Re: [Health-dev] Access FHIR through Java program

health-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Health-dev] Access FHIR through Java program

From:	Chris
Subject:	Re: [Health-dev] Access FHIR through Java program
Date:	Mon, 27 Apr 2015 21:42:04 -0700
User-agent:	Mutt/1.5.23 (2014-03-12)

Hi Arpit!

> I'm trying to access the FHIR web services through Java program but for
> each url I get the login page as response. How do I bypass this? Shall I
> simply send username and password through POST method at */auth/login *(but
> in what format) and will it work for each request after that?

Yes, POST the info, get the cookie, then you can acces the resources.

In curl:

# With CSRF protection disabled, directly authenticate
$ curl -c cookie.jar -X POST -d 'username=admin' -d 'password=gnusolidario' \
    health.gnusolidario.org:5000/auth/login

# Now, resources are available
$ curl -b cookie.jar health.gnusolidario.org:5000/Patient

With CSRF protection enabled in the config , it's a bit more annoying,
but still possible

# Retrieve login form
$ curl fhir.example.com/<login_url>

# Now, have to look for the CSRF token in the login form
# Then, authenticate with token
$ curl -c cookie.jar -X POST -d 'username=example' -d 'password=example' \
  -d 'csrf_token=<token>' fhir.example.com/<login_url>

Then similar access as before.

Not familiar with Java, but there is probably a similar workflow as
curl.

Hope that helps.

-C

[Prev in Thread]

Current Thread

[Next in Thread]

[Health-dev] Access FHIR through Java program, Arpit Goel, 2015/04/27
- Re: [Health-dev] Access FHIR through Java program, Chris <=

Prev by Date: [Health-dev] [bug #35461] Privilege Separation for Patiet Registration
Next by Date: [Health-dev] PUID
Previous by thread: [Health-dev] Access FHIR through Java program
Next by thread: [Health-dev] [bug #35461] Privilege Separation for Patiet Registration
Index(es):
- Date
- Thread