Package ca.uhn.fhir.rest.server.interceptor.auth

Class SearchNarrowingInterceptor

java.lang.Object

ca.uhn.fhir.rest.server.interceptor.auth.SearchNarrowingInterceptor

public class SearchNarrowingInterceptor
extends Object

This interceptor can be used to automatically narrow the scope of searches in order to automatically restrict the searches to specific compartments.

For example, this interceptor could be used to restrict a user to only viewing data belonging to Patient/123 (i.e. data in the Patient/123 compartment). In this case, a user performing a search for
http://baseurl/Observation?category=laboratory
would receive results as though they had requested
http://baseurl/Observation?subject=Patient/123&category=laboratory

Note that this interceptor should be used in combination with AuthorizationInterceptor if you are restricting results because of a security restriction. This interceptor is not intended to be a failsafe way of preventing users from seeing the wrong data (that is the purpose of AuthorizationInterceptor). This interceptor is simply intended as a convenience to help users simplify their queries while not receiving security errors for to trying to access data they do not have access to see.

See Also:

AuthorizationInterceptor

Constructor Summary

Constructors

Constructor	Description
SearchNarrowingInterceptor()

Method Summary

Modifier and Type	Method	Description
protected AuthorizedList	buildAuthorizedList(RequestDetails theRequestDetails)	Subclasses should override this method to supply the set of compartments that the user making the request should actually have access to.
boolean	incomingRequestPostProcessed(RequestDetails theRequestDetails, javax.servlet.http.HttpServletRequest theRequest, javax.servlet.http.HttpServletResponse theResponse)
void	incomingRequestPreHandled(ServletRequestDetails theRequestDetails, javax.servlet.http.HttpServletRequest theRequest, javax.servlet.http.HttpServletResponse theResponse)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SearchNarrowingInterceptor

public SearchNarrowingInterceptor()

Method Detail

buildAuthorizedList

protected AuthorizedList buildAuthorizedList(RequestDetails theRequestDetails)

Subclasses should override this method to supply the set of compartments that the user making the request should actually have access to.

Typically this is done by examining theRequestDetails to find out who the current user is and then building a list of Strings.

Parameters:

theRequestDetails - The individual request currently being applied

Returns:

The list of allowed compartments and instances that should be used for search narrowing. If this method returns null, no narrowing will be performed

incomingRequestPostProcessed

public boolean incomingRequestPostProcessed(RequestDetails theRequestDetails,
                                            javax.servlet.http.HttpServletRequest theRequest,
                                            javax.servlet.http.HttpServletResponse theResponse)
                                     throws ca.uhn.fhir.rest.server.exceptions.AuthenticationException

Throws:

ca.uhn.fhir.rest.server.exceptions.AuthenticationException

incomingRequestPreHandled

public void incomingRequestPreHandled(ServletRequestDetails theRequestDetails,
                                      javax.servlet.http.HttpServletRequest theRequest,
                                      javax.servlet.http.HttpServletResponse theResponse)
                               throws ca.uhn.fhir.rest.server.exceptions.AuthenticationException

Throws:

ca.uhn.fhir.rest.server.exceptions.AuthenticationException