On this page:

20.0Security Attributes

 

There are several places where user-supplied Java code will be executed in the context of an authenticated request:

User-supplied java code will have access to a HAPI FHIR RequestDetails object that can be queried for details about the authenticated session.

The following example shows a hybrid providers create method that obtains the session details from the RequestDetails object.

	@Create()
	public MethodOutcome createPatient(@ResourceParam Patient thePatient, RequestDetails theRequest) {

      // Obtain the session details
		String userSessionJson = (String) theRequest.getAttribute("ca.cdr.servletattribute.usersession.json");
		UserSessionDetailsJson userSessionObject = (UserSessionDetailsJson) theServletRequest.getAttribute("ca.cdr.servletattribute.usersession.object");

The following attributes are available:

User-Authenticated Sessions

  • ca.cdr.servletattribute.usersession.json – Contains a Java string representing the JSON encoded user session object. This object is of type UserSessionDetails.

  • ca.cdr.servletattribute.usersession.object – Contains a Java UserSessionDetails object representing the user session.

Client-Authenticated Sessions

  • Details about the calling client are not currently available. Please get in touch if you require this.

SMART Authenticated Sessions

Sessions that have been authenticated using a SMART OpenID Connect authentication (including both User-Authenticated Sessions and Client-Authenticated Sessions) will additionally have access to the following attributes.

  • ca.cdr.servletattribute.session.oidc.tokenclaimset.object – Contains a JOSE SignedJWT containing the claim set that was parsed from the validated OpenID Connect Access Token.

  • ca.cdr.servletattribute.session.oidc.tokenclaimset.json – Contains a Java String containing the raw claim set (as a JSON encoded string) that was parsed from the validated OpenID Connect Access Token.

  • ca.cdr.servletattribute.session.oidc.client_id – Contains a Java String containing the OIDC Client ID. Note that this will be populated only for the SMART Outbound Security module, as the SMART Inbound Security module does not leverage SMILE CDR OIDC client definitions.

  • ca.cdr.servletattribute.session.oidc.approved_scopes – Contains a Java Set<String> containing the scopes that were approved by the user for the current session. Note that this will be populated only for the SMART Outbound Security module, as the SMART Inbound Security module does not leverage SMILE CDR OIDC client definitions.