From cb04262cc6d5b148fb831d767f7e30f9b67f5774 Mon Sep 17 00:00:00 2001 From: Markus Mandalka Date: Wed, 5 Oct 2022 15:20:25 +0200 Subject: [PATCH 1/2] Support http basic auth in FHIR server sink (#8) --- README.md | 2 ++ .../stores/FhirServerResourceRepository.java | 19 ++++++++++++++++++- src/main/resources/application-dev.yml | 2 ++ src/main/resources/application.yml | 2 ++ 4 files changed, 24 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 47d529b..42bb8e1 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,8 @@ To configure your deployment, you can change the following environment variables | SERVICES_LOINC_CONVERSIONS_URL | URL of the [LOINC conversion service](https://gitlab.miracum.org/miracum/etl/loinc-conversion) | | | SERVICES_FHIRSERVER_ENABLED | Whether to send received resources to a downstream FHIR server | false | | SERVICES_FHIRSERVER_URL | URL of the FHIR server to send data to | | +| SERVICES_FHIRSERVER_USERNAME | HTTP basic auth username of the FHIR server to send data to | `""` | +| SERVICES_FHIRSERVER_PASSWORD | HTTP basic auth password of the FHIR server to send data to | `""` | | SERVICES_KAFKA_ENABLED | Enable reading FHIR resources from, and writing them back to a Kafka cluster | false | | SERVICES_KAFKA_GENERATE_OUTPUT_TOPIC_MATCH_EXPRESSION | Allows for dynamically generating the Kafka output topic's name based on the input topic. Used to set a regular expression which is applied to the input topic and the first match is replaced with the value of `SERVICES_KAFKA_GENERATE_OUTPUT_TOPIC_REPLACE_WITH`. You can set this to `"^"` to add a prefix to the output topic. | `""` | diff --git a/src/main/java/org/miracum/etl/fhirgateway/stores/FhirServerResourceRepository.java b/src/main/java/org/miracum/etl/fhirgateway/stores/FhirServerResourceRepository.java index 73269f1..2fcb494 100644 --- a/src/main/java/org/miracum/etl/fhirgateway/stores/FhirServerResourceRepository.java +++ b/src/main/java/org/miracum/etl/fhirgateway/stores/FhirServerResourceRepository.java @@ -2,7 +2,10 @@ import ca.uhn.fhir.context.FhirContext; import ca.uhn.fhir.parser.IParser; +import ca.uhn.fhir.rest.client.api.IClientInterceptor; import ca.uhn.fhir.rest.client.api.IGenericClient; +import ca.uhn.fhir.rest.client.interceptor.BasicAuthInterceptor; +import com.google.common.base.Strings; import io.micrometer.core.instrument.Metrics; import java.util.concurrent.atomic.AtomicInteger; import org.hl7.fhir.r4.model.Bundle; @@ -33,10 +36,24 @@ public class FhirServerResourceRepository implements FhirResourceRepository { @Autowired public FhirServerResourceRepository( - FhirContext fhirContext, @Value("${services.fhirServer.url}") String fhirServerUrl) { + FhirContext fhirContext, + @Value("${services.fhirServer.url}") String fhirServerUrl, + @Value("${services.fhirServer.username:}") String fhirServerUsername, + @Value("${services.fhirServer.password:}") String fhirServerPassword) { + this.fhirParser = fhirContext.newJsonParser(); this.client = fhirContext.newRestfulGenericClient(fhirServerUrl); + if (Strings.isNullOrEmpty(fhirServerUsername)) { + log.debug("Client config for FHIR server: Basic auth disabled"); + } else { + log.debug("Client config for FHIR server: Basic auth enabled"); + // Create an HTTP basic auth interceptor + IClientInterceptor authInterceptor = + new BasicAuthInterceptor(fhirServerUsername, fhirServerPassword); + this.client.registerInterceptor(authInterceptor); + } + this.retryTemplate = new RetryTemplate(); var fixedBackOffPolicy = new FixedBackOffPolicy(); diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml index cace066..c4d8f89 100644 --- a/src/main/resources/application-dev.yml +++ b/src/main/resources/application-dev.yml @@ -14,6 +14,8 @@ services: url: "http://localhost:5000/fhir" fhirServer: url: "http://localhost:8082/fhir" + username: "" + password: "" enabled: false psql: enabled: true diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index ae51ad8..8824e16 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -89,6 +89,8 @@ services: url: "" fhirServer: url: "" + username: "" + password: "" enabled: false psql: enabled: true From 15fa05a377d9ce10c59316db1a43e75731725234 Mon Sep 17 00:00:00 2001 From: Marvin Kampf Date: Thu, 7 Sep 2023 14:16:14 +0200 Subject: [PATCH 2/2] feat: adds basic auth to fhir-server connection --- README.md | 7 +++--- .../miracum/etl/fhirgateway/AppConfig.java | 18 +++++++++++++ .../stores/FhirServerResourceRepository.java | 25 ++----------------- src/main/resources/application-dev.yml | 9 ++++--- src/main/resources/application.yml | 9 ++++--- 5 files changed, 36 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 42bb8e1..3d13271 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ curl -d @tests/e2e/data/bundle.json -H "Content-Type: application/json" -X POST To configure your deployment, you can change the following environment variables: | Variable | Description | Default | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------- | +|-------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------| | SPRING_DATASOURCE_URL | JDBC URL of the Postgres DB to store the received FHIR resources, needs to be set to an empty variable if no PSQL db is to be connected to | jdbc:postgresql://fhir-db:5432/fhir | | SPRING_DATASOURCE_USERNAME | Username of the Postgres DB | postgres | | SPRING_DATASOURCE_PASSWORD | Password for the Postgres DB | postgres | @@ -32,8 +32,9 @@ To configure your deployment, you can change the following environment variables | SERVICES_LOINC_CONVERSIONS_URL | URL of the [LOINC conversion service](https://gitlab.miracum.org/miracum/etl/loinc-conversion) | | | SERVICES_FHIRSERVER_ENABLED | Whether to send received resources to a downstream FHIR server | false | | SERVICES_FHIRSERVER_URL | URL of the FHIR server to send data to | | -| SERVICES_FHIRSERVER_USERNAME | HTTP basic auth username of the FHIR server to send data to | `""` | -| SERVICES_FHIRSERVER_PASSWORD | HTTP basic auth password of the FHIR server to send data to | `""` | +| SERVICES_FHIRSERVER_AUTH_BASIC_ENABLED | Enable HTTP basic auth for sending data to FHIR server | false | +| SERVICES_FHIRSERVER_AUTH_BASIC_USERNAME | HTTP basic auth username of the FHIR server to send data to | `""` | +| SERVICES_FHIRSERVER_AUTH_BASIC_PASSWORD | HTTP basic auth password of the FHIR server to send data to | `""` | | SERVICES_KAFKA_ENABLED | Enable reading FHIR resources from, and writing them back to a Kafka cluster | false | | SERVICES_KAFKA_GENERATE_OUTPUT_TOPIC_MATCH_EXPRESSION | Allows for dynamically generating the Kafka output topic's name based on the input topic. Used to set a regular expression which is applied to the input topic and the first match is replaced with the value of `SERVICES_KAFKA_GENERATE_OUTPUT_TOPIC_REPLACE_WITH`. You can set this to `"^"` to add a prefix to the output topic. | `""` | diff --git a/src/main/java/org/miracum/etl/fhirgateway/AppConfig.java b/src/main/java/org/miracum/etl/fhirgateway/AppConfig.java index bba7c74..8e1ebbd 100644 --- a/src/main/java/org/miracum/etl/fhirgateway/AppConfig.java +++ b/src/main/java/org/miracum/etl/fhirgateway/AppConfig.java @@ -4,7 +4,9 @@ import ca.uhn.fhir.context.FhirContext; import ca.uhn.fhir.okhttp.client.OkHttpRestfulClientFactory; +import ca.uhn.fhir.rest.client.api.IGenericClient; import ca.uhn.fhir.rest.client.exceptions.FhirClientConnectionException; +import ca.uhn.fhir.rest.client.interceptor.BasicAuthInterceptor; import ca.uhn.fhir.rest.server.exceptions.InternalErrorException; import ca.uhn.fhir.rest.server.exceptions.ResourceNotFoundException; import ca.uhn.fhir.rest.server.exceptions.ResourceVersionConflictException; @@ -69,6 +71,22 @@ public FhirContext fhirContext( return fhirContext; } + @Bean + IGenericClient fhirClient( + FhirContext fhirContext, + @Value("${services.fhirServer.auth.basic.username}") String username, + @Value("${services.fhirServer.auth.basic.password}") String password, + @Value("${services.fhirServer.auth.basic.enabled}") boolean isBasicAuthEnabled, + @Value("${services.fhirServer.url}") String fhirServerUrl) { + var client = fhirContext.newRestfulGenericClient(fhirServerUrl); + + if (isBasicAuthEnabled) { + client.registerInterceptor(new BasicAuthInterceptor(username, password)); + } + + return client; + } + @Bean public RestTemplate restTemplate(RestTemplateBuilder builder) { return builder.build(); diff --git a/src/main/java/org/miracum/etl/fhirgateway/stores/FhirServerResourceRepository.java b/src/main/java/org/miracum/etl/fhirgateway/stores/FhirServerResourceRepository.java index 2fcb494..c467f10 100644 --- a/src/main/java/org/miracum/etl/fhirgateway/stores/FhirServerResourceRepository.java +++ b/src/main/java/org/miracum/etl/fhirgateway/stores/FhirServerResourceRepository.java @@ -2,17 +2,13 @@ import ca.uhn.fhir.context.FhirContext; import ca.uhn.fhir.parser.IParser; -import ca.uhn.fhir.rest.client.api.IClientInterceptor; import ca.uhn.fhir.rest.client.api.IGenericClient; -import ca.uhn.fhir.rest.client.interceptor.BasicAuthInterceptor; -import com.google.common.base.Strings; import io.micrometer.core.instrument.Metrics; import java.util.concurrent.atomic.AtomicInteger; import org.hl7.fhir.r4.model.Bundle; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; import org.springframework.retry.RetryCallback; import org.springframework.retry.RetryContext; import org.springframework.retry.backoff.FixedBackOffPolicy; @@ -35,33 +31,16 @@ public class FhirServerResourceRepository implements FhirResourceRepository { private final RetryTemplate retryTemplate; @Autowired - public FhirServerResourceRepository( - FhirContext fhirContext, - @Value("${services.fhirServer.url}") String fhirServerUrl, - @Value("${services.fhirServer.username:}") String fhirServerUsername, - @Value("${services.fhirServer.password:}") String fhirServerPassword) { + public FhirServerResourceRepository(FhirContext fhirContext, IGenericClient client) { this.fhirParser = fhirContext.newJsonParser(); - this.client = fhirContext.newRestfulGenericClient(fhirServerUrl); - - if (Strings.isNullOrEmpty(fhirServerUsername)) { - log.debug("Client config for FHIR server: Basic auth disabled"); - } else { - log.debug("Client config for FHIR server: Basic auth enabled"); - // Create an HTTP basic auth interceptor - IClientInterceptor authInterceptor = - new BasicAuthInterceptor(fhirServerUsername, fhirServerPassword); - this.client.registerInterceptor(authInterceptor); - } + this.client = client; this.retryTemplate = new RetryTemplate(); - var fixedBackOffPolicy = new FixedBackOffPolicy(); fixedBackOffPolicy.setBackOffPeriod(5_000); retryTemplate.setBackOffPolicy(fixedBackOffPolicy); - retryTemplate.setRetryPolicy(new SimpleRetryPolicy(5)); - this.retryTemplate.registerListener( new RetryListenerSupport() { @Override diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml index c4d8f89..109a86a 100644 --- a/src/main/resources/application-dev.yml +++ b/src/main/resources/application-dev.yml @@ -13,10 +13,13 @@ services: enabled: true url: "http://localhost:5000/fhir" fhirServer: - url: "http://localhost:8082/fhir" - username: "" - password: "" enabled: false + url: "http://localhost:8082/fhir" + auth: + basic: + enabled: false + username: "" + password: "" psql: enabled: true kafka: diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 8824e16..4fbc8ba 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -88,10 +88,13 @@ services: enabled: true url: "" fhirServer: - url: "" - username: "" - password: "" enabled: false + url: "" + auth: + basic: + enabled: false + username: "" + password: "" psql: enabled: true kafka: