improved current user mdc fields for http requests, some refactoring

Author: hhund

dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/authentication/IdentityProviderImpl.java

@@ -11,7 +11,7 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
 
-import dev.dsf.bpe.service.LocalOrganizationProvider;
+import dev.dsf.bpe.service.LocalOrganizationAndEndpointProvider;
 import dev.dsf.common.auth.conf.AbstractIdentityProvider;
 import dev.dsf.common.auth.conf.Identity;
 import dev.dsf.common.auth.conf.IdentityProvider;
@@ -22,27 +22,28 @@ public class IdentityProviderImpl extends AbstractIdentityProvider implements Id
 {
 	private static final Logger logger = LoggerFactory.getLogger(IdentityProviderImpl.class);
 
-	private final LocalOrganizationProvider organizationProvider;
+	private final LocalOrganizationAndEndpointProvider organizationAndEndpointProvider;
 
-	public IdentityProviderImpl(RoleConfig roleConfig, LocalOrganizationProvider organizationProvider)
+	public IdentityProviderImpl(RoleConfig roleConfig,
+			LocalOrganizationAndEndpointProvider organizationAndEndpointProvider)
 	{
 		super(roleConfig);
 
-		this.organizationProvider = organizationProvider;
+		this.organizationAndEndpointProvider = organizationAndEndpointProvider;
 	}
 
 	@Override
 	public void afterPropertiesSet() throws Exception
 	{
 		super.afterPropertiesSet();
 
-		Objects.requireNonNull(organizationProvider, "organizationProvider");
+		Objects.requireNonNull(organizationAndEndpointProvider, "organizationAndEndpointProvider");
 	}
 
 	@Override
 	protected Optional<Organization> getLocalOrganization()
 	{
-		return organizationProvider.getLocalOrganization();
+		return organizationAndEndpointProvider.getLocalOrganization();
 	}
 
 	@Override
@@ -54,13 +55,15 @@ public Identity getIdentity(X509Certificate[] certificates)
 		String thumbprint = getThumbprint(certificates[0]);
 
 		Optional<Practitioner> practitioner = toPractitioner(certificates[0]);
-		Optional<Organization> localOrganization = organizationProvider.getLocalOrganization();
-		if (practitioner.isPresent() && localOrganization.isPresent())
+		Optional<Organization> localOrganization = organizationAndEndpointProvider.getLocalOrganization();
+		Optional<Endpoint> localEndpoint = organizationAndEndpointProvider.getLocalEndpoint();
+		if (practitioner.isPresent() && localOrganization.isPresent() && localEndpoint.isPresent())
 		{
 			Practitioner p = practitioner.get();
 			Organization o = localOrganization.get();
+			Endpoint e = localEndpoint.get();
 
-			return new PractitionerIdentityImpl(o, null, getDsfRolesFor(p, thumbprint, null, null), certificates[0], p,
+			return new PractitionerIdentityImpl(o, e, getDsfRolesFor(p, thumbprint, null, null), certificates[0], p,
 					getPractitionerRolesFor(p, thumbprint, null, null), null);
 		}
 		else

dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/service/LocalOrganizationProvider.java renamed to dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/service/LocalOrganizationAndEndpointProvider.java

@@ -2,9 +2,12 @@
 
 import java.util.Optional;
 
+import org.hl7.fhir.r4.model.Endpoint;
 import org.hl7.fhir.r4.model.Organization;
 
-public interface LocalOrganizationProvider
+public interface LocalOrganizationAndEndpointProvider
 {
 	Optional<Organization> getLocalOrganization();
+
+	Optional<Endpoint> getLocalEndpoint();
 }

dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/service/LocalOrganizationAndEndpointProviderImpl.java

@@ -0,0 +1,100 @@
+package dev.dsf.bpe.service;
+
+import java.time.LocalDateTime;
+import java.time.temporal.TemporalAmount;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.concurrent.atomic.AtomicReference;
+
+import org.hl7.fhir.r4.model.Bundle;
+import org.hl7.fhir.r4.model.Endpoint;
+import org.hl7.fhir.r4.model.Organization;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.InitializingBean;
+
+import dev.dsf.bpe.client.dsf.ClientProvider;
+
+public class LocalOrganizationAndEndpointProviderImpl implements LocalOrganizationAndEndpointProvider, InitializingBean
+{
+	private static final Logger logger = LoggerFactory.getLogger(LocalOrganizationAndEndpointProviderImpl.class);
+
+	private record OrganizationAndEndpoint(Organization organization, Endpoint endpoint)
+	{
+	}
+
+	private record Entry(Optional<OrganizationAndEndpoint> organizationAndEndpoint, LocalDateTime readTime)
+	{
+	}
+
+	private final AtomicReference<Entry> entry = new AtomicReference<>();
+
+	private final TemporalAmount cacheTimeout;
+	private final ClientProvider clientProvider;
+	private final String localEndpointAddress;
+
+	public LocalOrganizationAndEndpointProviderImpl(TemporalAmount cacheTimeout, ClientProvider clientProvider,
+			String localEndpointAddress)
+	{
+		this.cacheTimeout = cacheTimeout;
+		this.clientProvider = clientProvider;
+		this.localEndpointAddress = localEndpointAddress;
+	}
+
+	@Override
+	public void afterPropertiesSet() throws Exception
+	{
+		Objects.requireNonNull(cacheTimeout, "cacheTimeout");
+		Objects.requireNonNull(clientProvider, "clientProvider");
+		Objects.requireNonNull(localEndpointAddress, "localEndpointAddress");
+	}
+
+	@Override
+	public Optional<Organization> getLocalOrganization()
+	{
+		return getLocalOrganizationAndEndpoint().map(OrganizationAndEndpoint::organization);
+	}
+
+	@Override
+	public Optional<Endpoint> getLocalEndpoint()
+	{
+		return getLocalOrganizationAndEndpoint().map(OrganizationAndEndpoint::endpoint);
+	}
+
+	private Optional<OrganizationAndEndpoint> getLocalOrganizationAndEndpoint()
+	{
+		Entry e = entry.get();
+		if (e == null || e.organizationAndEndpoint().isEmpty()
+				|| LocalDateTime.now().isAfter(e.readTime().plus(cacheTimeout)))
+		{
+			Optional<OrganizationAndEndpoint> oAndE = doGetLocalOrganizationAndEndpoint();
+			if (entry.compareAndSet(e, new Entry(oAndE, LocalDateTime.now())))
+				return oAndE;
+			else
+				return entry.get().organizationAndEndpoint();
+		}
+		else
+			return e.organizationAndEndpoint();
+	}
+
+	private Optional<OrganizationAndEndpoint> doGetLocalOrganizationAndEndpoint()
+	{
+		Bundle resultBundle = clientProvider.getWebserviceClient().searchWithStrictHandling(Endpoint.class,
+				Map.of("status", List.of("active"), "address", List.of(localEndpointAddress), "_include",
+						List.of("Endpoint:organization")));
+
+		if (resultBundle != null && resultBundle.getEntry() != null && resultBundle.getEntry().size() == 2
+				&& resultBundle.getEntry().get(0).getResource() instanceof Endpoint endpoint
+				&& resultBundle.getEntry().get(1).getResource() instanceof Organization organization)
+		{
+			return Optional.of(new OrganizationAndEndpoint(organization, endpoint));
+		}
+		else
+		{
+			logger.warn("No active Endpoint/Organization found for address '{}'", localEndpointAddress);
+			return Optional.empty();
+		}
+	}
+}

dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/service/LocalOrganizationProviderImpl.java

@@ -10,8 +10,8 @@
 
 import dev.dsf.bpe.authentication.BpeServerRole;
 import dev.dsf.bpe.authentication.IdentityProviderImpl;
-import dev.dsf.bpe.service.LocalOrganizationProvider;
-import dev.dsf.bpe.service.LocalOrganizationProviderImpl;
+import dev.dsf.bpe.service.LocalOrganizationAndEndpointProvider;
+import dev.dsf.bpe.service.LocalOrganizationAndEndpointProviderImpl;
 import dev.dsf.common.auth.conf.IdentityProvider;
 import dev.dsf.common.auth.conf.RoleConfig;
 import dev.dsf.common.auth.conf.RoleConfigReader;
@@ -28,9 +28,9 @@ public class AuthenticationConfig
 	private PropertiesConfig propertiesConfig;
 
 	@Bean
-	public LocalOrganizationProvider localOrganizationProvider()
+	public LocalOrganizationAndEndpointProvider localOrganizationProvider()
 	{
-		return new LocalOrganizationProviderImpl(Duration.ofSeconds(30), dsfClientConfig.clientProvider(),
+		return new LocalOrganizationAndEndpointProviderImpl(Duration.ofSeconds(30), dsfClientConfig.clientProvider(),
 				propertiesConfig.getDsfServerBaseUrl());
 	}
 

dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/spring/config/AuthenticationConfig.java

@@ -17,6 +17,8 @@ public interface PractitionerIdentity extends Identity
 	 */
 	Practitioner getPractitioner();
 
+	Optional<String> getPractitionerIdentifierValue();
+
 	/**
 	 * @return never <code>null</code>
 	 */

dsf-common/dsf-common-auth/src/main/java/dev/dsf/common/auth/conf/PractitionerIdentity.java

@@ -57,8 +57,7 @@ public PractitionerIdentityImpl(Organization organization, Endpoint endpoint,
 	@Override
 	public String getName()
 	{
-		return getOrganizationIdentifierValue().orElse("?") + "/"
-				+ getIdentifierValue(practitioner::getIdentifier, PRACTITIONER_IDENTIFIER_SYSTEM).orElse("?");
+		return getOrganizationIdentifierValue().orElse("?") + "/" + getPractitionerIdentifierValue().orElse("?");
 	}
 
 	@Override
@@ -73,6 +72,12 @@ public Practitioner getPractitioner()
 		return practitioner;
 	}
 
+	@Override
+	public Optional<String> getPractitionerIdentifierValue()
+	{
+		return getIdentifierValue(practitioner::getIdentifier, PRACTITIONER_IDENTIFIER_SYSTEM);
+	}
+
 	@Override
 	public Set<Coding> getPractionerRoles()
 	{

dsf-common/dsf-common-auth/src/main/java/dev/dsf/common/auth/conf/PractitionerIdentityImpl.java

@@ -3,10 +3,6 @@
 import java.io.IOException;
 import java.security.Principal;
 
-import org.eclipse.jetty.security.UserPrincipal;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import dev.dsf.common.auth.conf.OrganizationIdentity;
 import dev.dsf.common.auth.conf.PractitionerIdentity;
 import jakarta.ws.rs.ConstrainedTo;
@@ -21,28 +17,24 @@
 @PreMatching
 public abstract class AbstractUserLogger implements ContainerRequestFilter, ContainerResponseFilter
 {
-	private static final Logger logger = LoggerFactory.getLogger(AbstractUserLogger.class);
-
 	@Override
 	public final void filter(ContainerRequestContext requestContext) throws IOException
 	{
 		Principal principal = requestContext.getSecurityContext().getUserPrincipal();
 
+		before(principal);
+
 		if (principal instanceof OrganizationIdentity organization)
 			before(organization);
 		else if (principal instanceof PractitionerIdentity practitioner)
 			before(practitioner);
-		else if (principal instanceof UserPrincipal userPrincipal)
-			before(userPrincipal);
-		else
-			logger.warn("Unknown current user principal of type {}", principal.getClass().getName());
 	}
 
 	protected abstract void before(OrganizationIdentity organization);
 
 	protected abstract void before(PractitionerIdentity practitioner);
 
-	protected abstract void before(UserPrincipal userPrincipal);
+	protected abstract void before(Principal userPrincipal);
 
 	@Override
 	public final void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext)

dsf-common/dsf-common-auth/src/main/java/dev/dsf/common/auth/logging/AbstractUserLogger.java

@@ -1,8 +1,8 @@
 package dev.dsf.common.auth.logging;
 
+import java.security.Principal;
 import java.util.stream.Collectors;
 
-import org.eclipse.jetty.security.UserPrincipal;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -29,8 +29,8 @@ protected void before(PractitionerIdentity practitioner)
 	}
 
 	@Override
-	protected void before(UserPrincipal userPrincipal)
+	protected void before(Principal principal)
 	{
-		logger.debug("Current identity '{}'", userPrincipal.getName());
+		logger.debug("Current identity '{}'", principal.getName());
 	}
 }