Пример #1
0
  @Override
  public Object translateQueryParametersIntoServerArgument(
      RequestDetails theRequest, byte[] theRequestContents, BaseMethodBinding<?> theMethodBinding)
      throws InternalErrorException, InvalidRequestException {

    List<QualifiedParamList> paramList = new ArrayList<QualifiedParamList>();
    String name = getName();
    parseParams(theRequest, paramList, name, null);

    List<String> qualified = theRequest.getUnqualifiedToQualifiedNames().get(name);
    if (qualified != null) {
      for (String nextQualified : qualified) {
        parseParams(theRequest, paramList, nextQualified, nextQualified.substring(name.length()));
      }
    }

    if (paramList.isEmpty()) {

      ourLog.debug(
          "No value for parameter '{}' - Qualified names {} and qualifier whitelist {}",
          getName(),
          qualified,
          getQualifierWhitelist());

      if (handlesMissing()) {
        return parse(theRequest.getServer().getFhirContext(), paramList);
      } else {
        return null;
      }
    }

    return parse(theRequest.getServer().getFhirContext(), paramList);
  }
Пример #2
0
  @Override
  public Verdict applyRule(
      RestOperationTypeEnum theOperation,
      RequestDetails theRequestDetails,
      IBaseResource theInputResource,
      IIdType theInputResourceId,
      IBaseResource theOutputResource,
      IRuleApplier theRuleApplier) {

    if (theInputResourceId != null) {
      return null;
    }

    if (theOperation == myOperationType) {
      switch (myAppliesTo) {
        case ALL_RESOURCES:
          break;
        case TYPES:
          if (theInputResource == null || !myAppliesToTypes.contains(theInputResource.getClass())) {
            return null;
          }
          break;
      }

      if (theRequestDetails.getConditionalUrl(myOperationType) == null) {
        return null;
      }

      return newVerdict();
    }

    return null;
  }
Пример #3
0
  private void parseParams(
      RequestDetails theRequest,
      List<QualifiedParamList> paramList,
      String theQualifiedParamName,
      String theQualifier) {
    QualifierDetails qualifiers =
        SearchMethodBinding.extractQualifiersFromParameterName(theQualifier);
    if (!qualifiers.passes(getQualifierWhitelist(), getQualifierBlacklist())) {
      return;
    }

    String[] value = theRequest.getParameters().get(theQualifiedParamName);
    if (value != null) {
      for (String nextParam : value) {
        if (nextParam.contains(",") == false) {
          paramList.add(QualifiedParamList.singleton(theQualifier, nextParam));
        } else {
          paramList.add(
              QualifiedParamList.splitQueryStringByCommasIgnoreEscape(theQualifier, nextParam));
        }
      }
    }
  }
  @Override
  public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) {
    String authHeader = theRequestDetails.getHeader("Authorization");

    // @formatter:off
    if (isBlank(authHeader)) {
      return new RuleBuilder()
          .deny()
          .operation()
          .named(BaseJpaSystemProvider.MARK_ALL_RESOURCES_FOR_REINDEXING)
          .onServer()
          .andThen()
          .deny()
          .operation()
          .named(TerminologyUploaderProviderDstu3.UPLOAD_EXTERNAL_CODE_SYSTEM)
          .onServer()
          .andThen()
          .allowAll()
          .build();
    }
    // @formatter:off

    if (!authHeader.startsWith("Bearer ")) {
      throw new ForbiddenOperationException(
          "Invalid bearer token, must be in the form \"Authorization: Bearer [token]\"");
    }

    String token = authHeader.substring("Bearer ".length()).trim();
    if (!myTokens.contains(token)) {
      ourLog.error("Invalid token '{}' - Valid are: {}", token, myTokens);
      throw new ForbiddenOperationException("Unknown/expired bearer token");
    }

    ourLog.info("User logged in with bearer token: " + token.substring(0, 4) + "...");

    return new RuleBuilder().allowAll().build();
  }
Пример #5
0
    @Override
    public String lookup(String theKey) {

      /*
       * TODO: this method could be made more efficient through some sort of lookup map
       */

      if ("operationType".equals(theKey)) {
        if (myRequestDetails.getRestOperationType() != null) {
          return myRequestDetails.getRestOperationType().getCode();
        }
        return "";
      } else if ("operationName".equals(theKey)) {
        if (myRequestDetails.getRestOperationType() != null) {
          switch (myRequestDetails.getRestOperationType()) {
            case EXTENDED_OPERATION_INSTANCE:
            case EXTENDED_OPERATION_SERVER:
            case EXTENDED_OPERATION_TYPE:
              return myRequestDetails.getOperation();
            default:
              return "";
          }
        } else {
          return "";
        }
      } else if ("id".equals(theKey)) {
        if (myRequestDetails.getId() != null) {
          return myRequestDetails.getId().getValue();
        }
        return "";
      } else if ("servletPath".equals(theKey)) {
        return StringUtils.defaultString(myRequest.getServletPath());
      } else if ("idOrResourceName".equals(theKey)) {
        if (myRequestDetails.getId() != null) {
          return myRequestDetails.getId().getValue();
        }
        if (myRequestDetails.getResourceName() != null) {
          return myRequestDetails.getResourceName();
        }
        return "";
      } else if (theKey.equals("requestParameters")) {
        StringBuilder b = new StringBuilder();
        for (Entry<String, String[]> next : myRequestDetails.getParameters().entrySet()) {
          for (String nextValue : next.getValue()) {
            if (b.length() == 0) {
              b.append('?');
            } else {
              b.append('&');
            }
            try {
              b.append(URLEncoder.encode(next.getKey(), "UTF-8"));
              b.append('=');
              b.append(URLEncoder.encode(nextValue, "UTF-8"));
            } catch (UnsupportedEncodingException e) {
              throw new ca.uhn.fhir.context.ConfigurationException("UTF-8 not supported", e);
            }
          }
        }
        return b.toString();
      } else if (theKey.startsWith("requestHeader.")) {
        String val = myRequest.getHeader(theKey.substring("requestHeader.".length()));
        return StringUtils.defaultString(val);
      } else if (theKey.startsWith("remoteAddr")) {
        return StringUtils.defaultString(myRequest.getRemoteAddr());
      } else if (theKey.equals("responseEncodingNoDefault")) {
        EncodingEnum encoding =
            RestfulServerUtils.determineResponseEncodingNoDefault(
                myRequestDetails, myRequestDetails.getServer().getDefaultResponseEncoding());
        if (encoding != null) {
          return encoding.name();
        } else {
          return "";
        }
      } else if (theKey.equals("exceptionMessage")) {
        return myException != null ? myException.getMessage() : null;
      } else if (theKey.equals("requestUrl")) {
        return myRequest.getRequestURL().toString();
      } else if (theKey.equals("requestVerb")) {
        return myRequest.getMethod();
      } else if (theKey.equals("requestBodyFhir")) {
        String contentType = myRequest.getContentType();
        if (isNotBlank(contentType)) {
          int colonIndex = contentType.indexOf(';');
          if (colonIndex != -1) {
            contentType = contentType.substring(0, colonIndex);
          }
          contentType = contentType.trim();

          EncodingEnum encoding = EncodingEnum.forContentType(contentType);
          if (encoding != null) {
            byte[] requestContents = myRequestDetails.loadRequestContents();
            return new String(requestContents, Charsets.UTF_8);
          }
        }
        return "";
      }

      return "!VAL!";
    }