search

hapifhir / hapi-fhir-jpaserver-starter

Apache License 2.0
379 stars 1.02k forks source link

enforce_referential_integrity_on_write not rejecting absolute urls to local resources #90

Closed CalebSLane closed 5 months ago

CalebSLane commented 4 years ago

I have set enforce_referential_integrity_on_write=true and have observed the jpa server reject any resource that references another resource that does not locally exist.

However, if I provide an absolute URL in the reference path it will successfully write the object no matter what. This occurs even when the provided absolute url points to the local jpa server.

I am running version 4.2.0 and have only modified fields in the hapi.properties file. I am running jpa server in docker container tomcat:9-jre11 running on Ubuntu 18.04

This is the bundle I am using to create the object:

{
    "resourceType": "Bundle",
    "id": "bundle-transaction",
    "meta": {
        "lastUpdated": "2014-08-18T01:43:30Z"
    },
    "type": "transaction",
    "entry": [
        {
            "fullUrl": "urn:uuid:61ebe359-bfdc-4613-8bf2-c5e300945f0a",
            "resource": {
                "resourceType": "Organization",
                "id": "hl7",
                "text": {
                    "status": "generated",
                    "div": "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n      Health Level Seven International\n      <br/>\n\t\t\t\t3300 Washtenaw Avenue, Suite 227\n      <br/>\n\t\t\t\tAnn Arbor, MI 48104\n      <br/>\n\t\t\t\tUSA\n      <br/>\n\t\t\t\t(+1) 734-677-7777 (phone)\n      <br/>\n\t\t\t\t(+1) 734-677-6622 (fax)\n      <br/>\n\t\t\t\tE-mail:  \n      <a href=\"mailto:hq@HL7.org\">hq@HL7.org</a>\n    \n    </div>"
                },
                "name": "Health Level Seven International",
                "alias": [
                    "HL7 International"
                ],
                "telecom": [
                    {
                        "system": "phone",
                        "value": "(+1) 734-677-7777"
                    },
                    {
                        "system": "fax",
                        "value": "(+1) 734-677-6622"
                    },
                    {
                        "system": "email",
                        "value": "hq@HL7.org"
                    }
                ],
                "address": [
                    {
                        "line": [
                            "3300 Washtenaw Avenue, Suite 227"
                        ],
                        "city": "Ann Arbor",
                        "state": "MI",
                        "postalCode": "48104",
                        "country": "USA"
                    }
                ],
                "endpoint": [
                    {
                        "reference": "http://localhost:8080/hapi-fhir-jpaserver/fhir/Endpoint/wrong"
                    }
                ]
            },
            "request": {
                "method": "PUT",
                "url": "Organization/hl7"
            }
        }
    ]
}

Here is my hapi.properties:

# Adjust this to set the version of FHIR supported by this server. See
# FhirVersionEnum for a list of available constants. Example values include
# DSTU2, DSTU3, R4.
fhir_version=R4

# This is the address that the FHIR server will report as its own address.
# If this server will be deployed (for example) to an internet accessible
# server, put the DNS name of that server here.
#
# Note that this is also the address that the hapi-fhir-testpage-overlay
# (the web UI similar to the one at http://hapi.fhir.org) will use to
# connect internally to the FHIR server, so this also needs to be a name
# accessible from the server itself.
server_address=http://localhost:8080/hapi-fhir-jpaserver/fhir/

enable_index_missing_fields=false
auto_create_placeholder_reference_targets=false
enforce_referential_integrity_on_write=true
enforce_referential_integrity_on_delete=true
default_encoding=JSON
etag_support=ENABLED
reuse_cached_search_results_millis=60000
retain_cached_searches_mins=60
default_page_size=20
max_page_size=200
allow_override_default_search_params=true
allow_contains_searches=true
allow_multiple_delete=true
allow_external_references=true
allow_cascading_deletes=true
allow_placeholder_references=false
expunge_enabled=true
persistence_unit_name=HAPI_PU
logger.name=fhirtest.access
logger.format=Path[${servletPath}] Source[${requestHeader.x-forwarded-for}] Operation[${operationType} ${operationName} ${idOrResourceName}] UA[${requestHeader.user-agent}] Params[${requestParameters}] ResponseEncoding[${responseEncodingNoDefault}]
logger.error_format=ERROR - ${requestVerb} ${requestUrl}
logger.log_exceptions=true
datasource.driver=org.h2.Driver
datasource.url=jdbc:h2:file:./target/database/h2
datasource.username=
datasource.password=
server.name=Local Tester
server.id=home
test.port=

###################################################
# Binary Storage (104857600 = 100mb)
###################################################
max_binary_size=104857600

###################################################
# Validation
###################################################
# Should all incoming requests be validated
validation.requests.enabled=false
# Should outgoing responses be validated
validation.responses.enabled=false

###################################################
# Search Features
###################################################
filter_search.enabled=true
graphql.enabled=true

###################################################
# Supported Resources
###################################################
# Enable the following property if you want to customize the
# list of resources that is supported by the server (i.e. to
# disable specific resources)
#supported_resource_types=Patient,Observation,Encounter

###################################################
# Database Settings
###################################################
hibernate.dialect=org.hibernate.dialect.H2Dialect
hibernate.search.model_mapping=ca.uhn.fhir.jpa.search.LuceneSearchMappingFactory
hibernate.format_sql=false
hibernate.show_sql=false
hibernate.hbm2ddl.auto=update
hibernate.jdbc.batch_size=20
hibernate.cache.use_query_cache=false
hibernate.cache.use_second_level_cache=false
hibernate.cache.use_structured_entries=false
hibernate.cache.use_minimal_puts=false
hibernate.search.default.directory_provider=filesystem
hibernate.search.default.indexBase=target/lucenefiles
hibernate.search.lucene_version=LUCENE_CURRENT
tester.config.refuse_to_fetch_third_party_urls=false

##################################################
# ElasticSearch
# Note that using ElasticSearch is disabled by
# default and the server will use Lucene instead.
##################################################
elasticsearch.enabled=false
elasticsearch.rest_url=http://localhost:9200
elasticsearch.username=SomeUsername
elasticsearch.password=SomePassword
elasticsearch.required_index_status=YELLOW
elasticsearch.schema_management_strategy=CREATE
# Immediately refresh indexes after every write. This is very bad for
# performance, but can be helpful for testing.
elasticsearch.debug.refresh_after_write=false
elasticsearch.debug.pretty_print_json_log=false

##################################################
# Binary Storage Operations
##################################################
binary_storage.enabled=true

##################################################
# Bulk Data Specification
##################################################
bulk.export.enabled=true

##################################################
# CORS Settings
##################################################
cors.enabled=true
cors.allowCredentials=true
# Supports multiple, comma separated allowed origin entries
# cors.allowed_origin=http://localhost:8080,https://localhost:8080,https://fhirtest.uhn.ca
cors.allow_origin=*

##################################################
# Allowed Bundle Types for persistence (defaults are: COLLECTION,DOCUMENT,MESSAGE)
##################################################
#allowed_bundle_types=COLLECTION,DOCUMENT,MESSAGE,TRANSACTION,TRANSACTIONRESPONSE,BATCH,BATCHRESPONSE,HISTORY,SEARCHSET

##################################################
# Subscriptions
##################################################

# Enable REST Hook Subscription Channel
subscription.resthook.enabled=true

# Enable Email Subscription Channel
subscription.email.enabled=false
email.enabled=false
email.from=some@test.com
email.host=
email.port=0
email.username=
email.password=

# Enable Websocket Subscription Channel
subscription.websocket.enabled=false
CalebSLane commented 4 years ago

Additionally, this appears to affect search's _include functionality, as it will only include references to local resources that were not specified with an absolute url

github-actions[bot] commented 5 months ago

This issue is stale because it has been open 730 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] commented 5 months ago

This issue was closed because it has been stalled for 5 days with no activity.