Work on docs

hapifhir · Sep 22, 2019 · 0a5eca0 · 0a5eca0
1 parent d43c176
commit 0a5eca0
Show file tree

Hide file tree

Showing 71 changed files with 6,318 additions and 244 deletions.
diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/client/api/IRestfulClient.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/client/api/IRestfulClient.java
@@ -92,10 +92,11 @@ public interface IRestfulClient {
 	/**
 	 * Register a new interceptor for this client. An interceptor can be used to add additional
 	 * logging, or add security headers, or pre-process responses, etc.
-	 *
-	 * @deprecated Use {@link #getInterceptorService()} to access the list of inteerceptors, register them, and unregister them
+	 * <p>
+	 * This is a convenience method for performing the following call:
+	 * <code>getInterceptorService().registerInterceptor(theInterceptor)</code>
+	 * </p>
 	 */
-	@Deprecated
 	void registerInterceptor(IClientInterceptor theInterceptor);
 
 	/**
@@ -114,11 +115,12 @@ public interface IRestfulClient {
 	void setSummary(SummaryEnum theSummary);
 
 	/**
-	 * Remove an intercaptor that was previously registered using {@link IRestfulClient#registerInterceptor(IClientInterceptor)}
-	 *
-	 * @deprecated Use {@link #getInterceptorService()} to access the list of inteerceptors, register them, and unregister them
+	 * Remove an interceptor that was previously registered using {@link IRestfulClient#registerInterceptor(IClientInterceptor)}.
+	 * <p>
+	 * This is a convenience method for performing the following call:
+	 * <code>getInterceptorService().unregisterInterceptor(theInterceptor)</code>
+	 * </p>
 	 */
-	@Deprecated
 	void unregisterInterceptor(IClientInterceptor theInterceptor);
 
 	/**

diff --git a/hapi-fhir-docs/pom.xml b/hapi-fhir-docs/pom.xml
@@ -1,5 +1,5 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+			xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 
 	<parent>
@@ -15,6 +15,85 @@
 	<name>HAPI FHIR - Docs</name>
 
 	<dependencies>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-server</artifactId>
+			<version>${project.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-structures-dstu3</artifactId>
+			<version>${project.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-structures-r4</artifactId>
+			<version>${project.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-validation</artifactId>
+			<version>${project.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-client</artifactId>
+			<version>${project.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-client-okhttp</artifactId>
+			<version>${project.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-jaxrsserver-base</artifactId>
+			<version>${project.version}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>javax.ejb</groupId>
+			<artifactId>ejb-api</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>javax.ws.rs</groupId>
+			<artifactId>jsr311-api</artifactId>
+			<version>1.1.1</version>
+			<scope>compile</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-web</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-structures-dstu2</artifactId>
+			<version>4.1.0-SNAPSHOT</version>
+			<scope>compile</scope>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-jpaserver-subscription</artifactId>
+			<version>4.1.0-SNAPSHOT</version>
+			<scope>compile</scope>
+		</dependency>
 	</dependencies>
 
+	<build>
+		<resources>
+			<resource>
+				<directory>src/main/resources</directory>
+				<includes>
+					<include>**/*.*</include>
+				</includes>
+			</resource>
+			<resource>
+				<directory>src/main/java</directory>
+				<includes>
+					<include>**/*.java</include>
+				</includes>
+			</resource>
+		</resources>
+	</build>
+
 </project>
diff --git a/hapi-fhir-docs/src/main/java/ca/uhn/hapi/fhir/docs/AuthorizationInterceptors.java b/hapi-fhir-docs/src/main/java/ca/uhn/hapi/fhir/docs/AuthorizationInterceptors.java
@@ -0,0 +1,213 @@
+package ca.uhn.hapi.fhir.docs;
+
+import ca.uhn.fhir.interceptor.api.HookParams;
+import ca.uhn.fhir.interceptor.api.IInterceptorBroadcaster;
+import ca.uhn.fhir.interceptor.api.Pointcut;
+import ca.uhn.fhir.rest.annotation.ConditionalUrlParam;
+import ca.uhn.fhir.rest.annotation.IdParam;
+import ca.uhn.fhir.rest.annotation.ResourceParam;
+import ca.uhn.fhir.rest.annotation.Update;
+import ca.uhn.fhir.rest.api.MethodOutcome;
+import ca.uhn.fhir.rest.api.server.RequestDetails;
+import ca.uhn.fhir.rest.server.IResourceProvider;
+import ca.uhn.fhir.rest.server.exceptions.AuthenticationException;
+import ca.uhn.fhir.rest.server.interceptor.auth.*;
+import ca.uhn.fhir.rest.server.servlet.ServletRequestDetails;
+import org.hl7.fhir.dstu3.model.IdType;
+import org.hl7.fhir.instance.model.api.IBaseResource;
+import org.hl7.fhir.r4.model.Patient;
+
+import java.util.List;
+
+import static org.apache.commons.lang3.StringUtils.isNotBlank;
+
+@SuppressWarnings("unused")
+public class AuthorizationInterceptors {
+
+   public class PatientResourceProvider implements IResourceProvider
+   {
+
+      @Override
+      public Class<? extends IBaseResource> getResourceType() {
+         return Patient.class;
+      }
+
+      public MethodOutcome create(@ResourceParam Patient thePatient, RequestDetails theRequestDetails) {
+
+         return new MethodOutcome(); // populate this
+      }
+
+   }
+
+   //START SNIPPET: patientAndAdmin
+   @SuppressWarnings("ConstantConditions")
+	public class PatientAndAdminAuthorizationInterceptor extends AuthorizationInterceptor {
+
+      @Override
+      public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
+
+         // Process authorization header - The following is a fake 
+         // implementation. Obviously we'd want something more real
+         // for a production scenario.
+         // 
+         // In this basic example we have two hardcoded bearer tokens,
+         // one which is for a user that has access to one patient, and
+         // another that has full access. 
+         IdType userIdPatientId = null;
+         boolean userIsAdmin = false;
+         String authHeader = theRequestDetails.getHeader("Authorization");
+         if ("Bearer dfw98h38r".equals(authHeader)) {
+            // This user has access only to Patient/1 resources
+            userIdPatientId = new IdType("Patient", 1L);
+         } else if ("Bearer 39ff939jgg".equals(authHeader)) {
+            // This user has access to everything
+            userIsAdmin = true;
+         } else {
+            // Throw an HTTP 401
+            throw new AuthenticationException("Missing or invalid Authorization header value");
+         }
+
+         // If the user is a specific patient, we create the following rule chain:
+         // Allow the user to read anything in their own patient compartment
+         // Allow the user to write anything in their own patient compartment
+         // If a client request doesn't pass either of the above, deny it
+         if (userIdPatientId != null) {
+            return new RuleBuilder()
+               .allow().read().allResources().inCompartment("Patient", userIdPatientId).andThen()
+               .allow().write().allResources().inCompartment("Patient", userIdPatientId).andThen()
+               .denyAll()
+               .build();
+         }
+
+         // If the user is an admin, allow everything
+         if (userIsAdmin) {
+            return new RuleBuilder()
+               .allowAll()
+               .build();
+         }
+
+         // By default, deny everything. This should never get hit, but it's 
+         // good to be defensive
+         return new RuleBuilder()
+            .denyAll()
+            .build();
+      }
+   }
+   //END SNIPPET: patientAndAdmin
+
+
+   //START SNIPPET: conditionalUpdate
+   @Update()
+   public MethodOutcome update(
+         @IdParam IdType theId,
+         @ResourceParam Patient theResource, 
+         @ConditionalUrlParam String theConditionalUrl, 
+         ServletRequestDetails theRequestDetails,
+			IInterceptorBroadcaster theInterceptorBroadcaster) {
+
+      // If we're processing a conditional URL...
+      if (isNotBlank(theConditionalUrl)) {
+
+         // Pretend we've done the conditional processing. Now let's
+         // notify the interceptors that an update has been performed
+         // and supply the actual ID that's being updated
+         IdType actual = new IdType("Patient", "1123");
+
+      }
+
+      // In a real server, perhaps we would process the conditional 
+      // request differently and follow a separate path. Either way,
+      // let's pretend there is some storage code here.
+      theResource.setId(theId.withVersion("2"));
+
+      // Notify the interceptor framework when we're about to perform an update. This is
+		// useful as the authorization interceptor will pick this event up and use it
+		// to factor into a decision about whether the operation should be allowed to proceed.
+		IBaseResource previousContents = theResource;
+		IBaseResource newContents = theResource;
+		HookParams params = new HookParams()
+			.add(IBaseResource.class, previousContents)
+			.add(IBaseResource.class, newContents)
+			.add(RequestDetails.class, theRequestDetails)
+			.add(ServletRequestDetails.class, theRequestDetails);
+		theInterceptorBroadcaster.callHooks(Pointcut.STORAGE_PRESTORAGE_RESOURCE_UPDATED, params);
+
+      MethodOutcome retVal = new MethodOutcome();
+      retVal.setCreated(true);
+      retVal.setResource(theResource);
+      return retVal;
+   }
+   //END SNIPPET: conditionalUpdate
+
+	public void authorizeTenantAction() {
+		//START SNIPPET: authorizeTenantAction
+		new AuthorizationInterceptor(PolicyEnum.DENY) {
+			@Override
+			public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
+				return new RuleBuilder()
+					.allow().read().resourcesOfType(Patient.class).withAnyId().forTenantIds("TENANTA").andThen()
+					.build();
+			}
+		};
+		//END SNIPPET: authorizeTenantAction
+
+
+		//START SNIPPET: patchAll
+		new AuthorizationInterceptor(PolicyEnum.DENY) {
+			@Override
+			public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
+				return new RuleBuilder()
+					// Authorize patch requests
+					.allow().patch().allRequests().andThen()
+					// Authorize actual writes that patch may perform
+					.allow().write().allResources().inCompartment("Patient", new IdType("Patient/123")).andThen()
+					.build();
+			}
+		};
+		//END SNIPPET: patchAll
+
+	}
+
+
+	//START SNIPPET: narrowing
+	public class MyPatientSearchNarrowingInterceptor extends SearchNarrowingInterceptor {
+
+		/**
+		 * This method must be overridden to provide the list of compartments
+		 * and/or resources that the current user should have access to
+		 */
+		@Override
+		protected AuthorizedList buildAuthorizedList(RequestDetails theRequestDetails) {
+			// Process authorization header - The following is a fake
+			// implementation. Obviously we'd want something more real
+			// for a production scenario.
+			//
+			// In this basic example we have two hardcoded bearer tokens,
+			// one which is for a user that has access to one patient, and
+			// another that has full access.
+			String authHeader = theRequestDetails.getHeader("Authorization");
+			if ("Bearer dfw98h38r".equals(authHeader)) {
+
+				// This user will have access to two compartments
+				return new AuthorizedList()
+					.addCompartment("Patient/123")
+					.addCompartment("Patient/456");
+
+			} else if ("Bearer 39ff939jgg".equals(authHeader)) {
+
+				// This user has access to everything
+				return new AuthorizedList();
+
+			} else {
+
+				throw new AuthenticationException("Unknown bearer token");
+
+			}
+
+		}
+
+	}
+	//END SNIPPET: narrowing
+
+
+}
diff --git a/hapi-fhir-docs/src/main/java/ca/uhn/hapi/fhir/docs/AuthorizingTesterUiClientFactory.java b/hapi-fhir-docs/src/main/java/ca/uhn/hapi/fhir/docs/AuthorizingTesterUiClientFactory.java
@@ -0,0 +1,23 @@
+package ca.uhn.hapi.fhir.docs;
+
+import ca.uhn.fhir.context.FhirContext;
+import ca.uhn.fhir.rest.client.api.IGenericClient;
+import ca.uhn.fhir.rest.client.interceptor.BasicAuthInterceptor;
+import ca.uhn.fhir.rest.server.util.ITestingUiClientFactory;
+
+import javax.servlet.http.HttpServletRequest;
+
+public class AuthorizingTesterUiClientFactory implements ITestingUiClientFactory {
+
+   @Override
+   public IGenericClient newClient(FhirContext theFhirContext, HttpServletRequest theRequest, String theServerBaseUrl) {
+      // Create a client
+      IGenericClient client = theFhirContext.newRestfulGenericClient(theServerBaseUrl);
+
+      // Register an interceptor which adds credentials
+      client.registerInterceptor(new BasicAuthInterceptor("someusername", "somepassword"));
+
+      return client;
+   }
+
+}