Started with subscription resource REST endpoints.

README.md

@@ -26,7 +26,7 @@ Creating Subscription for FHIR Resource Patient:
               "criteria": "Patient?",
               "channel": {
                   "type": "rest-hook",
-                  "endpoint": "http://localhost:8081/remote-fhir-web-hook/73cd99c5-0ca8-42ad-a53b-1891fccce08f/667bfa41-867c-4796-86b6-eb9f9ed4dc94",
+                  "endpoint": "http://localhost:8081/remote-fhir-rest-hook/73cd99c5-0ca8-42ad-a53b-1891fccce08f/667bfa41-867c-4796-86b6-eb9f9ed4dc94",
                   "header": "Authorization: Bearer jhsj832jDShf8ehShdu7ejhDhsilwmdsgs",
                   "payload": "application/fhir+json"
               }, "status": "requested"}'
@@ -39,7 +39,7 @@ Creating Subscription for FHIR Resource Immunization:
                 "criteria": "Immunization?",
                 "channel": {
                     "type": "rest-hook",
-                    "endpoint": "http://localhost:8081/remote-fhir-web-hook/73cd99c5-0ca8-42ad-a53b-1891fccce08f/a756ef2a-1bf4-43f4-a991-fbb48ad358ac",
+                    "endpoint": "http://localhost:8081/remote-fhir-rest-hook/73cd99c5-0ca8-42ad-a53b-1891fccce08f/a756ef2a-1bf4-43f4-a991-fbb48ad358ac",
                     "header": "Authorization: Bearer jhsj832jDShf8ehShdu7ejhDhsilwmdsgs",
                     "payload": "application/fhir+json"
                 }, "status": "requested"}'
@@ -52,7 +52,7 @@ Creating Subscription for FHIR Resource Observation:
                 "criteria": "Observation?",
                 "channel": {
                     "type": "rest-hook",
-                    "endpoint": "http://localhost:8081/remote-fhir-web-hook/73cd99c5-0ca8-42ad-a53b-1891fccce08f/b32b4098-f8e1-426a-8dad-c5c4d8e0fab6",
+                    "endpoint": "http://localhost:8081/remote-fhir-rest-hook/73cd99c5-0ca8-42ad-a53b-1891fccce08f/b32b4098-f8e1-426a-8dad-c5c4d8e0fab6",
                     "header": "Authorization: Bearer jhsj832jDShf8ehShdu7ejhDhsilwmdsgs",
                     "payload": "application/fhir+json"
                 }, "status": "requested"}'    
@@ -65,7 +65,7 @@ Creating Subscription for FHIR Resource Medication Requests:
                 "criteria": "MedicationRequest?",
                 "channel": {
                     "type": "rest-hook",
-                    "endpoint": "http://localhost:8081/remote-fhir-web-hook/73cd99c5-0ca8-42ad-a53b-1891fccce08f/0b732310-1cca-4b0a-9510-432d4f93f582",
+                    "endpoint": "http://localhost:8081/remote-fhir-rest-hook/73cd99c5-0ca8-42ad-a53b-1891fccce08f/0b732310-1cca-4b0a-9510-432d4f93f582",
                     "header": "Authorization: Bearer jhsj832jDShf8ehShdu7ejhDhsilwmdsgs",
                     "payload": "application/fhir+json"
                 }, "status": "requested"}'                

app/src/main/java/org/dhis2/fhir/adapter/App.java

@@ -31,6 +31,7 @@
 import org.dhis2.fhir.adapter.spring.YamlPropertySourceFactory;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
 import org.springframework.cache.annotation.EnableCaching;
@@ -43,7 +44,7 @@
  *
  * @author volsch
  */
-@SpringBootApplication
+@SpringBootApplication( exclude = { UserDetailsServiceAutoConfiguration.class } )
 @EnableCircuitBreaker
 @EnableCaching
 @EnableJms

app/src/main/java/org/dhis2/fhir/adapter/AppConfig.java

@@ -28,8 +28,13 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+import com.fasterxml.jackson.databind.ser.impl.SimpleBeanPropertyFilter;
+import com.fasterxml.jackson.databind.ser.impl.SimpleFilterProvider;
 import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateDeserializer;
 import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateSerializer;
+import org.dhis2.fhir.adapter.jackson.SecuredPropertyFilter;
+import org.dhis2.fhir.adapter.jackson.ToManyPropertyFilter;
+import org.dhis2.fhir.adapter.jackson.ToOnePropertyFilter;
 import org.dhis2.fhir.adapter.jackson.ZonedDateTimeDeserializer;
 import org.dhis2.fhir.adapter.jackson.ZonedDateTimeSerializer;
 import org.springframework.boot.autoconfigure.jackson.Jackson2ObjectMapperBuilderCustomizer;
@@ -58,8 +63,17 @@ public Jackson2ObjectMapperBuilderCustomizer jackson2ObjectMapperBuilderCustomiz
                 .serializers(
                     new ZonedDateTimeSerializer(),
                     new LocalDateSerializer( DateTimeFormatter.ISO_LOCAL_DATE ) )
-                .deserializers( new ZonedDateTimeDeserializer(),
+                .deserializers(
+                    new ZonedDateTimeDeserializer(),
                     new LocalDateDeserializer( DateTimeFormatter.ISO_LOCAL_DATE ) );
+            jacksonObjectMapperBuilder.filters( new SimpleFilterProvider()
+                .addFilter( SecuredPropertyFilter.FILTER_NAME, new SecuredPropertyFilter() )
+                .addFilter( ToManyPropertyFilter.FILTER_NAME, new SimpleBeanPropertyFilter()
+                {
+                } )
+                .addFilter( ToOnePropertyFilter.FILTER_NAME, new SimpleBeanPropertyFilter()
+                {
+                } ) );
         };
     }
 }

app/src/main/java/org/dhis2/fhir/adapter/MethodSecurityConfig.java

@@ -0,0 +1,44 @@
+package org.dhis2.fhir.adapter;
+
+/*
+ * Copyright (c) 2004-2018, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
+
+/**
+ * Enables the global method security.
+ *
+ * @author volsch
+ */
+@Configuration
+@EnableGlobalMethodSecurity( prePostEnabled = true, securedEnabled = true, jsr250Enabled = true )
+public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration
+{
+}

app/src/main/java/org/dhis2/fhir/adapter/WebSecurityConfig.java

@@ -0,0 +1,96 @@
+package org.dhis2.fhir.adapter;
+
+/*
+ * Copyright (c) 2004-2018, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.dhis2.fhir.adapter.dhis.config.DhisEndpointConfig;
+import org.dhis2.fhir.adapter.dhis.security.DhisWebApiAuthenticationProvider;
+import org.dhis2.fhir.adapter.dhis.security.SecurityConfig;
+import org.springframework.boot.web.client.RestTemplateBuilder;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+import javax.annotation.Nonnull;
+
+/**
+ * Security configuration of complete application.
+ *
+ * @author volsch
+ */
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter
+{
+    protected static final String DHIS_BASIC_REALM = "DHIS2";
+
+    private final RestTemplateBuilder restTemplateBuilder;
+
+    private final DhisEndpointConfig dhisEndpointConfig;
+
+    private final SecurityConfig securityConfig;
+
+    public WebSecurityConfig( @Nonnull RestTemplateBuilder restTemplateBuilder, @Nonnull DhisEndpointConfig dhisEndpointConfig, @Nonnull SecurityConfig securityConfig )
+    {
+        this.restTemplateBuilder = restTemplateBuilder;
+        this.dhisEndpointConfig = dhisEndpointConfig;
+        this.securityConfig = securityConfig;
+    }
+
+    @Override
+    protected void configure( @Nonnull HttpSecurity http ) throws Exception
+    {
+        http.sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS );
+        http.csrf().disable();
+        http
+            .authorizeRequests()
+            .antMatchers( "/remote-fhir-rest-hook/**" ).permitAll()
+            .anyRequest().authenticated()
+            .and()
+            .httpBasic().realmName( DHIS_BASIC_REALM );
+    }
+
+    @Override
+    protected void configure( AuthenticationManagerBuilder auth )
+    {
+        auth.authenticationProvider( new DhisWebApiAuthenticationProvider( restTemplateBuilder, dhisEndpointConfig, securityConfig ) );
+    }
+
+    @Override
+    protected UserDetailsService userDetailsService()
+    {
+        return username -> {
+            throw new UsernameNotFoundException( "User details service cannot be provided." );
+        };
+    }
+}

app/src/main/resources/application.yml

@@ -30,6 +30,10 @@ spring:
   jackson:
     serialization:
       write-dates-as-timestamps: false
+  data:
+    rest:
+      basePath: /api/1.00
+      detection-strategy: annotated
   jpa:
     generate-ddl: false
     hibernate:

app/src/main/resources/default-application.yml

@@ -45,6 +45,11 @@ spring:
       server-id: 1
       persistent: true
       data-directory: ${dhis2.home}/services/fhir-adapter/artemis
+  jpa:
+    show-sql: false
+    properties:
+      hibernate:
+        format_sql: true
 
 hystrix:
   command:
@@ -68,20 +73,35 @@ dhis2.fhir-adapter:
     system-authentication:
       username: @dhis2.username@
       password: @dhis2.password@
+  security:
+    authorities:
+      administration:
+      - F_SYSTEM_SETTING
+      code-mapping:
+      - F_SYSTEM_SETTING
+      data-mapping:
+      - F_SYSTEM_SETTING
   cache:
-    dhis:
+    metadata:
       type: caffeine
       caffeine:
         spec: expireAfterAccess=60s,maximumSize=10000
       redis:
         time-to-live: 60s
-        key-prefix: fhir-adapter:dhis
-    fhir:
+        key-prefix: fhir-adapter:metadata
+    dhis:
       type: caffeine
       caffeine:
         spec: expireAfterAccess=120s,maximumSize=10000
       redis:
         time-to-live: 120s
+        key-prefix: fhir-adapter:dhis
+    fhir:
+      type: caffeine
+      caffeine:
+        spec: expireAfterAccess=500s,maximumSize=10000
+      redis:
+        time-to-live: 500s
         key-prefix: fhir-adapter:fhir
   remote:
     processor:

common/src/main/java/org/dhis2/fhir/adapter/jackson/ConditionallySecuredPropertyContainer.java

@@ -0,0 +1,43 @@
+package org.dhis2.fhir.adapter.jackson;
+
+/*
+ * Copyright (c) 2004-2018, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Implemented by container classes that contains one conditionally secured property.
+ *
+ * @author volsch
+ */
+public interface ConditionallySecuredPropertyContainer
+{
+    /**
+     * @return <code>true</code> if the {@linkplain SecuredProperty secured property}
+     * contains a secure value that must not be serialized, <code>false</code> otherwise.
+     */
+    boolean isSecure();
+}