@Override public Object translateQueryParametersIntoServerArgument( RequestDetails theRequest, byte[] theRequestContents, BaseMethodBinding<?> theMethodBinding) throws InternalErrorException, InvalidRequestException { List<QualifiedParamList> paramList = new ArrayList<QualifiedParamList>(); String name = getName(); parseParams(theRequest, paramList, name, null); List<String> qualified = theRequest.getUnqualifiedToQualifiedNames().get(name); if (qualified != null) { for (String nextQualified : qualified) { parseParams(theRequest, paramList, nextQualified, nextQualified.substring(name.length())); } } if (paramList.isEmpty()) { ourLog.debug( "No value for parameter '{}' - Qualified names {} and qualifier whitelist {}", getName(), qualified, getQualifierWhitelist()); if (handlesMissing()) { return parse(theRequest.getServer().getFhirContext(), paramList); } else { return null; } } return parse(theRequest.getServer().getFhirContext(), paramList); }
@Override public Verdict applyRule( RestOperationTypeEnum theOperation, RequestDetails theRequestDetails, IBaseResource theInputResource, IIdType theInputResourceId, IBaseResource theOutputResource, IRuleApplier theRuleApplier) { if (theInputResourceId != null) { return null; } if (theOperation == myOperationType) { switch (myAppliesTo) { case ALL_RESOURCES: break; case TYPES: if (theInputResource == null || !myAppliesToTypes.contains(theInputResource.getClass())) { return null; } break; } if (theRequestDetails.getConditionalUrl(myOperationType) == null) { return null; } return newVerdict(); } return null; }
private void parseParams( RequestDetails theRequest, List<QualifiedParamList> paramList, String theQualifiedParamName, String theQualifier) { QualifierDetails qualifiers = SearchMethodBinding.extractQualifiersFromParameterName(theQualifier); if (!qualifiers.passes(getQualifierWhitelist(), getQualifierBlacklist())) { return; } String[] value = theRequest.getParameters().get(theQualifiedParamName); if (value != null) { for (String nextParam : value) { if (nextParam.contains(",") == false) { paramList.add(QualifiedParamList.singleton(theQualifier, nextParam)); } else { paramList.add( QualifiedParamList.splitQueryStringByCommasIgnoreEscape(theQualifier, nextParam)); } } } }
@Override public List<IAuthRule> buildRuleList(RequestDetails theRequestDetails) { String authHeader = theRequestDetails.getHeader("Authorization"); // @formatter:off if (isBlank(authHeader)) { return new RuleBuilder() .deny() .operation() .named(BaseJpaSystemProvider.MARK_ALL_RESOURCES_FOR_REINDEXING) .onServer() .andThen() .deny() .operation() .named(TerminologyUploaderProviderDstu3.UPLOAD_EXTERNAL_CODE_SYSTEM) .onServer() .andThen() .allowAll() .build(); } // @formatter:off if (!authHeader.startsWith("Bearer ")) { throw new ForbiddenOperationException( "Invalid bearer token, must be in the form \"Authorization: Bearer [token]\""); } String token = authHeader.substring("Bearer ".length()).trim(); if (!myTokens.contains(token)) { ourLog.error("Invalid token '{}' - Valid are: {}", token, myTokens); throw new ForbiddenOperationException("Unknown/expired bearer token"); } ourLog.info("User logged in with bearer token: " + token.substring(0, 4) + "..."); return new RuleBuilder().allowAll().build(); }
@Override public String lookup(String theKey) { /* * TODO: this method could be made more efficient through some sort of lookup map */ if ("operationType".equals(theKey)) { if (myRequestDetails.getRestOperationType() != null) { return myRequestDetails.getRestOperationType().getCode(); } return ""; } else if ("operationName".equals(theKey)) { if (myRequestDetails.getRestOperationType() != null) { switch (myRequestDetails.getRestOperationType()) { case EXTENDED_OPERATION_INSTANCE: case EXTENDED_OPERATION_SERVER: case EXTENDED_OPERATION_TYPE: return myRequestDetails.getOperation(); default: return ""; } } else { return ""; } } else if ("id".equals(theKey)) { if (myRequestDetails.getId() != null) { return myRequestDetails.getId().getValue(); } return ""; } else if ("servletPath".equals(theKey)) { return StringUtils.defaultString(myRequest.getServletPath()); } else if ("idOrResourceName".equals(theKey)) { if (myRequestDetails.getId() != null) { return myRequestDetails.getId().getValue(); } if (myRequestDetails.getResourceName() != null) { return myRequestDetails.getResourceName(); } return ""; } else if (theKey.equals("requestParameters")) { StringBuilder b = new StringBuilder(); for (Entry<String, String[]> next : myRequestDetails.getParameters().entrySet()) { for (String nextValue : next.getValue()) { if (b.length() == 0) { b.append('?'); } else { b.append('&'); } try { b.append(URLEncoder.encode(next.getKey(), "UTF-8")); b.append('='); b.append(URLEncoder.encode(nextValue, "UTF-8")); } catch (UnsupportedEncodingException e) { throw new ca.uhn.fhir.context.ConfigurationException("UTF-8 not supported", e); } } } return b.toString(); } else if (theKey.startsWith("requestHeader.")) { String val = myRequest.getHeader(theKey.substring("requestHeader.".length())); return StringUtils.defaultString(val); } else if (theKey.startsWith("remoteAddr")) { return StringUtils.defaultString(myRequest.getRemoteAddr()); } else if (theKey.equals("responseEncodingNoDefault")) { EncodingEnum encoding = RestfulServerUtils.determineResponseEncodingNoDefault( myRequestDetails, myRequestDetails.getServer().getDefaultResponseEncoding()); if (encoding != null) { return encoding.name(); } else { return ""; } } else if (theKey.equals("exceptionMessage")) { return myException != null ? myException.getMessage() : null; } else if (theKey.equals("requestUrl")) { return myRequest.getRequestURL().toString(); } else if (theKey.equals("requestVerb")) { return myRequest.getMethod(); } else if (theKey.equals("requestBodyFhir")) { String contentType = myRequest.getContentType(); if (isNotBlank(contentType)) { int colonIndex = contentType.indexOf(';'); if (colonIndex != -1) { contentType = contentType.substring(0, colonIndex); } contentType = contentType.trim(); EncodingEnum encoding = EncodingEnum.forContentType(contentType); if (encoding != null) { byte[] requestContents = myRequestDetails.loadRequestContents(); return new String(requestContents, Charsets.UTF_8); } } return ""; } return "!VAL!"; }