Class SearchNarrowingInterceptor


public class SearchNarrowingInterceptor extends Object
This interceptor can be used to automatically narrow the scope of searches in order to automatically restrict the searches to specific compartments.

For example, this interceptor could be used to restrict a user to only viewing data belonging to Patient/123 (i.e. data in the Patient/123 compartment). In this case, a user performing a search for
would receive results as though they had requested
http://baseurl/Observation?subject=Patient/123invalid input: '&category'=laboratory

Note that this interceptor should be used in combination with AuthorizationInterceptor if you are restricting results because of a security restriction. This interceptor is not intended to be a failsafe way of preventing users from seeing the wrong data (that is the purpose of AuthorizationInterceptor). This interceptor is simply intended as a convenience to help users simplify their queries while not receiving security errors for to trying to access data they do not have access to see.

See Also:
  • Field Details

  • Constructor Details

  • Method Details

    • setNarrowConditionalUrls

      public void setNarrowConditionalUrls(boolean theNarrowConditionalUrls)
      If set to true (default is false), conditional URLs such as the If-None-Exist header used for Conditional Create operations will also be narrowed.
      theNarrowConditionalUrls - Should we narrow conditional URLs in requests
    • setPostFilterLargeValueSetThreshold

      public void setPostFilterLargeValueSetThreshold(int thePostFilterLargeValueSetThreshold)
      Supplies a threshold over which any ValueSet-based rules will be applied by

      Note that this setting will have no effect if setValidationSupport(IValidationSupport) has not also been called in order to supply a validation support module for testing ValueSet membership.

      thePostFilterLargeValueSetThreshold - The threshold
      See Also:
    • setValidationSupport

      public SearchNarrowingInterceptor setValidationSupport( theValidationSupport)
      Supplies a validation support module that will be used to apply the
      See Also:
    • hookIncomingRequestPostProcessed

      public void hookIncomingRequestPostProcessed(RequestDetails theRequestDetails, jakarta.servlet.http.HttpServletRequest theRequest, jakarta.servlet.http.HttpServletResponse theResponse) throws
      This method handles narrowing for FHIR search/create/update/patch operations.
      See Also:
    • hookIncomingRequestPreHandled

      public void hookIncomingRequestPreHandled(ServletRequestDetails theRequestDetails, jakarta.servlet.http.HttpServletRequest theRequest, jakarta.servlet.http.HttpServletResponse theResponse) throws
      This method narrows FHIR transaction operations (because this pointcut is called after the request body is parsed).
      See Also:
    • buildAuthorizedList

      protected AuthorizedList buildAuthorizedList(RequestDetails theRequestDetails)
      Subclasses should override this method to supply the set of compartments that the user making the request should actually have access to.

      Typically this is done by examining theRequestDetails to find out who the current user is and then building a list of Strings.

      theRequestDetails - The individual request currently being applied
      The list of allowed compartments and instances that should be used for search narrowing. If this method returns null, no narrowing will be performed