0

Hi standing up a small FHIR v4 server with HAPI. I'm not great with Spring/Java having a hard time figuring out how to configure openapi with HAPI FHIR. Specifically I want to configure openapi to provide a button to authenticate users (with an implicit flow against my IDP) before allowing them to hit my FHIR endpoints. Does the built in HAPI OpenApiInterceptor have a way to provide an authentication mechinism?

https://hapifhir.io/hapi-fhir/docs/server_plain/openapi.html

To clarify I can add the interceptor and get the swagger page to get served but I cannot figure out how to configure the interceptor such that I can provide a mechinism to authenticate users. This code block works but doesn't appear to provide me a way to configure swagger auth.

   @Override
   protected void initialize() throws ServletException {

      // ... define your resource providers here ...

      // Now register the interceptor
      OpenApiInterceptor openApiInterceptor = new OpenApiInterceptor();
      registerInterceptor(openApiInterceptor);

   }
cobolstinks
  • 6,801
  • 16
  • 68
  • 97

2 Answers2

0

OpenApiInterceptor does not performs authorization of users. Hapi has provided us various interceptors to perform some tasks in your case you should refer this, it will give you some idea.

Hapi fhir authorization interceptor

Onkar Jadhav
  • 25
  • 6
0

You can extend the OpenApiInterceptor class and @Override the "generateOpenApi" method to add your extra needed OpenAPI configuration after calling the parent method.

public class CustomOpenApiInterceptor extends OpenApiInterceptor {

...

@Override
protected OpenAPI generateOpenApi(ServletRequestDetails theRequestDetails) {
    OpenAPI openApi = super.generateOpenApi(theRequestDetails);
    // Add Authentication to OAS spec.
    openApi.getComponents().addSecuritySchemes("oauth2schema", oauth2ImplicitSecurityScheme());
    SecurityRequirement securityRequirement = new SecurityRequirement();
    securityRequirement.addList("oauth2schema");
    openApi.security(Collections.singletonList(securityRequirement));
    return openApi;
}

...

}

chokirock
  • 13
  • 1
  • 3