Introduce ".well-known/smart-configuration", change liberty config layout, and update user's guide #939
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
| CREATE INDEX OAUTH20CACHE_EXPIRES ON OAUTHDBSCHEMA.OAUTH20CACHE (EXPIRES ASC); | ||
| ``` | ||
|
|
||
| 3. Attempting to register a client (based on https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_client_registration.html). The endpoint is determined by the id value of the oauthProvider element from the previous step. |
There was a problem hiding this comment.
Suggested change
| 3. Attempting to register a client (based on https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_client_registration.html). The endpoint is determined by the id value of the oauthProvider element from the previous step. | |
| 3. Attempting to register a client (based on the [Client Registration Article](https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_client_registration.html)). The endpoint is determined by the id value of the oauthProvider element from the previous step. |
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
| /> | ||
|
|
||
| <authFilter id="filter"> | ||
| <requestUrl urlPattern="/fhir-server" /> |
There was a problem hiding this comment.
Suggested change
| <requestUrl urlPattern="/fhir-server" /> | |
| <requestUrl urlPattern="/fhir-server" /> |
should we make a note about bulkimport not being client usable?
There was a problem hiding this comment.
I guess we should figure out how to secure that endpoint via OAuth too...not totally sure how to handle the different groups yet.
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
prb112
reviewed
Apr 17, 2020
|
I marked LGTM (however the comments above are optional and hope to improve the contents) |
lmsurpre
commented
Apr 20, 2020
lmsurpre
commented
Apr 20, 2020
lmsurpre
commented
Apr 20, 2020
lmsurpre
commented
Apr 20, 2020
lmsurpre
commented
Apr 20, 2020
lmsurpre
changed the title
lmsurpre
force-pushed
the
lee-master
branch
3 times, most recently
from
e674bde
to
98daf11
Compare
1. Added lots of details to the OAuth 2.0 section of the user's guide 2. Introduces a new JAX-RS resource for the `[base]/.well-known/smart-configuration` endpoint which is expected by SMART apps. But currently it claims we support a lot more than we actually do... Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com> Co-Authored-By: Paul Bastide <pbastide@us.ibm.com>
1. Replace fhirKeystore.jks with a newly-generated fhirKeyStore.p12; the new private key in this keystore can be used for encrypting JWT tokens. 2. Update clientKeystore.jks to .p12 and update both the client and server truststores. 3. Removed the commented-out config in our default server.xml and introduced `oauthProvider.xml` and `oauthResourceServer.xml` at fhir-server/libertyConfig/configDropins/disabled to prep for enabling OpenId Connection / OAuth supported (perhaps behind some flag). 4. Moved batchDS.xml to configDropins/defaults, added the rest of the bulkdata config to it, and renamed to bulkdata.xml 5. Update the user's guide Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
This tells the openliberty docker.ci process not to bother with creating
a separate keystore, thereby removing the conflicting values warning:
```
Property password has conflicting values:
Secure value is set in
file:/opt/ol/wlp/usr/servers/fhir-server/configDropins/defaults/keystore.xml.
Secure value is set in
file:/opt/ol/wlp/usr/servers/fhir-server/server.xml.
```
I also added a version tag (20.0.0.3) to our Dockerfile to make our
builds more consistent...this should be kept in-sync with our
liberty-runtime dependency version in `fhir-parent/pom.xml`.
Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
I also moved the keystore config back into server.xml to fix warnings generated by tools that aren't dropinConfig-aware. Finally, I removed the dockerfile-maven-plugin from the default build. Now you must invoke the docker build yourself after doing the main build. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
Previously, a user needed to create these tables themselves if they wanted to use liberty as an OAuth 2.0 provider with a databaseStore (e.g. to dynamically manage OAuth 2.0 clients). Now these tables will be created/updated as part of the fhir-persistence-schema create-schema/update-schema actions, or as part of derby bootstrapping. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
prb112
reviewed
Apr 22, 2020
Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added lots of details to the OAuth 2.0 section of the user's guide
Introduced a new JAX-RS resource for the
[base]/.well-known/smart-configurationendpoint which is expected bySMART apps. Left TODOs to implement the various smart-on-fhir capabilities.
Replaced fhirKeystore.jks with a newly-generated fhirKeyStore.p12; the
new private key in this keystore can be used for encrypting JWT tokens.
Converted clientKeystore.jks to .p12 and updated all client and
server truststores.
Removed the commented-out config in our default server.xml and
introduced
oidcProvider.xmlandoauthResourceServer.xmlatfhir-server/libertyConfig/configDropins/disabled to prep for enabling
OpenId Connection / OAuth supported (perhaps behind some flag).
Moved batchDS.xml to configDropins/defaults, added the rest of the
bulkdata config to it, and renamed to bulkdata.xml
Removed the fhir-install docker build from the default maven build...now you need to explicitly ask for it via either a
docker buildor using the following maven command:This tells the openliberty docker.ci process not to bother with creating
a separate keystore, thereby removing the conflicting values warning:
Previously, a user needed to create these tables themselves if they
wanted to use liberty as an OAuth 2.0 provider with a databaseStore
(e.g. to dynamically manage OAuth 2.0 clients).
Now these tables will be created/updated as part of the
fhir-persistence-schema create-schema/update-schema actions, or as part
of derby bootstrapping.
Signed-off-by: Lee Surprenant lmsurpre@us.ibm.com