#325 authentication for tx

.vscode/launch.json

@@ -15,14 +15,23 @@
     },
     {
       "type": "java",
-      "name": "Launch MatchboxCli",
+      "name": "Launch MatchboxCli (transform)",
       "request": "launch",
       "mainClass": "ch.ahdis.matchbox.engine.cli.MatchboxCli",
       "projectName": "matchbox-engine",
       "args": "-transform test.map",
       "vmArgs": "-Dlog.ch.ahdis.matchbox.engine.CdaMappingEngine=error",
       "cwd": "${workspaceFolder}/matchbox-engine"
     },
+    {
+      "type": "java",
+      "name": "Launch MatchboxCli (validate)",
+      "request": "launch",
+      "mainClass": "ch.ahdis.matchbox.engine.cli.MatchboxCli",
+      "projectName": "matchbox-engine",
+      "args": "-version 4.0 -ig 'ca.infoway.io.psca#2.0.0-DFT-Ballot' -tx http://tx.fhir.org -txLog 'test.txt' -clear-tx-cache ./src/test/resources/r4-samples/CIH-85-PASSED.json",
+      "cwd": "${workspaceFolder}/matchbox-engine"
+    },
     {
       "type": "java",
       "name": "Launch Matchbox-Server (postres)",
@@ -59,6 +68,15 @@
       "vmArgs": "-Dspring.config.additional-location=file:with-cda-r5/application.yaml",
       "cwd": "${workspaceFolder}/matchbox-server"
     },
+    {
+      "type": "java",
+      "name": "Launch Matchbox-Server (ca)",
+      "request": "launch",
+      "mainClass": "ca.uhn.fhir.jpa.starter.Application",
+      "projectName": "matchbox-server",
+      "vmArgs": "-Dspring.config.additional-location=file:with-ca/application.yaml",
+      "cwd": "${workspaceFolder}/matchbox-server"
+    },
     {
       "type": "java",
       "name": "Launch Matchbox-Server (ch-elm)",

README.md

@@ -27,6 +27,14 @@ The docker file will create a docker image with no preloaded implementation guid
 
 The easiest way to run this server entirely depends on your environment requirements. At least, the following 4 ways are supported:
 
+## using prebuilt image
+
+```
+docker run -d --name matchbox -p 8080:8080  europe-west6-docker.pkg.dev/ahdis-ch/ahdis/matchbox:v3.9.10 -v /Users/oegger/Documents/github/matchbox/matchbox-server/with-settings:/config matchbox
+```
+
+note replace /Users/oegger/Documents/github/matchbox/matchbox-server/with-settings with the folder where you have your application.yaml (and since v3.9.10) your [fhir-settings.json](https://confluence.hl7.org/display/FHIR/Using+fhir-settings.json).
+
 ### Using spring-boot
 
 With no implementation guide:
@@ -57,6 +65,22 @@ Then, browse to the following link to use the server:
 or
 [http://localhost:8080/matchbox/#/](http://localhost:8080/matchboxv3/#/)
 
+
+## building with Docker
+
+### Configurable base image:
+
+```bash
+cd matchbox-server
+mvn package -DskipTests
+docker build -t matchbox .
+docker run -d --name matchbox -p 8080:8080 -v /Users/oegger/Documents/github/matchbox/matchbox-server/with-settings:/config matchbox
+```
+
+Server will then be accessible at http://localhost:8080/matchboxv3/fhir/metadata.
+
+To dynamically configure run in a kubernetes environment and add a kubernetes config map that provides /config/application.yaml file with implementation guide list like in "with-preload/application.yaml"
+
 ## Using docker-compose with a persistent postgreSQL database
 
 The database will be stored in the "data" directory. The configuration can be found in the "with-postgres" directory or in the "with-preload" directory.
@@ -93,21 +117,6 @@ Reimport the DB data:
 docker-compose exec -T matchbox-test-db pg_restore -c -U matchbox -d matchbox < mydump
 ```
 
-## building with Docker
-
-### Configurable base image:
-
-```bash
-cd matchbox-server
-mvn package -DskipTests
-docker build -t matchbox .
-docker run -d --name matchbox -p 8080:8080 -v /Users/oegger/Documents/github/matchbox/matchbox-server/with-cda:/config matchbox
-```
-
-Server will then be accessible at http://localhost:8080/matchboxv3/fhir/metadata.
-
-To dynamically configure run in a kubernetes environment and add a kubernetes config map that provides /config/application.yaml file with implementation guide list like in "with-preload/application.yaml"
-
 ### making container available
 
 ```
@@ -151,3 +160,4 @@ mvn -Dtest=CapabilityStatementTests test
    2. The [Maven workflow](https://github.com/ahdis/matchbox/blob/main/.github/workflows/central_repository.yml), that
       builds the `matchbox-engine` JAR and publishes it to the Maven Central Repository. The version used is the one
       specified in the POM.
+

docs/changelog.md

@@ -1,8 +1,9 @@
-2025/01/xx Release 3.9.10
+2025/01/13 Release 3.9.10
 - Performance improvement fml [#323](parsing https://github.com/ahdis/matchbox/issues/323)
 - Update org.hl7.fhir.core to 6.5.4 and hapi-fhir to 7.6.1 
 - Update integration tests with correct url
 - make autoinstall new ig [#325](https://github.com/ahdis/matchbox/issues/325)
+- support for terminology servers which require authentication [#327](https://github.com/ahdis/matchbox/issues/327), thanks @echiu-infoway for support!
 
 2024/12/09 Release 3.9.9
 

docs/docker.md

@@ -9,14 +9,16 @@ docker pull europe-west6-docker.pkg.dev/ahdis-ch/ahdis/matchbox:v3.8.1
 ## Configurable base image:
 
 ```bash
-docker run -d --name matchbox -p 8080:8080 -e matchbox.fhir.context.onlyOneEngine=true -v /Users/oliveregger/apps/:/apps/ matchbox
+docker run -d --name matchbox -p 8080:8080 -e matchbox.fhir.context.onlyOneEngine=true -v /Users/oliveregger/apps/:/apps/ -v /Users/oliveregger/config/:/config/ matchbox
 ```
 
 Server will then be accessible at http://localhost:8080/matchboxv3/fhir/metadata.
 
 The local volume /Users/oliveregger/apps/ will be mapped inside the container and Matchbox will serve the content
 if is requested via http://localhost:8080/matchboxv3/apps/ (allows you to add own html apps).
 
+The optional local volume /Users/oliveregger/config/ will be mapped inside the container and Matchbox will use [fhir-settings.json](https://confluence.hl7.org/display/FHIR/Using+fhir-settings.json) and application.yaml for additional configuration see [https://github.com/ahdis/matchbox/tree/main/matchbox-server](https://github.com/ahdis/matchbox/tree/main/matchbox-server) different directories started with with-xxx for sample configurations.
+
 The last parameter is to set development environment, which allows you to create/update conformance resources (e.g. transform StructureMaps). If not provided, you need to provide the conformance resources by an FHIR Implementation Guide.
 
 We recommend to put at least 2.5 GB of RAM for the container instance, depending on how many ImplementationGuides's you plan to install and want to use.

docs/validation.md

@@ -169,6 +169,10 @@ Please be aware that if you have unbound code/coding/codeableConcepts, or the bi
 code/coding/codeableConcept will be considered valid if the code system is not defined locally (e.g. SNOMED CT, 
 LOINC, etc).
 
+### Terminology server requiring authentication
+
+If you configure a terminology server which requires authentication you need to specifiy the authentication parameters in [fhir-settings.json](https://confluence.hl7.org/display/FHIR/Using+fhir-settings.json), an additional file in the confiugration directory where you put the application.yaml, see example in https://github.com/ahdis/matchbox/tree/main/matchbox-server/with-ca
+
 ### GUI
 
 You can run a validation through the GUI by using the fragment in the URL.

matchbox-engine/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <artifactId>matchbox</artifactId>
         <groupId>health.matchbox</groupId>
-        <version>3.9.9</version>
+        <version>3.9.10</version>
     </parent>
 
     <artifactId>matchbox-engine</artifactId>

matchbox-engine/src/main/java/ch/ahdis/matchbox/engine/ValidationPolicyAdvisor.java

@@ -22,5 +22,10 @@ public ReferenceValidationPolicy policyForReference(IResourceValidator validator
         }                                                        
         return ReferenceValidationPolicy.IGNORE;
     }
+
+    @Override
+    public boolean isSuppressMessageId(String path, String messageId) {
+      return false;
+    }
 
 }

matchbox-engine/src/main/java/ch/ahdis/matchbox/engine/cli/MatchboxService.java

@@ -31,6 +31,7 @@
 import org.hl7.fhir.r5.renderers.spreadsheets.ValueSetSpreadsheetGenerator;
 import org.hl7.fhir.r5.terminologies.CodeSystemUtilities;
 import org.hl7.fhir.r5.terminologies.client.TerminologyClientManager.InternalLogEvent;
+import org.hl7.fhir.r5.utils.validation.constants.ReferenceValidationPolicy;
 import org.hl7.fhir.utilities.TextFile;
 import org.hl7.fhir.utilities.TimeTracker;
 import org.hl7.fhir.utilities.Utilities;
@@ -59,9 +60,11 @@
 import org.hl7.fhir.validation.cli.services.StandAloneValidatorFetcher;
 import org.hl7.fhir.validation.cli.utils.EngineMode;
 import org.hl7.fhir.validation.cli.utils.VersionSourceInformation;
+import org.hl7.fhir.validation.instance.advisor.BasePolicyAdvisorForFullValidation;
 
 import ch.ahdis.matchbox.engine.CdaMappingEngine;
 import ch.ahdis.matchbox.engine.MatchboxEngine;
+import ch.ahdis.matchbox.engine.ValidationPolicyAdvisor;
 
 /**
  * A executable class 
@@ -432,7 +435,7 @@ public String initializeValidator(CliContext cliContext, String definitions, Tim
       validator.setForPublication(cliContext.isForPublication());
       validator.setShowTimes(cliContext.isShowTimes());
       validator.setAllowExampleUrls(cliContext.isAllowExampleUrls());
-      validator.setPolicyAdvisor(validator);
+      validator.setPolicyAdvisor(new ValidationPolicyAdvisor(ReferenceValidationPolicy.CHECK_VALID));
 
       validator.getBundleValidationRules().addAll(cliContext.getBundleValidationRules());
       validator.setJurisdiction(CodeSystemUtilities.readCoding(cliContext.getJurisdiction()));

matchbox-frontend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "matchbox",
-  "version": "3.9.9",
+  "version": "3.9.10",
   "license": "MIT",
   "scripts": {
     "ng": "ng",

matchbox-server/Dockerfile

@@ -16,6 +16,6 @@ RUN chown matchbox:matchbox /
 
 USER matchbox
 
-ENTRYPOINT java -Xmx3072M -jar /matchbox.jar -Dspring.config.additional-location=optional:file:/config/application.yaml,optional:file:application.yaml
+ENTRYPOINT java -Xmx3072M -Dfhir.settings.path=/config/fhir-settings.json -Dspring.config.additional-location=optional:file:/config/application.yaml,optional:file:application.yaml -jar /matchbox.jar
 
 # used by .github/workflows/

matchbox-server/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>matchbox</artifactId>
         <groupId>health.matchbox</groupId>
-        <version>3.9.9</version>
+        <version>3.9.10</version>
     </parent>
 
     <artifactId>matchbox-server</artifactId>

matchbox-server/src/main/java/ca/uhn/fhir/jpa/starter/common/StarterJpaConfig.java

@@ -1,32 +1,19 @@
 package ca.uhn.fhir.jpa.starter.common;
 
+import java.util.Arrays;
 import java.util.List;
 import java.util.Optional;
 
-import jakarta.persistence.EntityManagerFactory;
 import javax.sql.DataSource;
 
-import ca.uhn.fhir.batch2.jobs.export.BulkDataExportProvider;
-import ca.uhn.fhir.batch2.jobs.imprt.BulkDataImportProvider;
-import ca.uhn.fhir.batch2.jobs.reindex.ReindexProvider;
-import ca.uhn.fhir.interceptor.api.IInterceptorBroadcaster;
-import ca.uhn.fhir.jpa.api.dao.DaoRegistry;
-import ca.uhn.fhir.jpa.binary.interceptor.BinaryStorageInterceptor;
-import ca.uhn.fhir.jpa.binary.provider.BinaryAccessProvider;
-import ca.uhn.fhir.jpa.delete.ThreadSafeResourceDeleterSvc;
-import ca.uhn.fhir.jpa.graphql.GraphQLProvider;
-import ca.uhn.fhir.jpa.interceptor.validation.RepositoryValidatingInterceptor;
-import ca.uhn.fhir.jpa.packages.IPackageInstallerSvc;
-import ca.uhn.fhir.jpa.partition.PartitionManagementProvider;
-import ca.uhn.fhir.jpa.provider.*;
-import ca.uhn.fhir.jpa.provider.dstu3.JpaConformanceProviderDstu3;
-import ca.uhn.fhir.mdm.provider.MdmProviderLoader;
-import ca.uhn.fhir.rest.server.*;
-import ca.uhn.fhir.rest.server.provider.ResourceProviderFactory;
-import ca.uhn.fhir.validation.IValidatorModule;
+import org.hl7.fhir.utilities.http.ManagedWebAccess;
+import org.hl7.fhir.utilities.settings.FhirSettings;
+import org.hl7.fhir.utilities.settings.ServerDetailsPOJO;
+import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Primary;
 import org.springframework.core.env.ConfigurableEnvironment;
@@ -37,38 +24,63 @@
 
 import com.google.common.base.Strings;
 
+import ca.uhn.fhir.batch2.jobs.export.BulkDataExportProvider;
+import ca.uhn.fhir.batch2.jobs.imprt.BulkDataImportProvider;
+import ca.uhn.fhir.batch2.jobs.reindex.ReindexProvider;
 import ca.uhn.fhir.context.ConfigurationException;
 import ca.uhn.fhir.context.FhirContext;
 import ca.uhn.fhir.context.FhirVersionEnum;
 import ca.uhn.fhir.context.support.IValidationSupport;
+import ca.uhn.fhir.interceptor.api.IInterceptorBroadcaster;
 import ca.uhn.fhir.jpa.api.IDaoRegistry;
 import ca.uhn.fhir.jpa.api.config.JpaStorageSettings;
+import ca.uhn.fhir.jpa.api.dao.DaoRegistry;
 import ca.uhn.fhir.jpa.api.dao.IFhirSystemDao;
+import ca.uhn.fhir.jpa.binary.interceptor.BinaryStorageInterceptor;
+import ca.uhn.fhir.jpa.binary.provider.BinaryAccessProvider;
 import ca.uhn.fhir.jpa.config.util.HapiEntityManagerFactoryUtil;
 import ca.uhn.fhir.jpa.config.util.ResourceCountCacheUtil;
 import ca.uhn.fhir.jpa.dao.FulltextSearchSvcImpl;
 import ca.uhn.fhir.jpa.dao.IFulltextSearchSvc;
 import ca.uhn.fhir.jpa.dao.mdm.MdmLinkDaoJpaImpl;
 import ca.uhn.fhir.jpa.dao.search.HSearchSortHelperImpl;
 import ca.uhn.fhir.jpa.dao.search.IHSearchSortHelper;
+import ca.uhn.fhir.jpa.delete.ThreadSafeResourceDeleterSvc;
+import ca.uhn.fhir.jpa.graphql.GraphQLProvider;
+import ca.uhn.fhir.jpa.interceptor.validation.RepositoryValidatingInterceptor;
+import ca.uhn.fhir.jpa.packages.IPackageInstallerSvc;
+import ca.uhn.fhir.jpa.partition.PartitionManagementProvider;
+import ca.uhn.fhir.jpa.provider.DaoRegistryResourceSupportedSvc;
+import ca.uhn.fhir.jpa.provider.IJpaSystemProvider;
+import ca.uhn.fhir.jpa.provider.JpaCapabilityStatementProvider;
+import ca.uhn.fhir.jpa.provider.JpaConformanceProviderDstu2;
+import ca.uhn.fhir.jpa.provider.SubscriptionTriggeringProvider;
+import ca.uhn.fhir.jpa.provider.TerminologyUploaderProvider;
+import ca.uhn.fhir.jpa.provider.ValueSetOperationProvider;
+import ca.uhn.fhir.jpa.provider.dstu3.JpaConformanceProviderDstu3;
 import ca.uhn.fhir.jpa.search.DatabaseBackedPagingProvider;
 import ca.uhn.fhir.jpa.search.IStaleSearchDeletingSvc;
 import ca.uhn.fhir.jpa.search.StaleSearchDeletingSvcImpl;
 import ca.uhn.fhir.jpa.starter.AppProperties;
 import ca.uhn.fhir.jpa.starter.util.EnvironmentHelper;
 import ca.uhn.fhir.jpa.util.ResourceCountCache;
 import ca.uhn.fhir.mdm.dao.IMdmLinkDao;
+import ca.uhn.fhir.mdm.provider.MdmProviderLoader;
 import ca.uhn.fhir.rest.api.IResourceSupportedSvc;
 import ca.uhn.fhir.rest.openapi.OpenApiInterceptor;
+import ca.uhn.fhir.rest.server.ApacheProxyAddressStrategy;
+import ca.uhn.fhir.rest.server.HardcodedServerAddressStrategy;
+import ca.uhn.fhir.rest.server.IServerConformanceProvider;
+import ca.uhn.fhir.rest.server.IncomingRequestAddressStrategy;
+import ca.uhn.fhir.rest.server.RestfulServer;
 import ca.uhn.fhir.rest.server.interceptor.CorsInterceptor;
 import ca.uhn.fhir.rest.server.interceptor.LoggingInterceptor;
 import ca.uhn.fhir.rest.server.interceptor.ResponseHighlighterInterceptor;
+import ca.uhn.fhir.rest.server.provider.ResourceProviderFactory;
 import ca.uhn.fhir.rest.server.util.ISearchParamRegistry;
+import ca.uhn.fhir.validation.IValidatorModule;
 import ch.ahdis.matchbox.MatchboxRestfulServer;
-import org.springframework.beans.factory.NoSuchBeanDefinitionException;
-import org.springframework.context.ApplicationContext;
-
-import java.util.Arrays;
+import jakarta.persistence.EntityManagerFactory;
 
 // modified in MatchboxJpaConfig @Configuration
 //allow users to configure custom packages to scan for additional beans
@@ -427,6 +439,18 @@ public RestfulServer restfulServer(IFhirSystemDao<?, ?> fhirSystemDao, AppProper
 //			fhirServer.registerProvider(theIpsOperationProvider.get());
 //		}
 
+		ourLog.info("FHIR Settings configuration in: " + FhirSettings.getFilePath());
+
+		if (FhirSettings.getServers().size()==0) {
+				ourLog.info("No external servers configured: " + FhirSettings.getFilePath());
+		} else {
+	  		for (ServerDetailsPOJO server : FhirSettings.getServers()) {
+	  				ourLog.info(server.getType() + ": "+server.getAuthenticationType() + " " +server.getUrl());
+	  		}
+		}
+		ManagedWebAccess.loadFromFHIRSettings();
+
+
 		return fhirServer;
 	}
 

matchbox-server/with-ca/application.yaml

@@ -0,0 +1,30 @@
+server:
+  servlet:
+    context-path: /matchboxv3
+hapi:
+  fhir:
+    server_address: http://localhost:8080/matchboxv3/fhir
+    implementationguides:
+      fhir_r4_core:
+        name: hl7.fhir.r4.core
+        version: 4.0.1
+        url: classpath:/hl7.fhir.r4.core.tgz
+      fhir_terminology:
+        name: hl7.terminology.r4
+        version: 6.1.0
+        url: classpath:/hl7.terminology.r4#6.1.0.tgz
+      fhir_extensions:
+        name: hl7.fhir.uv.extensions.r4
+        version: 1.0.0
+        url: classpath:/hl7.fhir.uv.extensions.r4#1.0.0.tgz
+      cda:
+        name: ca.infoway.io.psca
+        version: 2.0.0-DFT-Ballot
+    staticLocation: file:/apps/
+matchbox:
+  fhir:
+    context:
+      fhirVersion: 4.0.1
+      txServer: http://tx.fhir.org
+      txServerCache: false
+      txLog: /tmp/testlog.txt