honeymoose
/
hapi-fhir
mirror of https://github.com/hapifhir/hapi-fhir.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Try to fix tests

This commit is contained in:
James Agnew 2016-04-20 09:03:43 -04:00
parent 8bb00839d0
commit a8b121d868
3 changed files with 53 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
examples/src/main/java/example/AuthorizationInterceptors.java Normal file
View File

@ -0,0 +1,34 @@
package example;
import java.util.List;
import ca.uhn.fhir.model.dstu2.resource.Patient;
import ca.uhn.fhir.rest.method.RequestDetails;
import ca.uhn.fhir.rest.server.interceptor.auth.AuthorizationInterceptor;
import ca.uhn.fhir.rest.server.interceptor.auth.IAuthRule;
import ca.uhn.fhir.rest.server.interceptor.auth.RuleBuilder;
public class AuthorizationInterceptors {
public class PatientAndAdminAuthorizationInterceptor extends AuthorizationInterceptor {
@Override
public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
String authHeader = theRequestDetails.getHeader("Authorization");
/*
* Process authorization header - The following is a fake
* implementation. Obviously we'd want something more real
* for a production scenario.
*/
// If the authorization header was determined to be
Long callerIsPatientId = null;
return new RuleBuilder()
.deny("Rule 1").read().resourcesOfType(Patient.class).withAnyId().andThen()
.allowAll("Default Rule")
.build();
}
}
}

2
hapi-fhir-jpaserver-base/src/test/java/ca/uhn/fhir/jpa/provider/dstu3/ResourceProviderDstu3Test.java
View File

@ -171,7 +171,7 @@ public class ResourceProviderDstu3Test extends BaseResourceProviderDstu3Test {
client.create().resource(resBody).execute().getId(); client.create().resource(resBody).execute().getId();
fail(); fail();
} catch (UnprocessableEntityException e) { } catch (UnprocessableEntityException e) {
assertThat(e.getMessage(), containsString("Unable to store a Bundle resource on this server with a Bundle.type value other than 'document' - Value was: transaction")); assertThat(e.getMessage(), containsString("Unable to store a Bundle resource on this server with a Bundle.type value of: transaction"));
} }
} }

19
src/site/xdoc/doc_rest_server_security.xml
View File

@ -78,7 +78,24 @@
has the appropriate permission to perform a given task on a FHIR server. This is has the appropriate permission to perform a given task on a FHIR server. This is
done by declaring done by declaring
</p> </p>
<p class="doc_info_bubble">
AuthorizationInterceptor is a new feature in HAPI FHIR, and has not yet
been heavily tested. Use with caution, and do lots of testing! We welcome
feedback and suggestions on this feature.
</p>
<p>
The AuthorizationInterceptor works by allowing you to declare
permissions based on an individual request coming in. In other
words, you could have code that examines an incoming request and
determines that it is being made by a Patient with ID 123. You
could then declare that the requesting user has access to read and
write any resource in compartment "Patient/123", which corresponds
to any Observation, MedicationOrder etc with a subject of
"<code>Patient/123</code>". On the other hand, another request
might be detemrined to belong to an administrator user, and
could be declared to be allowed to do anything.
</p>
</section> </section>
</body> </body>