Class BinarySecurityContextInterceptor


This security interceptor checks any Binary resources that are being exposed to a user and can forbid the user from accessing them based on the security context found in Binary.securityContext.identifier.

This interceptor is intended to be subclassed. The default implementation if it is not subclassed will reject any access to a Binary resource unless the request is a system request (using SystemRequestDetails or the Binary resource has no value in Binary.securityContext.identifier.

Override securityContextIdentifierAllowed(String, String, RequestDetails) in order to allow the user to access specific context values.

  • Constructor Details

    • BinarySecurityContextInterceptor

      public BinarySecurityContextInterceptor(ca.uhn.fhir.context.FhirContext theFhirContext)
      theFhirContext - The FHIR context
  • Method Details

    • preShowResources

      public void preShowResources(IPreResourceShowDetails theShowDetails, RequestDetails theRequestDetails)
      Interceptor hook method. Do not call this method directly.
    • preShowResources

      public void preShowResources(org.hl7.fhir.instance.model.api.IBaseResource theOldValue, org.hl7.fhir.instance.model.api.IBaseResource theNewValue, RequestDetails theRequestDetails)
      Interceptor hook method. Do not call this method directly.
    • applyAccessControl

      protected void applyAccessControl(org.hl7.fhir.instance.model.api.IBaseBinary theBinary, RequestDetails theRequestDetails)
      This method applies security to a given Binary resource. It is not typically overridden but you could override it if you wanted to completely replace the security logic in this interceptor.
      theBinary - The Binary resource being checked
      theRequestDetails - The request details associated with this request
    • applyAccessControl

      protected void applyAccessControl(org.hl7.fhir.instance.model.api.IBaseBinary theBinary, String theSecurityContextSystem, String theSecurityContextValue, RequestDetails theRequestDetails)
      This method applies access controls to a Binary resource containing the given identifier system and value in the Binary.securityContext element.
      theBinary - The binary resource
      theSecurityContextSystem - The identifier system
      theSecurityContextValue - The identifier value
      theRequestDetails - The request details
    • handleForbidden

      protected void handleForbidden(org.hl7.fhir.instance.model.api.IBaseBinary theBinary)
      Handles a non-permitted operation. This method throws a ForbiddenOperationException but you could override it to change that behaviour.
    • securityContextIdentifierAllowed

      protected boolean securityContextIdentifierAllowed(String theSecurityContextSystem, String theSecurityContextValue, RequestDetails theRequestDetails)
      Determines whether the current user has access to the given security context identifier. This method is intended to be overridden, the default implementation simply always returns false.
      theSecurityContextSystem - The Binary.securityContext.identifier.system value
      theSecurityContextValue - The Binary.securityContext.identifier.value value
      theRequestDetails - The request details associated with this request
      Returns true if the request should be permitted, and false otherwise