -396,9 +441,13 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
public void testWriteByCompartmentCreate() throws Exception {
|
public void testWriteByCompartmentCreate() throws Exception {
|
||||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
||||||
@Override
|
@Override
|
||||||
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
|
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||||
theRuleBuilder.allow("Rule 1").write().resourcesOfType(Patient.class).inCompartment("Patient", new IdDt("Patient/1"));
|
//@formatter:off
|
||||||
theRuleBuilder.allow("Rule 2").write().resourcesOfType(Observation.class).inCompartment("Patient", new IdDt("Patient/1"));
|
return new RuleBuilder()
|
||||||
|
.allow("Rule 1").write().resourcesOfType(Patient.class).inCompartment("Patient", new IdDt("Patient/1")).andThen()
|
||||||
|
.allow("Rule 2").write().resourcesOfType(Observation.class).inCompartment("Patient", new IdDt("Patient/1"))
|
||||||
|
.build();
|
||||||
|
//@formatter:on
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -436,9 +485,13 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
public void testWriteByCompartmentDelete() throws Exception {
|
public void testWriteByCompartmentDelete() throws Exception {
|
||||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
||||||
@Override
|
@Override
|
||||||
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
|
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||||
theRuleBuilder.allow("Rule 1").write().resourcesOfType(Patient.class).inCompartment("Patient", new IdDt("Patient/1"));
|
//@formatter:off
|
||||||
theRuleBuilder.allow("Rule 2").write().resourcesOfType(Observation.class).inCompartment("Patient", new IdDt("Patient/1"));
|
return new RuleBuilder()
|
||||||
|
.allow("Rule 1").write().resourcesOfType(Patient.class).inCompartment("Patient", new IdDt("Patient/1")).andThen()
|
||||||
|
.allow("Rule 2").write().resourcesOfType(Observation.class).inCompartment("Patient", new IdDt("Patient/1"))
|
||||||
|
.build();
|
||||||
|
//@formatter:on
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -466,9 +519,13 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
public void testWriteByCompartmentUpdate() throws Exception {
|
public void testWriteByCompartmentUpdate() throws Exception {
|
||||||
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
ourServlet.registerInterceptor(new AuthorizationInterceptor(PolicyEnum.DENY) {
|
||||||
@Override
|
@Override
|
||||||
protected void buildRuleList(RequestDetails theRequestDetails, IAuthRuleBuilder theRuleBuilder) {
|
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
|
||||||
theRuleBuilder.allow("Rule 1").write().resourcesOfType(Patient.class).inCompartment("Patient", new IdDt("Patient/1"));
|
//@formatter:off
|
||||||
theRuleBuilder.allow("Rule 2").write().resourcesOfType(Observation.class).inCompartment("Patient", new IdDt("Patient/1"));
|
return new RuleBuilder()
|
||||||
|
.allow("Rule 1").write().resourcesOfType(Patient.class).inCompartment("Patient", new IdDt("Patient/1")).andThen()
|
||||||
|
.allow("Rule 2").write().resourcesOfType(Observation.class).inCompartment("Patient", new IdDt("Patient/1"))
|
||||||
|
.build();
|
||||||
|
//@formatter:on
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -523,11 +580,13 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
|
|
||||||
DummyPatientResourceProvider patProvider = new DummyPatientResourceProvider();
|
DummyPatientResourceProvider patProvider = new DummyPatientResourceProvider();
|
||||||
DummyObservationResourceProvider obsProv = new DummyObservationResourceProvider();
|
DummyObservationResourceProvider obsProv = new DummyObservationResourceProvider();
|
||||||
|
PlainProvider plainProvider = new PlainProvider();
|
||||||
|
|
||||||
ServletHandler proxyHandler = new ServletHandler();
|
ServletHandler proxyHandler = new ServletHandler();
|
||||||
ourServlet = new RestfulServer(ourCtx);
|
ourServlet = new RestfulServer(ourCtx);
|
||||||
ourServlet.setFhirContext(ourCtx);
|
ourServlet.setFhirContext(ourCtx);
|
||||||
ourServlet.setResourceProviders(patProvider, obsProv);
|
ourServlet.setResourceProviders(patProvider, obsProv);
|
||||||
|
ourServlet.setPlainProviders(plainProvider);
|
||||||
ServletHolder servletHolder = new ServletHolder(ourServlet);
|
ServletHolder servletHolder = new ServletHolder(ourServlet);
|
||||||
proxyHandler.addServletWithMapping(servletHolder, "/*");
|
proxyHandler.addServletWithMapping(servletHolder, "/*");
|
||||||
ourServer.setHandler(proxyHandler);
|
ourServer.setHandler(proxyHandler);
|
||||||
|
@ -571,7 +630,7 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Search()
|
@Search()
|
||||||
public List<IBaseResource> search() {
|
public List<IResource> search() {
|
||||||
ourHitMethod = true;
|
ourHitMethod = true;
|
||||||
return ourReturn;
|
return ourReturn;
|
||||||
}
|
}
|
||||||
|
@ -588,6 +647,16 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static class PlainProvider
|
||||||
|
{
|
||||||
|
@Transaction()
|
||||||
|
public Bundle search(@TransactionParam Bundle theInput) {
|
||||||
|
ourHitMethod = true;
|
||||||
|
return (Bundle) ourReturn.get(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
public static class DummyPatientResourceProvider implements IResourceProvider {
|
public static class DummyPatientResourceProvider implements IResourceProvider {
|
||||||
|
|
||||||
@Create()
|
@Create()
|
||||||
|
@ -622,7 +691,7 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Search()
|
@Search()
|
||||||
public List<IBaseResource> search() {
|
public List<IResource> search() {
|
||||||
ourHitMethod = true;
|
ourHitMethod = true;
|
||||||
return ourReturn;
|
return ourReturn;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue