elimuinformatics · hankwallace · Jan 19, 2024 · Jan 19, 2024
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -17,8 +17,6 @@ services:
       reuse_cached_search_results_millis: 0
       subscription.resthook.enabled: true
       subscription.websocket.enabled: true
-      APIKEY_ENABLED: false
-      APIKEY: abc123
       OAUTH_ENABLED: true
       OAUTH_CLIENT_ID: fhir4-api
       OAUTH_USER_ROLE: fhir4-user

diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java b/src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java
@@ -67,7 +67,6 @@ public class AppProperties {
 
   private Validation validation = new Validation();
   private Map<String, Tester> tester = null;
-  private Apikey apikey = new Apikey();
   private Oauth oauth = new Oauth();
   private Smart smart = new Smart();
   private Logger logger = new Logger();
@@ -244,14 +243,6 @@ public void setSupported_resource_types(List<String> supported_resource_types) {
     this.supported_resource_types = supported_resource_types;
   }
 
-  public Apikey getApikey() {
-    return apikey;
-  }
-
-  public void setApikey(Apikey apikey) {
-    this.apikey = apikey;
-  }
-
   public Oauth getOauth() {
     return oauth;
   }
@@ -578,15 +569,15 @@ public void setNormalized_quantity_search_level(NormalizedQuantitySearchLevel no
 	public boolean getInstall_transitive_ig_dependencies() {
 		return install_transitive_ig_dependencies;
 	}
-	
+
 	public void setInstall_transitive_ig_dependencies(boolean install_transitive_ig_dependencies) {
 		this.install_transitive_ig_dependencies = install_transitive_ig_dependencies;
 	}
-	
+
 	public boolean getReload_existing_implementationguides() {
 		return reload_existing_implementationguides;
 	}
-	
+
 	public void setReload_existing_implementationguides(boolean reload_existing_implementationguides) {
 		this.reload_existing_implementationguides = reload_existing_implementationguides;
 	}
@@ -634,27 +625,6 @@ public void setAllow_Credentials(Boolean allow_Credentials) {
 
   }
 
-  public static class Apikey {
-    private Boolean enabled = false;
-    private String key;
-
-    public Boolean getEnabled() {
-      return enabled;
-    }
-
-    public void setEnabled(Boolean enabled) {
-      this.enabled = enabled;
-    }
-
-    public String getKey() {
-      return key;
-    }
-
-    public void setKey(String key) {
-      this.key = key;
-    }
-  }
-
   public static class Oauth {
     private Boolean enabled = false;
     private String jwks_url;

diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/common/FhirServerConfigCommon.java b/src/main/java/ca/uhn/fhir/jpa/starter/common/FhirServerConfigCommon.java
@@ -76,7 +76,6 @@ public FhirServerConfigCommon(AppProperties appProperties) {
         ourLog.info("Indexed on contained resource enabled");
     }
 
-    ourLog.info("Server configured to {} API Key authentication", appProperties.getApikey().getEnabled() ? "enable" : "disable");
     ourLog.info("Server configured to {} OAuth2 authentication", appProperties.getOauth().getEnabled() ? "enable" : "disable");
   }
 

diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/common/StarterJpaConfig.java b/src/main/java/ca/uhn/fhir/jpa/starter/common/StarterJpaConfig.java
@@ -416,17 +416,14 @@ public RestfulServer restfulServer(IFhirSystemDao<?, ?> fhirSystemDao, AppProper
 		// Support for OAuth2 and API_KEY authentication
 		if (appProperties.getOauth().getEnabled()) {
 			fhirServer.registerInterceptor(new CapabilityStatementCustomizer(appProperties));
+			fhirServer.registerInterceptor(new CustomAuthorizationInterceptor(appProperties));
 			fhirServer.registerInterceptor(new CustomSearchNarrowingInterceptor(appProperties));
 			FhirVersionEnum fhirVersion = fhirServer.getFhirContext().getVersion().getVersion();
 			if (fhirVersion != FhirVersionEnum.R5) {
 				// Utilize the consent interceptor to simulate a patient compartment for the Task resource
 				fhirServer.registerInterceptor(new ConsentInterceptor(new CustomConsentService(daoRegistry, appProperties)));
 			}
 		}
-		if (appProperties.getOauth().getEnabled()
-				|| appProperties.getApikey().getEnabled()) {
-			fhirServer.registerInterceptor(new CustomAuthorizationInterceptor(appProperties));
-		}
 
 		repositoryValidatingInterceptor.ifPresent(fhirServer::registerInterceptor);
 

diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/interceptor/CustomAuthorizationInterceptor.java b/src/main/java/ca/uhn/fhir/jpa/starter/interceptor/CustomAuthorizationInterceptor.java
@@ -13,7 +13,6 @@
 
 import ca.uhn.fhir.interceptor.api.Interceptor;
 import ca.uhn.fhir.jpa.starter.AppProperties;
-import ca.uhn.fhir.jpa.starter.util.ApiKeyHelper;
 import ca.uhn.fhir.jpa.starter.util.OAuth2Helper;
 import ca.uhn.fhir.rest.api.Constants;
 import ca.uhn.fhir.rest.api.RequestTypeEnum;
@@ -36,7 +35,7 @@ public CustomAuthorizationInterceptor(AppProperties config) {
 
 	@Override
 	public List<IAuthRule> buildRuleList(RequestDetails theRequest) {
-		if (!isAnyEnabled()) {
+		if (!isOAuthEnabled()) {
 			return authorizedRule();
 		}
 
@@ -48,9 +47,6 @@ public List<IAuthRule> buildRuleList(RequestDetails theRequest) {
 			if (isUsingOAuth(theRequest)) {
 				return authorizeOAuth(theRequest);
 			}
-			if (isUsingApiKey(theRequest)) {
-				return authorizeApiKey(theRequest);
-			}
 			logger.warn("Authorization failed - no authorization supplied");
 		} catch (AuthenticationException e) {
 			throw e;
@@ -61,18 +57,10 @@ public List<IAuthRule> buildRuleList(RequestDetails theRequest) {
 		throw new AuthenticationException("Missing or invalid authorization");
 	}
 
-	private boolean isAnyEnabled() {
-		return isOAuthEnabled() || isApiKeyEnabled();
-	}
-
 	private boolean isUsingOAuth(RequestDetails theRequest) {
 		return isOAuthEnabled() && OAuth2Helper.hasToken(theRequest);
 	}
 
-	private boolean isUsingApiKey(RequestDetails theRequest) {
-		return isApiKeyEnabled() && ApiKeyHelper.hasApiKey(theRequest);
-	}
-
 	private List<IAuthRule> authorizedRule() {
 		return new RuleBuilder()
 			.allowAll()
@@ -158,22 +146,4 @@ private String getOAuthUserRole() {
 	private String getOAuthAdminRole() {
 		return config.getOauth().getAdmin_role();
 	}
-
-	private boolean isApiKeyEnabled() {
-		return config.getApikey().getEnabled();
-	}
-
-	private String getApiKey() {
-		return config.getApikey().getKey();
-	}
-
-	private List<IAuthRule> authorizeApiKey(RequestDetails theRequest) throws AuthenticationException {
-		logger.info("Authorizing via API Key");
-		if (ApiKeyHelper.isAuthorized(theRequest, getApiKey())) {
-			return authorizedRule();
-		}
-
-		logger.warn("API key authorization failure - invalid x-api-key specified");
-		throw new AuthenticationException("Invalid x-api-key");
-	}
 }
diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/util/ApiKeyHelper.java b/src/main/java/ca/uhn/fhir/jpa/starter/util/ApiKeyHelper.java
diff --git a/src/main/resources/application-custom.yaml b/src/main/resources/application-custom.yaml
@@ -144,10 +144,6 @@ hapi:
       token_url: ${OAUTH_TOKEN_URL}
       manage_url: ${OAUTH_MANAGE_URL}
 
-    apikey:
-      enabled: ${APIKEY_ENABLED:false}
-      key: ${APIKEY}
-
     smart:
       issuer: ${SMART_ISSUER}
       jwks_url: ${SMART_JWKS_URL}

diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
@@ -163,10 +163,6 @@ hapi:
       token_url: ${OAUTH_TOKEN_URL}
       manage_url: ${OAUTH_MANAGE_URL}
 
-    apikey:
-      enabled: ${APIKEY_ENABLED:false}
-      key: ${APIKEY}
-
     smart:
       issuer: ${SMART_ISSUER}
       jwks_url: ${SMART_JWKS_URL}