HAPI FHIR TestPage - Authorization header

181 views
Skip to first unread message

Malcolm McRoberts

unread,
Oct 24, 2017, 8:53:56 AM10/24/17
to HAPI FHIR
This page is a handy, quick check for developers to see if everything is working ok, but if I add authorization to my FHIR services it won't work anymore.  How hard would it be to get this page to pass in an Authorization header ?  I did a lot of google research and the results weren't very encouraging.

James Agnew

unread,
Oct 24, 2017, 10:19:37 AM10/24/17
to Malcolm McRoberts, HAPI FHIR
Hi Malcolm,

This is definitely possible.

Essentially you need to define your own custom ITestingUiClientFactory which registers an appropriate interceptor against your client. There's an example project which does this with HTTP Basic Auth here: https://github.com/jamesagnew/hapi-fhir/tree/master/example-projects/hapi-fhir-standalone-overlay-example

Cheers,
James

On Tue, Oct 24, 2017 at 8:53 AM, Malcolm McRoberts <malco...@gmail.com> wrote:
This page is a handy, quick check for developers to see if everything is working ok, but if I add authorization to my FHIR services it won't work anymore.  How hard would it be to get this page to pass in an Authorization header ?  I did a lot of google research and the results weren't very encouraging.

--
You received this message because you are subscribed to the Google Groups "HAPI FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hapi-fhir+unsubscribe@googlegroups.com.
To post to this group, send email to hapi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hapi-fhir/65bd2d52-a062-448a-88b7-c314d18a4b70%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

James Agnew

unread,
Oct 24, 2017, 10:41:40 AM10/24/17
to Malcolm McRoberts, hapi...@googlegroups.com
The TestPage uses JQuery in the browser, but it has a Java (Spring MVC) server component too. The latter is where the FHIR client calls happen, so the example above is the only way you could add authorization headers...

On Tue, Oct 24, 2017 at 10:26 AM, Malcolm McRoberts <malco...@gmail.com> wrote:
So, I was looking to just tweek the TestPage, which is a jQuery app.  Isn't that all browser side?  I thought I needed something like JSP to use the client libs.

James Agnew

unread,
Oct 24, 2017, 9:48:52 PM10/24/17
to Malcolm McRoberts, hapi...@googlegroups.com
Hi Malcolm,

Yup, that's an example of such a client factory, and you're correct, that one isn't hooked up by default.

Cheers,
James

On Tue, Oct 24, 2017 at 3:12 PM, Malcolm McRoberts <malco...@gmail.com> wrote:
There's a class BearerTokenClientFactory that looks like it will register the right interceptor using a token it gets from the "apiKey" parameter, but I'm not sure it's actually configured to be called.
Reply all
Reply to author
Forward
0 new messages