How to create FHIR Client with BASIC Auth over SSL?
1,658 views
Skip to first unread message
deHund
Jun 19, 2017, 11:44:01 AM6/19/17
to HAPI FHIR
Hi, I like to add BASIC auth in SSL context using Tomcat Application Server.
The Tomcat's web.xml is configured for BASIC auth and the Tomcat Connector has SSLEnabled=true.
A Truststore would be available if necessary.
Basic Auth works in the browser against FHIR Server.
Any hint is appreciated. Thanks.
The Tomcat's web.xml is configured for BASIC auth and the Tomcat Connector has SSLEnabled=true.
A Truststore would be available if necessary.
Basic Auth works in the browser against FHIR Server.
Any hint is appreciated. Thanks.
James Agnew
Jun 19, 2017, 1:04:43 PM6/19/17
to deHund, HAPI FHIR
Hi there,
To create a client which uses basic auth, you need to use the BasicAuthInterceptor. There is an example here: http://hapifhir.io/doc_rest_client_interceptor.html#Security_HTTP_Basic_Authorization
Cheers,
James
--
You received this message because you are subscribed to the Google Groups "HAPI FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hapi-fhir+unsubscribe@googlegroups.com.
To post to this group, send email to hapi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hapi-fhir/b8273f38-140f-43ec-95db-7e369b7a27aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
deHund
Jun 20, 2017, 4:26:39 AM6/20/17
to HAPI FHIR, goo...@sven-haag.de
Hi James, thanks, I saw and tried that already. However the example seems to have some glitches.
- The "clientFactory" variable is not used
- Instead of genericClient.registerInterceptor the annotationClient variable is used
- To me it is unclear how the SSL context is reflected
What I have tried, but didn't work is the following:
FhirContext fhirContext = FhirContext.forDstu2Hl7Org();
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(new File(TRUSTSTORE_LOCATION), TRUSTSTORE_PASSWORD.toCharArray()).build();
SslAwareApacheRestfulClientFactory factory = new SslAwareApacheRestfulClientFactory(fhirContext);
factory.setSecurityInformation(new FhirSecurityInformation(true, sslContext, null, username, password));
BasicAuthInterceptor authInterceptor = new BasicAuthInterceptor(username, password);
IGenericClient client = factory.newGenericClient(serviceUrl); // https://hostname/fhir
client.registerInterceptor(authInterceptor);
fhirContext.setRestfulClientFactory(factory);
return fhirContext;
I am looking forward to your response.
Thanks.
Am Montag, 19. Juni 2017 19:04:43 UTC+2 schrieb James Agnew:
Hi there,To create a client which uses basic auth, you need to use the BasicAuthInterceptor. There is an example here: http://hapifhir.io/doc_rest_client_interceptor.html#Security_HTTP_Basic_AuthorizationCheers,James
On Mon, Jun 19, 2017 at 11:44 AM, deHund <goo...@sven-haag.de> wrote:
Hi, I like to add BASIC auth in SSL context using Tomcat Application Server.
The Tomcat's web.xml is configured for BASIC auth and the Tomcat Connector has SSLEnabled=true.
A Truststore would be available if necessary.
Basic Auth works in the browser against FHIR Server.
Any hint is appreciated. Thanks.
--
You received this message because you are subscribed to the Google Groups "HAPI FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hapi-fhir+...@googlegroups.com.
James Agnew
Jun 20, 2017, 5:33:17 AM6/20/17
to deHund, HAPI FHIR
Ah, it looks like there is a typo in that example. If you're using a generic client it should read as follows:
FhirContext ctx = FhirContext.forDstu2();
IRestfulClientFactory clientFactory = ctx.getRestfulClientFactory();
// Create an HTTP basic auth interceptor
String username = "foobar";
String password = "boobear";
IGenericClient genericClient = ctx.newRestfulGenericClient("http://localhost:9999/fhir");
genericClient.registerInterceptor(authInterceptor);
To unsubscribe from this group and stop receiving emails from it, send an email to hapi-fhir+unsubscribe@googlegroups.com.
To post to this group, send email to hapi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hapi-fhir/eb690537-c854-4e52-876f-c01f67cfda6c%40googlegroups.com.
deHund
Jun 20, 2017, 7:11:30 AM6/20/17
to HAPI FHIR
For SSL keystore and truststore are required. Though, if you could provide a, sort of self contained, example it would really help me out. Thanks.
James Agnew
Jun 20, 2017, 7:51:21 AM6/20/17
to deHund, HAPI FHIR
You sholud be able to supply these using system properties:
System.setProperty("javax.net.ssl.trustStore", "truststore path");
System.setProperty("javax.net.ssl.keyStore", "keystore path");
System.setProperty("javax.net.ssl.keyStorePassword", "keystore password");
Cheers,
James
On Tue, Jun 20, 2017 at 7:11 AM, deHund <goo...@sven-haag.de> wrote:
For SSL keystore and truststore are required. Though, if you could provide a, sort of self contained, example it would really help me out. Thanks.
--
You received this message because you are subscribed to the Google Groups "HAPI FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hapi-fhir+unsubscribe@googlegroups.com.
To post to this group, send email to hapi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hapi-fhir/44dfe639-e5f8-424a-85ca-1af6a4a44417%40googlegroups.com.
sanjayc...@gmail.com
Jun 29, 2017, 8:25:59 AM6/29/17
to HAPI FHIR
We are considering using HAPI with HTML/JS web browser client. Most examples for HAPI seem to be Java API based. Is there an example of how a Web application registers with oAuth Server and authorizes a user to access the FHIR database.
Something like http://docs.smarthealthit.org/tutorials/authorization/ on Smart FHIR for HAPI.
Thanks for your help.
Something like http://docs.smarthealthit.org/tutorials/authorization/ on Smart FHIR for HAPI.
Thanks for your help.
karun6...@gmail.com
Aug 8, 2019, 8:53:50 AM8/8/19
to HAPI FHIR
Hi James,
Can you help me with a link which describes these ind detail. An example would be of great help. Thanks!
On Tuesday, June 20, 2017 at 7:51:21 AM UTC-4, James Agnew wrote:
On Tue, Jun 20, 2017 at 7:11 AM, deHund <goo...@sven-haag.de> wrote:
For SSL keystore and truststore are required. Though, if you could provide a, sort of self contained, example it would really help me out. Thanks.--
You received this message because you are subscribed to the Google Groups "HAPI FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hapi...@googlegroups.com.
To post to this group, send email to hapi...@googlegroups.com.
James Agnew
Aug 8, 2019, 2:19:38 PM8/8/19
to karun6...@gmail.com, HAPI FHIR
The paths in the example you quoted are just filesystem paths. You just need them to point to a java keystore and truststore file, wherever they will be located on the server that hosts your application.
Cheers,
James
To unsubscribe from this group and stop receiving emails from it, send an email to hapi-fhir+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hapi-fhir/6c9f9a3a-0da4-48d1-bbbd-d003c623f681%40googlegroups.com.
David Alvarez
Mar 5, 2021, 6:15:51 AM3/5/21
to HAPI FHIR
Hi James,
Could you help me?
I am trying to register a BasicAuthInterceptor following the examples but it throws me an exception. I am using HAPI FHIR version 5.2.0
FhirContext ctx = FhirContext.forDstu3();
String serverBase = "https://myBaseHost";
String username = "MYUSERNAME";
String password = "MYPASS";
BasicAuthInterceptor authInterceptor = new BasicAuthInterceptor(username, password);
IGenericClient client = ctx.newRestfulGenericClient(serverBase);
client.registerInterceptor(authInterceptor);
Caused by: java.lang.NoSuchMethodError: org.apache.commons.lang3.reflect.MethodUtils.getAnnotation(Ljava/lang/reflect/Method;Ljava/lang/Class;ZZ)Ljava/lang/annotation/Annotation;
at ca.uhn.fhir.interceptor.executor.InterceptorService.findAnnotation(InterceptorService.java:590)
at ca.uhn.fhir.interceptor.executor.InterceptorService.scanInterceptorForHookMethods(InterceptorService.java:571)
at ca.uhn.fhir.interceptor.executor.InterceptorService.scanInterceptorAndAddToInvokerMultimap(InterceptorService.java:539)
at ca.uhn.fhir.interceptor.executor.InterceptorService.registerInterceptor(InterceptorService.java:204)
Could you help me?
Thanks!!
El lunes, 19 de junio de 2017 a las 14:04:43 UTC-3, james...@gmail.com escribió:
Hi there,To create a client which uses basic auth, you need to use the BasicAuthInterceptor. There is an example here: http://hapifhir.io/doc_rest_client_interceptor.html#Security_HTTP_Basic_AuthorizationCheers,JamesOn Mon, Jun 19, 2017 at 11:44 AM, deHund <goo...@sven-haag.de> wrote:Hi, I like to add BASIC auth in SSL context using Tomcat Application Server.
The Tomcat's web.xml is configured for BASIC auth and the Tomcat Connector has SSLEnabled=true.
A Truststore would be available if necessary.
Basic Auth works in the browser against FHIR Server.
Any hint is appreciated. Thanks.
--
You received this message because you are subscribed to the Google Groups "HAPI FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hapi-fhir+...@googlegroups.com.
James Agnew
Mar 5, 2021, 10:26:39 AM3/5/21
to David Alvarez, HAPI FHIR
That looks to me like you have a version of the commons-lang3 library that is too old on your classpath. Are you able to upgrade that library to the latest version?
Cheers,
James
To view this discussion on the web visit https://groups.google.com/d/msgid/hapi-fhir/8f4a4acc-8189-4c8e-a722-d0fbfefeda8fn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages