How to make a FHIR-request inside an interceptor?

[Lars Kristian Roland]

Hi,

we have made a proof-of-concept of an authorization-interceptor for HAPI-FHIR, The REST-requests from web client have a JWT-token in the Authorization header. We verify the token using the cert from the OAuth-server and then pick out the scopes and do some checking that the user is allowed to do the things they try to. It's not complete, and probably has a lot of flaws, but it's working for our demo at ieast. If anyone are interested in using it, it can be accessed here; https://bitbucket.org/ehelse/hapi-fhir-ehelse

Now for the question:

In our intercepter, when I get an incoming request from a user who doesn't have a patient record (this is a personal health archive), I create the patient object automatically (based on authentication info). The sub-value in the JWT-token is used as an identifier in the Patient, but not as the patient resource id itself. I create the Patient object using the HAPI-FHIR client library, inside the server interceptor, but then I post it using HTTP back to the server. I also have to do a similar HTTP-request to check if the user exists, mapping the identifier to the resource id (I made a small cache-hack to make this faster). 

Seems a bit awkward and probably not efficient to do this by HTTP. Is there a way of doing internal requests from inside a server interceptor? I guess HTTP is fine functionally, but doesn't seem very efficient.

I'd like to do the same for AuditEvent, creating an AuditEvent when objects are created/deleted/changed (inside the JPA-interceptor). 

Thanks!

Best regards,

Lars

[James Agnew]

Hi Lars,

Are you using the JPA server? This is possible, but a little inelegant.

Assuming so, you could certainly make your calls internally by asking the Spring ApplicationContext for the Patient IResourceDao instance. This will have a bean name resembling "myPatientRpDstu2".

The only drawback to this is that the IResourceDao is not as well documented/JavaDoc'ed as the more "outside-facing" parts of the API. It should be reasonably self-explanatory though, it has methods like "create" and "update".

Cheers,

James

--
You received this message because you are subscribed to the Google Groups "HAPI FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hapi-fhir+...@googlegroups.com.
To post to this group, send email to hapi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hapi-fhir/9fc6734e-65d0-40c2-a80c-2daaeb45ef68%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Lars Kristian Roland]

Thanks. 

I've managed to get the autowire to work (I think), but I'm not quite able to build a search request. My sample code is as follows, which is supposed to search for a patient with a specific identifier...

It gives me an exception: 2016-03-01 19:14:47.220 [http-bio-8080-exec-2] ERROR n.m.a.i.AuthorizationInterceptor [AuthorizationInterceptor.java:401] While doing internal call:java.lang.IllegalArgumentException: Invalid token type: class ca.uhn.fhir.rest.param.StringParam

java.lang.IllegalArgumentException: Invalid token type: class ca.uhn.fhir.rest.param.StringParam

so it's obviously wrong... Any hint on how to build such a search request? 

String system = "urn:ietf:rfc:3986";

        String identifierWithUrnPrefix = "urn:uuid:"+identifier;

        try {

            SearchParameterMap paramMap = new SearchParameterMap();

            StringParam param = new StringParam();

            param.setValue(system + "|" + identifierWithUrnPrefix);

            paramMap.add("identifier", param);

            IBundleProvider bundle = myPatientDao.search(paramMap);

            logger.info("Did internal patient call. Got " + bundle.size() + " results." + bundle.toString());

            if (bundle.size() > 0) {

                List<IBaseResource> resources = bundle.getResources(0,1);

                logger.info("Id of found resource:"+resources.get(0).getIdElement().getIdPart());

            }

        } catch(Exception e) {

            logger.error("While doing internal call:"+e,e);

        }

        if (patientMapping == null) {

            patientMapping = new LinkedHashMap<>();

        }

[James Agnew]

You're almost there.

Patient:identifier is a token search param, not a string one, so replace StringParam with TokenParam in your code and set the system and value separately. That should work with those changes.

Cheers,

James

To view this discussion on the web visit https://groups.google.com/d/msgid/hapi-fhir/e6fc7c0d-3cda-4271-8925-4b5c0be76d9a%40googlegroups.com.

[ng.qu...@gmail.com]

I'm trying to do something similar in an Authentication interceptor.

How do I define the autowired bean for  IResourceDao?

[Malcolm McRoberts]

I've been able to do this.  I didn't use autowired, I just called getbean on the appcontext.  I agree, the DAO isn't easy to use.

[Raed Moussaoui]

Hi @Lars Kristian Roland

Is the Poc still available ?