Package ca.uhn.fhir.rest.server.interceptor.auth

Class SearchNarrowingInterceptor

java.lang.Object
ca.uhn.fhir.rest.server.interceptor.auth.SearchNarrowingInterceptor
public class SearchNarrowingInterceptor extends Object
This interceptor can be used to automatically narrow the scope of searches in order to automatically restrict the searches to specific compartments.

For example, this interceptor could be used to restrict a user to only viewing data belonging to Patient/123 (i.e. data in the Patient/123 compartment). In this case, a user performing a search for
http://baseurl/Observation?category=laboratory
would receive results as though they had requested
http://baseurl/Observation?subject=Patient/123&category=laboratory

Note that this interceptor should be used in combination with AuthorizationInterceptor if you are restricting results because of a security restriction. This interceptor is not intended to be a failsafe way of preventing users from seeing the wrong data (that is the purpose of AuthorizationInterceptor). This interceptor is simply intended as a convenience to help users simplify their queries while not receiving security errors for to trying to access data they do not have access to see.

See Also:

  • Field Details

  • Constructor Details

  • Method Details

    • setPostFilterLargeValueSetThreshold

      public void setPostFilterLargeValueSetThreshold(int thePostFilterLargeValueSetThreshold)
      Supplies a threshold over which any ValueSet-based rules will be applied by

      Note that this setting will have no effect if setValidationSupport(IValidationSupport) has not also been called in order to supply a validation support module for testing ValueSet membership.

      Parameters:
      thePostFilterLargeValueSetThreshold - The threshold
      See Also:

    • setValidationSupport

      public SearchNarrowingInterceptor setValidationSupport(ca.uhn.fhir.context.support.IValidationSupport theValidationSupport)
      Supplies a validation support module that will be used to apply the
      Since:
      6.0.0
      See Also:

    • buildAuthorizedList

      protected AuthorizedList buildAuthorizedList(RequestDetails theRequestDetails)
      Subclasses should override this method to supply the set of compartments that the user making the request should actually have access to.

      Typically this is done by examining theRequestDetails to find out who the current user is and then building a list of Strings.

      Parameters:
      theRequestDetails - The individual request currently being applied
      Returns:
      The list of allowed compartments and instances that should be used for search narrowing. If this method returns null, no narrowing will be performed

    • hookIncomingRequestPostProcessed

      public boolean hookIncomingRequestPostProcessed(RequestDetails theRequestDetails, jakarta.servlet.http.HttpServletRequest theRequest, jakarta.servlet.http.HttpServletResponse theResponse) throws ca.uhn.fhir.rest.server.exceptions.AuthenticationException
      Throws:
      ca.uhn.fhir.rest.server.exceptions.AuthenticationException

    • hookIncomingRequestPreHandled

      public void hookIncomingRequestPreHandled(ServletRequestDetails theRequestDetails, jakarta.servlet.http.HttpServletRequest theRequest, jakarta.servlet.http.HttpServletResponse theResponse) throws ca.uhn.fhir.rest.server.exceptions.AuthenticationException
      Throws:
      ca.uhn.fhir.rest.server.exceptions.AuthenticationException