Securing dcm4chee-arc-psql REST endpoints

[Walco van Loon]

Hi,

I’m evaluating dcm4chee using the Docker image (dcm4chee-arc-psql:5.11.0-secure-ui) 

and so far very happy with the provided functionality! 

What I’ve noticed is that although the UI is secured by Keycloak, the REST APIs are not.

This seems to be due to the fact that the Docker image ships with this ear file:

dcm4chee-arc-ear-5.11.0-psql-secure-ui.ear containing the unsecured archive web app: dcm4chee-arc-war-5.11.0-unsecure.war.

I’ve seen that there is also a secure version which is also referenced in the Keycloak section in the dcm4chee-arc.xml Wildfly config file.

Is there a reason why this is not included in the distribution? Will it become the default in the future?

And to resolve this issue, is there a bundled version of that includes the dcm4chee-arc-war-5.11.0-secure.war

 war already or do I need to build a Docker image with a modified ear? 

In the future, would Wildfly allow for a deployment that allows more “mix and match of” web app archives to build a deployment more modularly for different security profiles or database back-ends?

And finally, If I use dcm4chee-arc-war-5.11.0-secure, can I leverage OAuth bearer tokens from Keycloak to access the REST APIs securely? Will the UI still be fully functional?

Thanks in advance for your replies, and I would be happy to contribute!

Regards

Walco

[gunterze]

5.11.0 is not yet released. The current Docker images dcm4che/dcm4chee-arc-psql:5.11.0-secure-ui and dcm4che/dcm4chee-arc-psql:5.11.0-secure contains Alpha version used for internal testing. Final 5.11.0 should be available next week. Then there will be again a version (=5.11.0-secure) which secured UI and RESTful services.

gunter

[Walco van Loon]

Hi Gunter,

Thanks for the explanation! I'm looking forward to 5.11 final.

Regards

Walco