40 : Add keycloak authentication in jpa server starter #1
Conversation
pom.xml
Outdated
| <dependency> | ||
| <groupId>ca.uhn.hapi.fhir</groupId> | ||
| <artifactId>hapi-fhir-opensrp-security-config</artifactId> | ||
| <version>5.4.0-PRE5-SNAPSHOT</version> |
There was a problem hiding this comment.
The version for this should be start from 0.0.1
There was a problem hiding this comment.
Done, here is the new repo.
| url: 'jdbc:h2:file:./target/database/h2' | ||
| url: 'jdbc:postgresql://localhost:5432/hapi_fhir' | ||
| #url: jdbc:h2:mem:test_mem | ||
| username: sa | ||
| password: null | ||
| driverClassName: org.h2.Driver | ||
| username: postgres | ||
| password: root | ||
| driverClassName: org.postgresql.Driver |
There was a problem hiding this comment.
The secrets in this should be moved to a private repository or secrets file. @dubdabasoduba will liase with SRE and decided how to move forward with this
There was a problem hiding this comment.
@manutarus @bennsimon Do you have an idea of how to use secret files to provide these creds?
| @@ -52,7 +55,7 @@ public ServletRegistrationBean hapiServletRegistration() { | |||
| JpaRestfulServer jpaRestfulServer = new JpaRestfulServer(); | |||
| beanFactory.autowireBean(jpaRestfulServer); | |||
| servletRegistrationBean.setServlet(jpaRestfulServer); | |||
| servletRegistrationBean.addUrlMappings("/fhir/*"); | |||
| servletRegistrationBean.addUrlMappings("/fhir/rest/*"); | |||
There was a problem hiding this comment.
I am not sure why this change was made. Could you help me understand why this change is needed?
There was a problem hiding this comment.
@ekigamba this change was made to make the test page overlay work.
As context for web UI and API both were same starting with /fhir therefore we have added /fhir/rest to distinguish the context for the APIs. With this approach, we have disabled the web security on /fhir.
But test page overlay still does not support Authentication and is broken when we try to hit API from there. We may think to remove it as it was before and fix the test page overlay in some other issue.
Let me re-test it after removing the /rest from the context.
There was a problem hiding this comment.
Updated back to the original one. @ekigamba
cc : @maimoonak
|
I have tested this locally with the stage Keycloak instance and it works as described on the PR description 👍 . The overlay page is not working as described |
| url: 'jdbc:h2:file:./target/database/h2' | ||
| url: 'jdbc:postgresql://localhost:5432/hapi_fhir' | ||
| #url: jdbc:h2:mem:test_mem | ||
| username: sa | ||
| password: null | ||
| driverClassName: org.h2.Driver | ||
| username: postgres | ||
| password: root | ||
| driverClassName: org.postgresql.Driver |
There was a problem hiding this comment.
@manutarus @bennsimon Do you have an idea of how to use secret files to provide these creds?
|
As discussed, we can merge this PR for now. Discussion for encrypting secrets will be done afterward. |
Fixing some typos in README.md
opensrp/fhircore#40
To build:
http://localhost:8080/*as a redirect URL on the stage Keycloak server for this realm and clienthapi-fhir-opensrp-security-configpackage from thehapi-fhirrepo (Reference PR)jpa-server-starterproject usingPbootprofile. Deploy on Tomcat server.Please note : Authentication in test-page-overlay (web UI) is not a part of this PR.