Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

40 : Add keycloak authentication in jpa server starter #1

Merged
merged 7 commits into from
Jun 28, 2021
Merged

40 : Add keycloak authentication in jpa server starter #1

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
fa3b600
40 : Add keycloak authenticaon in jpa server starter
rehammuzzamil Jun 11, 2021
140a498
Fix import issue
rehammuzzamil Jun 11, 2021
959e459
40 : Integrate Keycloak for Authentication
rehammuzzamil Jun 14, 2021
7259b63
40 : Integrate Keycloak for Authentication
rehammuzzamil Jun 15, 2021
9773352
Updated dependency of auth package
rehammuzzamil Jun 17, 2021
928a9ae
Updated dependency of auth package
rehammuzzamil Jun 17, 2021
ac76585
Updated dependency of auth package
rehammuzzamil Jun 22, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,12 @@
<classifier>classes</classifier>
</dependency>

<dependency>
<groupId>ca.uhn.hapi.fhir</groupId>
<artifactId>hapi-fhir-opensrp-security-config</artifactId>
<version>5.4.0-PRE5-SNAPSHOT</version>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version for this should be start from 0.0.1

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, here is the new repo.

</dependency>

<!-- HAPI-FHIR uses Logback for logging support. The logback library is included automatically by Maven as a part of the hapi-fhir-base dependency, but you also need to include a logging library. Logback
is used here, but log4j would also be fine. -->
<dependency>
Expand Down
5 changes: 4 additions & 1 deletion src/main/java/ca/uhn/fhir/jpa/starter/Application.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,10 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.elasticsearch.ElasticsearchRestClientAutoConfiguration;
import org.springframework.boot.autoconfigure.web.servlet.error.ErrorMvcAutoConfiguration;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.web.servlet.ServletComponentScan;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
Expand All @@ -25,6 +27,7 @@
JpaRestfulServer.class})
@SpringBootApplication(exclude = {ElasticsearchRestClientAutoConfiguration.class})
@Import({SubscriptionSubmitterConfig.class, SubscriptionProcessorConfig.class, SubscriptionChannelConfig.class, WebsocketDispatcherConfig.class, MdmConfig.class})
@EnableAutoConfiguration(exclude = {ErrorMvcAutoConfiguration.class})
public class Application extends SpringBootServletInitializer {

public static void main(String[] args) {
Expand Down Expand Up @@ -52,7 +55,7 @@ public ServletRegistrationBean hapiServletRegistration() {
JpaRestfulServer jpaRestfulServer = new JpaRestfulServer();
beanFactory.autowireBean(jpaRestfulServer);
servletRegistrationBean.setServlet(jpaRestfulServer);
servletRegistrationBean.addUrlMappings("/fhir/*");
servletRegistrationBean.addUrlMappings("/fhir/rest/*");
Copy link

@ekigamba ekigamba Jun 15, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure why this change was made. Could you help me understand why this change is needed?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ekigamba this change was made to make the test page overlay work.
As context for web UI and API both were same starting with /fhir therefore we have added /fhir/rest to distinguish the context for the APIs. With this approach, we have disabled the web security on /fhir.

But test page overlay still does not support Authentication and is broken when we try to hit API from there. We may think to remove it as it was before and fix the test page overlay in some other issue.

Let me re-test it after removing the /rest from the context.

cc: @maimoonak @dubdabasoduba

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated back to the original one. @ekigamba
cc : @maimoonak

servletRegistrationBean.setLoadOnStartup(1);

return servletRegistrationBean;
Expand Down
24 changes: 19 additions & 5 deletions src/main/resources/application.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
spring:
main:
allow-bean-definition-overriding: true
datasource:
url: 'jdbc:h2:file:./target/database/h2'
url: 'jdbc:postgresql://localhost:5432/hapi_fhir'
#url: jdbc:h2:mem:test_mem
username: sa
password: null
driverClassName: org.h2.Driver
username: postgres
password: root
driverClassName: org.postgresql.Driver
Comment on lines -3 to +9
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The secrets in this should be moved to a private repository or secrets file. @dubdabasoduba will liase with SRE and decided how to move forward with this

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@manutarus @bennsimon Do you have an idea of how to use secret files to provide these creds?

max-active: 15

# database connection pool size
Expand Down Expand Up @@ -110,7 +112,7 @@ hapi:
tester:
home:
name: Local Tester
server_address: 'http://localhost:8080/fhir'
server_address: 'http://localhost:8080/fhir/rest'
refuse_to_fetch_third_party_urls: false
fhir_version: R4
global:
Expand Down Expand Up @@ -153,3 +155,15 @@ hapi:
# protocol: 'http'
# schema_management_strategy: CREATE
# username: SomeUsername
#security:
# ignored: none
keycloak:
auth-server-url: http://localhost:8180/auth/
realm: fhir-core
resource: fhir-core-server
credentials:
secret: b7747a19-f72f-4906-8892-8438ce2492be
dubdabasoduba marked this conversation as resolved.
Show resolved Hide resolved
ssl-required: external
# use-resource-role-mappings: true,
logging.level.org.springframework.web: trace
logging.level.org.apache: trace