Merge branch 'master' of github.com:jamesagnew/hapi-fhir
This commit is contained in:
commit
a246809c92
|
@ -221,20 +221,16 @@ public class AuthorizationInterceptor extends InterceptorAdapter implements ISer
|
||||||
IIdType inputResourceId = null;
|
IIdType inputResourceId = null;
|
||||||
|
|
||||||
switch (determineOperationDirection(theOperation, theProcessedRequest.getResource())) {
|
switch (determineOperationDirection(theOperation, theProcessedRequest.getResource())) {
|
||||||
case IN_UNCATEGORIZED:
|
|
||||||
inputResourceId = theProcessedRequest.getId();
|
|
||||||
if (inputResourceId == null || inputResourceId.hasIdPart() == false) {
|
|
||||||
return;
|
|
||||||
} else {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
case IN:
|
case IN:
|
||||||
case BOTH:
|
case BOTH:
|
||||||
inputResource = theProcessedRequest.getResource();
|
inputResource = theProcessedRequest.getResource();
|
||||||
inputResourceId = theProcessedRequest.getId();
|
inputResourceId = theProcessedRequest.getId();
|
||||||
break;
|
break;
|
||||||
case NONE:
|
|
||||||
case OUT:
|
case OUT:
|
||||||
|
inputResource = null;
|
||||||
|
inputResourceId = theProcessedRequest.getId();
|
||||||
|
break;
|
||||||
|
case NONE:
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -257,8 +253,6 @@ public class AuthorizationInterceptor extends InterceptorAdapter implements ISer
|
||||||
@Override
|
@Override
|
||||||
public boolean outgoingResponse(RequestDetails theRequestDetails, IBaseResource theResponseObject) {
|
public boolean outgoingResponse(RequestDetails theRequestDetails, IBaseResource theResponseObject) {
|
||||||
switch (determineOperationDirection(theRequestDetails.getRestOperationType(), null)) {
|
switch (determineOperationDirection(theRequestDetails.getRestOperationType(), null)) {
|
||||||
case IN_UNCATEGORIZED:
|
|
||||||
return true;
|
|
||||||
case IN:
|
case IN:
|
||||||
case NONE:
|
case NONE:
|
||||||
return true;
|
return true;
|
||||||
|
@ -354,7 +348,6 @@ public class AuthorizationInterceptor extends InterceptorAdapter implements ISer
|
||||||
|
|
||||||
private enum OperationExamineDirection {
|
private enum OperationExamineDirection {
|
||||||
IN,
|
IN,
|
||||||
IN_UNCATEGORIZED,
|
|
||||||
NONE,
|
NONE,
|
||||||
OUT,
|
OUT,
|
||||||
BOTH,
|
BOTH,
|
||||||
|
|
|
@ -63,7 +63,16 @@ class RuleImplOp extends BaseRule implements IAuthRule {
|
||||||
switch (myOp) {
|
switch (myOp) {
|
||||||
case READ:
|
case READ:
|
||||||
if (theOutputResource == null) {
|
if (theOutputResource == null) {
|
||||||
return null;
|
switch (theOperation) {
|
||||||
|
case READ:
|
||||||
|
appliesToResourceId = theInputResourceId;
|
||||||
|
break;
|
||||||
|
case SEARCH_SYSTEM:
|
||||||
|
case SEARCH_TYPE:
|
||||||
|
return new Verdict(PolicyEnum.ALLOW, this);
|
||||||
|
default:
|
||||||
|
return null;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
appliesToResource = theOutputResource;
|
appliesToResource = theOutputResource;
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -118,11 +118,20 @@ public class JpaConformanceProviderDstu3 extends org.hl7.fhir.dstu3.hapi.rest.se
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
massage(retVal);
|
||||||
|
|
||||||
retVal.getImplementation().setDescription(myImplementationDescription);
|
retVal.getImplementation().setDescription(myImplementationDescription);
|
||||||
myCachedValue = retVal;
|
myCachedValue = retVal;
|
||||||
return retVal;
|
return retVal;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Subclasses may override
|
||||||
|
*/
|
||||||
|
protected void massage(Conformance theStatement) {
|
||||||
|
// nothing
|
||||||
|
}
|
||||||
|
|
||||||
public void setDaoConfig(DaoConfig myDaoConfig) {
|
public void setDaoConfig(DaoConfig myDaoConfig) {
|
||||||
this.myDaoConfig = myDaoConfig;
|
this.myDaoConfig = myDaoConfig;
|
||||||
}
|
}
|
||||||
|
|
|
@ -167,7 +167,7 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
ourLog.info(response);
|
ourLog.info(response);
|
||||||
assertThat(response, containsString("Access denied by rule: Rule 1"));
|
assertThat(response, containsString("Access denied by rule: Rule 1"));
|
||||||
assertEquals(403, status.getStatusLine().getStatusCode());
|
assertEquals(403, status.getStatusLine().getStatusCode());
|
||||||
assertTrue(ourHitMethod);
|
assertFalse(ourHitMethod);
|
||||||
|
|
||||||
ourHitMethod = false;
|
ourHitMethod = false;
|
||||||
httpGet = new HttpGet("http://localhost:" + ourPort + "/Patient/1/$validate");
|
httpGet = new HttpGet("http://localhost:" + ourPort + "/Patient/1/$validate");
|
||||||
|
@ -321,7 +321,7 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
ourLog.info(response);
|
ourLog.info(response);
|
||||||
assertThat(response, containsString("Access denied by rule: Default Rule"));
|
assertThat(response, containsString("Access denied by rule: Default Rule"));
|
||||||
assertEquals(403, status.getStatusLine().getStatusCode());
|
assertEquals(403, status.getStatusLine().getStatusCode());
|
||||||
assertTrue(ourHitMethod);
|
assertFalse(ourHitMethod);
|
||||||
|
|
||||||
ourHitMethod = false;
|
ourHitMethod = false;
|
||||||
httpGet = new HttpGet("http://localhost:" + ourPort + "/Patient/1/$validate");
|
httpGet = new HttpGet("http://localhost:" + ourPort + "/Patient/1/$validate");
|
||||||
|
@ -625,7 +625,7 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
ourLog.info(response);
|
ourLog.info(response);
|
||||||
assertThat(response, containsString("Access denied by default policy (no applicable rules)"));
|
assertThat(response, containsString("Access denied by default policy (no applicable rules)"));
|
||||||
assertEquals(403, status.getStatusLine().getStatusCode());
|
assertEquals(403, status.getStatusLine().getStatusCode());
|
||||||
assertTrue(ourHitMethod);
|
assertFalse(ourHitMethod);
|
||||||
|
|
||||||
ourReturn = Arrays.asList(createPatient(1), createObservation(10, "Patient/2"));
|
ourReturn = Arrays.asList(createPatient(1), createObservation(10, "Patient/2"));
|
||||||
ourHitMethod = false;
|
ourHitMethod = false;
|
||||||
|
@ -679,8 +679,8 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
httpGet = new HttpGet("http://localhost:" + ourPort + "/Observation/10");
|
httpGet = new HttpGet("http://localhost:" + ourPort + "/Observation/10");
|
||||||
status = ourClient.execute(httpGet);
|
status = ourClient.execute(httpGet);
|
||||||
extractResponseAndClose(status);
|
extractResponseAndClose(status);
|
||||||
assertEquals(200, status.getStatusLine().getStatusCode());
|
assertEquals(403, status.getStatusLine().getStatusCode());
|
||||||
assertTrue(ourHitMethod);
|
assertFalse(ourHitMethod);
|
||||||
|
|
||||||
ourReturn = Arrays.asList(createPatient(1), createObservation(10, "Patient/1"));
|
ourReturn = Arrays.asList(createPatient(1), createObservation(10, "Patient/1"));
|
||||||
ourHitMethod = false;
|
ourHitMethod = false;
|
||||||
|
@ -719,7 +719,7 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
ourLog.info(response);
|
ourLog.info(response);
|
||||||
assertThat(response, containsString("Access denied by default policy (no applicable rules)"));
|
assertThat(response, containsString("Access denied by default policy (no applicable rules)"));
|
||||||
assertEquals(403, status.getStatusLine().getStatusCode());
|
assertEquals(403, status.getStatusLine().getStatusCode());
|
||||||
assertTrue(ourHitMethod);
|
assertFalse(ourHitMethod);
|
||||||
|
|
||||||
ourReturn = Arrays.asList(createObservation(10, "Patient/2"));
|
ourReturn = Arrays.asList(createObservation(10, "Patient/2"));
|
||||||
ourHitMethod = false;
|
ourHitMethod = false;
|
||||||
|
@ -729,7 +729,7 @@ public class AuthorizationInterceptorDstu2Test {
|
||||||
ourLog.info(response);
|
ourLog.info(response);
|
||||||
assertThat(response, containsString("Access denied by default policy (no applicable rules)"));
|
assertThat(response, containsString("Access denied by default policy (no applicable rules)"));
|
||||||
assertEquals(403, status.getStatusLine().getStatusCode());
|
assertEquals(403, status.getStatusLine().getStatusCode());
|
||||||
assertTrue(ourHitMethod);
|
assertFalse(ourHitMethod);
|
||||||
|
|
||||||
ourReturn = Arrays.asList(createPatient(1), createObservation(10, "Patient/2"));
|
ourReturn = Arrays.asList(createPatient(1), createObservation(10, "Patient/2"));
|
||||||
ourHitMethod = false;
|
ourHitMethod = false;
|
||||||
|
|
|
@ -225,6 +225,12 @@
|
||||||
Remove unused field (myIsContained) from ResourceTable
|
Remove unused field (myIsContained) from ResourceTable
|
||||||
in JPA server.
|
in JPA server.
|
||||||
</action>
|
</action>
|
||||||
|
<action type="add">
|
||||||
|
AuthorizationInterceptor is now a bit more aggressive
|
||||||
|
at blocking read operations, stopping them on the
|
||||||
|
way in if there is no way they will be accepted
|
||||||
|
to the resource check on the way out
|
||||||
|
</action>
|
||||||
</release>
|
</release>
|
||||||
<release version="2.0" date="2016-08-30">
|
<release version="2.0" date="2016-08-30">
|
||||||
<action type="fix">
|
<action type="fix">
|
||||||
|
|
Loading…
Reference in New Issue