diff --git a/plugins/src/main/java/com/google/fhir/gateway/plugin/AccessGrantedAndUpdateList.java b/plugins/src/main/java/com/google/fhir/gateway/plugin/AccessGrantedAndUpdateList.java index 7ea988ed..fdd36907 100644 --- a/plugins/src/main/java/com/google/fhir/gateway/plugin/AccessGrantedAndUpdateList.java +++ b/plugins/src/main/java/com/google/fhir/gateway/plugin/AccessGrantedAndUpdateList.java @@ -65,7 +65,7 @@ private AccessGrantedAndUpdateList( } @Override - public RequestMutation preprocess(RequestDetailsReader requestDetailsReader) { + public RequestMutation getRequestMutation(RequestDetailsReader requestDetailsReader) { return null; } diff --git a/server/src/main/java/com/google/fhir/gateway/BearerAuthorizationInterceptor.java b/server/src/main/java/com/google/fhir/gateway/BearerAuthorizationInterceptor.java index aa6dfa9a..42bb010c 100644 --- a/server/src/main/java/com/google/fhir/gateway/BearerAuthorizationInterceptor.java +++ b/server/src/main/java/com/google/fhir/gateway/BearerAuthorizationInterceptor.java @@ -272,7 +272,7 @@ public boolean authorizeRequest(RequestDetails requestDetails) { return false; } AccessDecision outcome = checkAuthorization(requestDetails); - preprocessRequest(servletDetails, outcome); + mutateRequest(requestDetails, outcome); logger.debug("Authorized request path " + requestPath); try { HttpResponse response = fhirClient.handleRequest(servletDetails); @@ -394,20 +394,16 @@ private void serveWellKnown(ServletRequestDetails request) { } } - private void preprocessRequest( - ServletRequestDetails servletRequestDetails, AccessDecision accessDecision) { + @VisibleForTesting + static void mutateRequest(RequestDetails requestDetails, AccessDecision accessDecision) { RequestMutation mutation = - accessDecision.preprocess(new RequestDetailsToReader(servletRequestDetails)); + accessDecision.getRequestMutation(new RequestDetailsToReader(requestDetails)); if (mutation == null || CollectionUtils.isEmpty(mutation.getQueryParams())) { - return ; + return; } mutation .getQueryParams() - .forEach((key, value) -> servletRequestDetails.addParameter( - key, value.toArray(new String[0]))); - - // TODO update the query params in search by Post - + .forEach((key, value) -> requestDetails.addParameter(key, value.toArray(new String[0]))); } } diff --git a/server/src/main/java/com/google/fhir/gateway/CapabilityPostProcessor.java b/server/src/main/java/com/google/fhir/gateway/CapabilityPostProcessor.java index 73d2da0e..399fffe0 100644 --- a/server/src/main/java/com/google/fhir/gateway/CapabilityPostProcessor.java +++ b/server/src/main/java/com/google/fhir/gateway/CapabilityPostProcessor.java @@ -55,7 +55,7 @@ static synchronized CapabilityPostProcessor getInstance(FhirContext fhirContext) } @Override - public RequestMutation preprocess(RequestDetailsReader requestDetailsReader) { + public RequestMutation getRequestMutation(RequestDetailsReader requestDetailsReader) { return null; } diff --git a/server/src/main/java/com/google/fhir/gateway/interfaces/AccessDecision.java b/server/src/main/java/com/google/fhir/gateway/interfaces/AccessDecision.java index 83f586c7..cc49026f 100644 --- a/server/src/main/java/com/google/fhir/gateway/interfaces/AccessDecision.java +++ b/server/src/main/java/com/google/fhir/gateway/interfaces/AccessDecision.java @@ -16,22 +16,27 @@ package com.google.fhir.gateway.interfaces; import java.io.IOException; +import javax.annotation.Nullable; import org.apache.http.HttpResponse; public interface AccessDecision { + /** @return true iff access was granted. */ + boolean canAccess(); + /** * Allows the incoming request mutation based on the access decision. * + *
Response is used to mutate the incoming request before executing the FHIR operation. We
+ * currently only support query parameters update for GET Http method. This is expected to be
+ * called after checking the access using @canAccess method. Mutating the request before checking
+ * access can have side effect of wrong access check.
+ *
* @param requestDetailsReader details about the resource and operation requested
- * @return the mutation to be applied on the incoming request
+ * @return mutation to be applied on the incoming request or null if no mutation required
*/
- RequestMutation preprocess(RequestDetailsReader requestDetailsReader);
-
- /**
- * @return true iff access was granted.
- */
- boolean canAccess();
+ @Nullable
+ RequestMutation getRequestMutation(RequestDetailsReader requestDetailsReader);
/**
* Depending on the outcome of the FHIR operations, this does any post-processing operations that
diff --git a/server/src/main/java/com/google/fhir/gateway/interfaces/NoOpAccessDecision.java b/server/src/main/java/com/google/fhir/gateway/interfaces/NoOpAccessDecision.java
index b9d609b3..d0394811 100644
--- a/server/src/main/java/com/google/fhir/gateway/interfaces/NoOpAccessDecision.java
+++ b/server/src/main/java/com/google/fhir/gateway/interfaces/NoOpAccessDecision.java
@@ -26,7 +26,7 @@ public NoOpAccessDecision(boolean accessGranted) {
}
@Override
- public RequestMutation preprocess(RequestDetailsReader requestDetailsReader) {
+ public RequestMutation getRequestMutation(RequestDetailsReader requestDetailsReader) {
return null;
}
diff --git a/server/src/main/java/com/google/fhir/gateway/interfaces/RequestMutation.java b/server/src/main/java/com/google/fhir/gateway/interfaces/RequestMutation.java
index 00481f8e..d1daaee6 100644
--- a/server/src/main/java/com/google/fhir/gateway/interfaces/RequestMutation.java
+++ b/server/src/main/java/com/google/fhir/gateway/interfaces/RequestMutation.java
@@ -11,6 +11,10 @@
@Getter
public class RequestMutation {
- // Additional query parameters that should be added to the outgoing FHIR request
+ // Additional query parameters and list of values for a parameter that should be added to the
+ // outgoing FHIR request.
+ // New values overwrites the old one if there is a conflict for a request param (i.e. a returned
+ // parameter in RequestMutation is already present in the original request).
+ // Old parameter values should be explicitly retained while mutating values for that parameter.
@Builder.Default Map