Skip to content

Feature/add bearer token authentification#3

Open
Saskia32123 wants to merge 13 commits into
mainfrom
feature/add-bearer-token-authentification
Open

Feature/add bearer token authentification#3
Saskia32123 wants to merge 13 commits into
mainfrom
feature/add-bearer-token-authentification

Conversation

@Saskia32123
Copy link
Copy Markdown
Collaborator

@Saskia32123 Saskia32123 commented Mar 18, 2026

Hier der Pull Request für die Bearertokenauthentifizierung + ein paar kleinere Improvements

Saskia added 9 commits February 16, 2026 16:27
Add Keycloak token support for FHIR server authentication
8f88e20 
Introduce Keycloak token management with prioritized authentication (Keycloak token, static bearer token, and basic auth). Add `KeycloakTokenManager` for token retrieval and caching. Update FHIR client to support bearer token authentication.
Add configuration properties for Keycloak token support
1beece9
Add spring-web dependencies (needed for rest communication)
c17ce7c
Add bearer token support for FHIR server authentication
69eaa67
Add workaround for non-values
3025465
Replace @PostConstruct with @Override in transfer methods to avoi…
005392d 
…d race conditions and initialization issues
Externalize sensitive configurations and environment-specific variabl…
3f1d4fe 
…es in `application.yml` and update `.gitignore` to exclude `.env` files.
Initialize resource list with supported FHIR resource types in `Bbmri…
507e6fc 
…2Mii` constructor (for fail-fast-principle and readability)
Remove unused @PostConstruct imports and .classpath entry from `.…
4cfe6d2 
…gitignore`.
patrick-skowronek
patrick-skowronek reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@patrick-skowronek patrick-skowronek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @Saskia32123 .

I have some comments and I need to apologize for the bad code 😅

  1. I would introduce a enum type for the authentication. Which is either a keycloak, static or basic auth. This would make the code cleaner. With @ConfigurationProperties you can do that. This would is then needed twice for the source and target.
  2. Some of the logs are quite bad, even before your PR. If you can change them, that would be nice. Otherwise I will improve them after this PR.

Comment thread src/main/java/de/samply/samplexchange/configuration/Configuration.java Outdated
Comment thread src/main/java/de/samply/samplexchange/utils/fhir/FhirComponent.java
Comment thread pom.xml
Comment thread src/main/java/de/samply/samplexchange/utils/auth/KeycloakTokenManager.java
Comment thread src/main/java/de/samply/samplexchange/SampleXChangeApplication.java
Comment thread src/main/java/de/samply/samplexchange/SampleXChangeApplication.java Outdated
Comment thread src/main/java/de/samply/samplexchange/utils/auth/KeycloakTokenManager.java Outdated
Comment thread src/main/java/de/samply/samplexchange/utils/auth/KeycloakTokenManager.java Outdated
Comment thread src/main/java/de/samply/samplexchange/resources/CauseOfDeathMapping.java
Comment thread src/main/java/de/samply/samplexchange/resources/CauseOfDeathMapping.java Outdated
@Saskia32123
Copy link
Copy Markdown
Collaborator Author

Saskia32123 commented May 28, 2026

Thank you @Saskia32123 .

I have some comments and I need to apologize for the bad code 😅

  1. I would introduce a enum type for the authentication. Which is either a keycloak, static or basic auth. This would make the code cleaner. With @ConfigurationProperties you can do that. This would is then needed twice for the source and target.
  2. Some of the logs are quite bad, even before your PR. If you can change them, that would be nice. Otherwise I will improve them after this PR.

Hi @patrick-skowronek the code gets the job done :) To your points:

  1. Good idea. Even though I am not sure, why we want to go with these categories especially since Keycloak offers various authentification option. Maybe it's useful to differentiate beween the protocols and think about which one's we want to support. Afaik shortlived Bearer Token is the modern approach? Basic Auth or Apikeys is rather something for legacy clients and not very secure (just coupled with HTTPS it's encrypted by TLS) and the data itsself is rather sensitive.
  2. Yes, I feel you have a clear strategy there, which I propably don't completly get? -> So I would suggest to open a seperate MR for that rework and if you like I can support you :)

Saskia added 3 commits May 28, 2026 15:15
Refactor FHIR server configuration:
ec3d6d7 
- Introduce `AuthType` enum and
- Refactor FHIR server configuration to support authentication types and retrieve via ConfigurationProperties
- Streamline `Configuration` class, and update `application.yml`.
Add .env.example template for environment-specific configuration.
ff457a3
Refactor FHIR server authentication setup:
9c09144 
- Replace priority-based auth logic with `AuthType`-based switch cases.
- Add validation for Keycloak, Bearer, and Basic auth configurations.
- Simplify source and target FHIR server initialization.
@Saskia32123
Copy link
Copy Markdown
Collaborator Author

Saskia32123 commented May 28, 2026

Thank you @Saskia32123 .
I have some comments and I need to apologize for the bad code 😅

  1. I would introduce a enum type for the authentication. Which is either a keycloak, static or basic auth. This would make the code cleaner. With @ConfigurationProperties you can do that. This would is then needed twice for the source and target.
  2. Some of the logs are quite bad, even before your PR. If you can change them, that would be nice. Otherwise I will improve them after this PR.

Hi @patrick-skowronek the code gets the job done :) To your points:

  1. Good idea. Even though I am not sure, why we want to go with these categories especially since Keycloak offers various authentification option. Maybe it's useful to differentiate beween the protocols and think about which one's we want to support. Afaik shortlived Bearer Token is the modern approach? Basic Auth or Apikeys is rather something for legacy clients and not very secure (just coupled with HTTPS it's encrypted by TLS) and the data itsself is rather sensitive.
  2. Yes, I feel you have a clear strategy there, which I propably don't completly get? -> So I would suggest to open a seperate MR for that rework and if you like I can support you :)

I implemented it like you suggested, but for a clear structure it maybe makes sense to differentiate between protocols and providers?

@patrick-skowronek
Copy link
Copy Markdown
Owner

patrick-skowronek commented May 28, 2026

Thank you @Saskia32123 .
I have some comments and I need to apologize for the bad code 😅

  1. I would introduce a enum type for the authentication. Which is either a keycloak, static or basic auth. This would make the code cleaner. With @ConfigurationProperties you can do that. This would is then needed twice for the source and target.
  2. Some of the logs are quite bad, even before your PR. If you can change them, that would be nice. Otherwise I will improve them after this PR.

Hi @patrick-skowronek the code gets the job done :) To your points:

  1. Good idea. Even though I am not sure, why we want to go with these categories especially since Keycloak offers various authentification option. Maybe it's useful to differentiate beween the protocols and think about which one's we want to support. Afaik shortlived Bearer Token is the modern approach? Basic Auth or Apikeys is rather something for legacy clients and not very secure (just coupled with HTTPS it's encrypted by TLS) and the data itsself is rather sensitive.
  2. Yes, I feel you have a clear strategy there, which I propably don't completly get? -> So I would suggest to open a seperate MR for that rework and if you like I can support you :)

I implemented it like you suggested, but for a clear structure it maybe makes sense to differentiate between protocols and providers?

Did you commit and pushed it already? From a code perspective it would be nice to have a switch case with all the options we provide. I think we don't support api keys. With you addition we would then support bearer token.

patrick-skowronek
patrick-skowronek approved these changes May 29, 2026
View reviewed changes
Comment thread src/main/java/de/samply/samplexchange/utils/auth/KeycloakTokenManager.java
Comment thread src/main/java/de/samply/samplexchange/resources/CauseOfDeathMapping.java
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@patrick-skowronek patrick-skowronek patrick-skowronek approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Saskia32123 @patrick-skowronek