health-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Health-dev] Access FHIR through Java program


From: Chris
Subject: Re: [Health-dev] Access FHIR through Java program
Date: Mon, 27 Apr 2015 21:42:04 -0700
User-agent: Mutt/1.5.23 (2014-03-12)

Hi Arpit!

> I'm trying to access the FHIR web services through Java program but for
> each url I get the login page as response. How do I bypass this? Shall I
> simply send username and password through POST method at */auth/login *(but
> in what format) and will it work for each request after that?

Yes, POST the info, get the cookie, then you can acces the resources.

In curl:

# With CSRF protection disabled, directly authenticate
$ curl -c cookie.jar -X POST -d 'username=admin' -d 'password=gnusolidario' \
    health.gnusolidario.org:5000/auth/login

# Now, resources are available
$ curl -b cookie.jar health.gnusolidario.org:5000/Patient

With CSRF protection enabled in the config , it's a bit more annoying,
but still possible

# Retrieve login form
$ curl fhir.example.com/<login_url>

# Now, have to look for the CSRF token in the login form
# Then, authenticate with token
$ curl -c cookie.jar -X POST -d 'username=example' -d 'password=example' \
  -d 'csrf_token=<token>' fhir.example.com/<login_url>

Then similar access as before.

Not familiar with Java, but there is probably a similar workflow as
curl.

Hope that helps.

-C



reply via email to

[Prev in Thread] Current Thread [Next in Thread]