How to implement basic http authentication to HAPI's home page

[san...@gmail.com]

Hello All,

I followed the steps to implement the basic http authentication in HAPI and was successful in doing so with least effort.

Now the question I have is, how can I implement the same in HAPI's home page (where we see the resources).

I would also like to implement the authentication for the same.

When someone tries to access this page, the browser's default dialog for entering the username/password should show up (the one we see when we set "WWW-Authenticate": "Basic" in the http response)

I'm new to Java and would appreciate if someone can throw some light to it.

regards,

Suresh

[James Agnew]

Hi Sansur,

What home page are you referring to? Do you mean the web testing UI?

If so, it's certainly possible using a wide variety of techniques (filters in web.xml, Spring Security, etc.). None of these are documented right now though unfortunately.. There are lots of tutorials online though that show how to do security in Java web applications.

Cheers,

James

--
You received this message because you are subscribed to the Google Groups "HAPI FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hapi-fhir+unsubscribe@googlegroups.com.
To post to this group, send email to hapi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hapi-fhir/b89487d5-135c-4f71-8d85-7a358dfb9754%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[alan....@gmail.com]

Hi

I'm new to the FHIR world, and found HAPI a fantastic project! thanks for the efort.

I know how to secure using web.xml, but as the last message is quite old, maybe there is something done in the last years about this in the testing ui. Please let me know. Just to avoid reinventing the wheel...

Thanks

Alan

Em quarta-feira, 24 de agosto de 2016 11:33:33 UTC-3, James Agnew escreveu:

Hi Sansur,

What home page are you referring to? Do you mean the web testing UI?

If so, it's certainly possible using a wide variety of techniques (filters in web.xml, Spring Security, etc.). None of these are documented right now though unfortunately.. There are lots of tutorials online though that show how to do security in Java web applications.

Cheers,

James

On Wed, Aug 24, 2016 at 12:45 AM, <san...@gmail.com> wrote:

Hello All,

I followed the steps to implement the basic http authentication in HAPI and was successful in doing so with least effort.

Now the question I have is, how can I implement the same in HAPI's home page (where we see the resources).

I would also like to implement the authentication for the same.

When someone tries to access this page, the browser's default dialog for entering the username/password should show up (the one we see when we set "WWW-Authenticate": "Basic" in the http response)

I'm new to Java and would appreciate if someone can throw some light to it.

regards,

Suresh

--
You received this message because you are subscribed to the Google Groups "HAPI FHIR" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hapi...@googlegroups.com.

[Gérard Bisama]

Hi the community,

The Hapi FHIR is realy a wonderfull tool and I would like to take this opportunity to thank the implementation team and all the community for the involvment. However, there is a recurrent subjet concerning how to setup authentication/security (ie Basic authentication) to protect resources from external access using username/password. Is there any  clear step to step up basic authentication or any other type to protect the server?

Thank you

[James Agnew]

Hi Gerard,

The main reason there is no documentation about this is that Authentication is out of scope for HAPI FHIR. We have interceptors for Authorization (ie. applying rules about what an authenticated user is allowed to do) but the actual act of checking a request's credentials against a user directory or token store is well covered by any number of other frameworks, so it wouldn't make sense for HAPI FHIR to duplicate this.

I've used Spring Security for this part many times (it can authenticate servlet APIs like HAPI FHIR's RestfulServer, and it can integrate will all kinds of other user directory systems). You could also add authentication logic to AuthorizationInterceptor if you wanted.

Cheers,

James

To unsubscribe from this group and stop receiving emails from it, send an email to hapi-fhir+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hapi-fhir/17b85fdb-a01d-49c5-b45e-634fb60b4738n%40googlegroups.com.