ca.uhn.fhir.rest.server.exceptions.AuthenticationException Java Examples

The following examples show how to use ca.uhn.fhir.rest.server.exceptions.AuthenticationException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: OAuth2Interceptor.java    From careconnect-reference-implementation with Apache License 2.0 5 votes vote down vote up
@Override
public boolean incomingRequestPreProcessed(HttpServletRequest theRequest, HttpServletResponse theResponse) {

    String resourcePath = theRequest.getPathInfo();
    logger.info("Accessing Resource" + resourcePath);
    if (excludedPaths.contains(resourcePath)){
        logger.info("Accessing unprotected resource" + resourcePath);
        return true;
    }

    String authorizationHeader = theRequest.getHeader(HttpHeaders.AUTHORIZATION);
    if (authorizationHeader == null){
        logger.warn("OAuth2 Authentication failure.  No OAuth Token supplied in Authorization Header on Request.");
        throw new AuthenticationException("Unauthorised access to protected resource");
    }
    OAuthToken oAuthToken = OAuthTokenUtil.parseOAuthToken(authorizationHeader);

    // Check that the OAuth Token has not expired
    if (oAuthToken.isExpired()){
        logger.warn("OAuth2 Authentication failure due to expired token");
        throw new AuthenticationException("OAuth2 Authentication Token has expired.");
    }

    // Check that the Scopes on the Token allow access to the specified resource
    String resourceName = extractResourceName(resourcePath);
    if (!allowedAccess(resourceName, theRequest.getMethod(), oAuthToken)){
        logger.warn("OAuth2 Authentication failed due to insufficient access rights: ");
        throw new ForbiddenOperationException(String.format("Insufficient Access Rights to access %s.", resourceName));
    }

    logger.debug("Authenticated Access to " + resourcePath);
    return true;
}
 
Example #2
Source File: OAuthTokenUtil.java    From careconnect-reference-implementation with Apache License 2.0 5 votes vote down vote up
private static OAuthToken parseJwtToken(String jwtToken) {
    try {
        Jwt jwt = JwtHelper.decode(jwtToken);
        ObjectMapper mapper = new ObjectMapper();
        return mapper.readValue(jwt.getClaims().getBytes(), OAuthToken.class);
    } catch (IOException e) {
        throw new AuthenticationException("Invalid OAuth2 Token", e);
    }
}
 
Example #3
Source File: OAuthTokenUtil.java    From careconnect-reference-implementation with Apache License 2.0 5 votes vote down vote up
public static String extractTokenFromHeader(String authHeader) {
    if (authHeader.toLowerCase().startsWith(TOKEN_PREFIX)) {
        return authHeader.substring(TOKEN_PREFIX.length());
    } else {
        throw new AuthenticationException("Invalid OAuth Header.  Missing Bearer prefix");
    }
}
 
Example #4
Source File: CCRequestValidatingInterceptor.java    From careconnect-reference-implementation with Apache License 2.0 4 votes vote down vote up
public boolean incomingRequestPostProcessed(RequestDetails theRequestDetails, HttpServletRequest theRequest, HttpServletResponse theResponse) throws AuthenticationException {
    EncodingEnum encoding = RestfulServerUtils.determineRequestEncodingNoDefault(theRequestDetails);

    if (encoding == null || theRequestDetails.getOperation() != null) {
        log.trace("Incoming request does not appear to be FHIR, not going to validate");
        return true;
    } else {
        Charset charset = ResourceParameter.determineRequestCharset(theRequestDetails);
        String requestText = new String(theRequestDetails.loadRequestContents(), charset);
        if (StringUtils.isBlank(requestText)) {
            log.trace("Incoming request does not have a body");
            return true;
        } else {
            //log.info(theRequest.getMethod());
            if ((theRequest.getMethod().equals("POST") && !theRequest.getRequestURI().contains("$validate") ) || theRequest.getMethod().equals("PUT")) {


                IBaseResource resource = null;
                switch (encoding) {
                    case JSON:
                        resource = ctx.newJsonParser().parseResource(requestText);
                        break;
                    case XML:
                        resource = ctx.newXmlParser().parseResource(requestText);
                        break;
                }
                if (resource instanceof Bundle) {
                    Bundle bundle = (Bundle) resource;
                    for (Bundle.BundleEntryComponent entry : bundle.getEntry()) {
                       entry.setResource((Resource) setProfile(entry.getResource()));
                    }
                } else {
                    resource = setProfile(resource);
                }

                // Should not need to convert in the interceptor.


                try {

                    results = this.fhirValidator.validateWithResult(resource);
                } catch (Exception val) {
                    log.error(val.getMessage());
                    return true;
                }

                //OperationOutcome outcomeR4 = ;

                OperationOutcome outcome = null;
                if (results.toOperationOutcome() instanceof org.hl7.fhir.r4.model.OperationOutcome) {OperationOutcomeFactory.removeUnsupportedIssues((org.hl7.fhir.r4.model.OperationOutcome) results.toOperationOutcome(), null);
                    outcome = OperationOutcomeFactory.removeUnsupportedIssues((org.hl7.fhir.r4.model.OperationOutcome) results.toOperationOutcome(), null);
                } else {
                    outcome = OperationOutcomeFactory.removeUnsupportedIssues((OperationOutcome) results.toOperationOutcome());
                }


                if (!pass(outcome)) {
                    log.info("VALIDATION FAILED");
                    System.out.println(ctx.newXmlParser().setPrettyPrint(true).encodeResourceToString(outcome));
                    throw new UnprocessableEntityException(theRequestDetails.getServer().getFhirContext(), outcome);
                }
            }
            return true;
        }
    }
}