From 5d04727dc4d1626e2dc91cbed3ddca154b48a0fc Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Mon, 17 May 2021 19:45:46 +0500
Subject: [PATCH 01/15] 40 : Added keycloak configuration

---
 .../autoconfigure/FhirAutoConfiguration.java  |  9 ++
 .../autoconfigure/KeycloakSecurityConfig.java | 89 +++++++++++++++++++
 .../src/main/resources/keycloak.json          | 10 +++
 3 files changed, 108 insertions(+)
 create mode 100644 hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java
 create mode 100755 hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/keycloak.json

diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
index 9de485983005..02331a952c26 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
@@ -71,6 +71,7 @@
 import org.springframework.context.annotation.Primary;
 import org.springframework.core.annotation.AnnotationAwareOrderComparator;
 import org.springframework.orm.jpa.JpaTransactionManager;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.transaction.PlatformTransactionManager;
 import org.springframework.util.CollectionUtils;
 
@@ -88,6 +89,7 @@
 @Configuration
 @AutoConfigureAfter({DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class})
 @EnableConfigurationProperties(FhirProperties.class)
+@EnableWebSecurity
 public class FhirAutoConfiguration {
 
 
@@ -104,6 +106,13 @@ public FhirContext fhirContext() {
 		return fhirContext;
 	}
 
+	@Bean
+	@ConditionalOnMissingBean
+	public KeycloakSecurityConfig keycloakSecurityConfig() {
+		KeycloakSecurityConfig keycloakSecurityConfig = new KeycloakSecurityConfig();
+		return keycloakSecurityConfig;
+	}
+
 
 	@Configuration
 	@ConditionalOnClass(AbstractJaxRsProvider.class)
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java
new file mode 100644
index 000000000000..95fbd514c4bc
--- /dev/null
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java
@@ -0,0 +1,89 @@
+package ca.uhn.fhir.spring.boot.autoconfigure;
+
+import org.keycloak.adapters.AdapterDeploymentContext;
+import org.keycloak.adapters.KeycloakConfigResolver;
+import org.keycloak.adapters.KeycloakDeployment;
+import org.keycloak.adapters.KeycloakDeploymentBuilder;
+import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
+import org.keycloak.adapters.springsecurity.AdapterDeploymentContextFactoryBean;
+import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
+import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
+import org.keycloak.adapters.springsecurity.config.KeycloakSpringConfigResolverWrapper;
+import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.core.io.Resource;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
+import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+
+@KeycloakConfiguration
+@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
+public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
+
+	@Value("${keycloak.configurationFile:keycloak.json}")
+	private Resource keycloakConfigFileResource;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        super.configure(http);
+        http.authorizeRequests()
+            .anyRequest()
+            .permitAll();
+        http.csrf().disable();
+    }
+
+    @Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+        KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
+        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
+        auth.authenticationProvider(keycloakAuthenticationProvider);
+    }
+
+    @Bean
+    @Override
+    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
+        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
+    }
+
+    @Bean
+    public KeycloakConfigResolver KeycloakConfigResolver() {
+        return new KeycloakSpringBootConfigResolver();
+    }
+
+	@Bean
+	public KeycloakDeployment keycloakDeployment() throws IOException {
+		if (!keycloakConfigFileResource.isReadable()) {
+			throw new FileNotFoundException(String.format("Unable to locate Keycloak configuration file: %s",
+				keycloakConfigFileResource.getFilename()));
+		}
+
+		try(InputStream inputStream=keycloakConfigFileResource.getInputStream()){
+			return KeycloakDeploymentBuilder.build(inputStream);
+		}
+
+	}
+
+	@Bean
+	protected AdapterDeploymentContext adapterDeploymentContext() throws Exception {
+		AdapterDeploymentContextFactoryBean factoryBean;
+		if (this.KeycloakConfigResolver() != null) {
+			factoryBean = new AdapterDeploymentContextFactoryBean(new KeycloakSpringConfigResolverWrapper(this.KeycloakConfigResolver()));
+		} else {
+			factoryBean = new AdapterDeploymentContextFactoryBean(this.keycloakConfigFileResource);
+		}
+
+		factoryBean.afterPropertiesSet();
+		return factoryBean.getObject();
+	}
+
+}
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/keycloak.json b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/keycloak.json
new file mode 100755
index 000000000000..6abbefdaa9f8
--- /dev/null
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/keycloak.json
@@ -0,0 +1,10 @@
+{
+  "realm": "Opensrp",
+  "auth-server-url": "http://localhost:8181/auth/",
+  "ssl-required": "external",
+  "resource": "opensrp-server",
+  "credentials": {
+    "secret": "b30a2b3a-f56e-483f-9ca7-e428a651b88d"
+  },
+  "confidential-port": 0
+}
\ No newline at end of file

From 6d5577f455e9e1811af098b8ad40287b7833e11a Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Thu, 20 May 2021 12:22:52 +0500
Subject: [PATCH 02/15] 40 : Added keycloak configuration

---
 .../autoconfigure/KeycloakSecurityConfig.java | 116 +++++++++++++-----
 .../src/main/resources/application.properties |   8 ++
 .../src/main/resources/keycloak.json          |  19 +--
 3 files changed, 105 insertions(+), 38 deletions(-)
 create mode 100644 hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.properties

diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java
index 95fbd514c4bc..4869fafa3c8a 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java
@@ -8,14 +8,17 @@
 import org.keycloak.adapters.springsecurity.AdapterDeploymentContextFactoryBean;
 import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
 import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
+import org.keycloak.adapters.springsecurity.client.KeycloakClientRequestFactory;
+import org.keycloak.adapters.springsecurity.client.KeycloakRestTemplate;
 import org.keycloak.adapters.springsecurity.config.KeycloakSpringConfigResolverWrapper;
 import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.beans.factory.config.ConfigurableBeanFactory;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Scope;
 import org.springframework.core.io.Resource;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
 import org.springframework.security.core.session.SessionRegistryImpl;
@@ -27,38 +30,92 @@
 import java.io.InputStream;
 
 @KeycloakConfiguration
-@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
 public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
 
 	@Value("${keycloak.configurationFile:keycloak.json}")
 	private Resource keycloakConfigFileResource;
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        super.configure(http);
-        http.authorizeRequests()
-            .anyRequest()
-            .permitAll();
-        http.csrf().disable();
-    }
-
-    @Autowired
-    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-        KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
-        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
-        auth.authenticationProvider(keycloakAuthenticationProvider);
-    }
-
-    @Bean
-    @Override
-    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
-        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
-    }
-
-    @Bean
-    public KeycloakConfigResolver KeycloakConfigResolver() {
-        return new KeycloakSpringBootConfigResolver();
-    }
+	@Autowired
+	private KeycloakClientRequestFactory keycloakClientRequestFactory;
+
+	private static final String CORS_ALLOWED_HEADERS = "origin,content-type,accept,x-requested-with,Authorization";
+
+	/**
+	 * Registers the KeycloakAuthenticationProvider with the authentication manager.
+	 */
+	@Autowired
+	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
+		keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
+		auth.authenticationProvider(keycloakAuthenticationProvider);
+	}
+
+	/**
+	 * Defines the session authentication strategy.
+	 */
+	@Bean
+	@Override
+	protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
+		return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
+	}
+
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+//		super.configure(http);
+		/* @formatter:off */
+//		http
+//			.csrf().disable() // <- THIS LINE
+//			.cors().disable()
+//			.authorizeRequests()
+////			.antMatchers("/**", "/fhir/**", "/fhir/")
+////			.hasAnyRole()
+//			.anyRequest()
+//			.authenticated();
+
+		//working
+		http.authorizeRequests()
+			.anyRequest()
+			.permitAll();
+		http.csrf().disable();
+		//working end
+
+//		http
+//			.authorizeRequests()
+//			.anyRequest().authenticated()
+//			.and()
+//			.csrf()
+//			.ignoringAntMatchers("/fhir/**","/fhir/patient/**")
+//			.and()
+//			.logout()
+//			.logoutRequestMatcher(new AntPathRequestMatcher("logout.do", "GET"));
+
+		/* @formatter:on */
+
+	}
+
+//	@Bean
+//	public CorsConfigurationSource corsConfigurationSource() {
+//		CorsConfiguration configuration = new CorsConfiguration();
+//		configuration.setAllowedOrigins(Arrays.asList(opensrpAllowedSources.split(",")));
+//		configuration.setAllowedMethods(Arrays.asList(GET.name(), POST.name(), PUT.name(), DELETE.name()));
+//		configuration.setAllowedHeaders(Arrays.asList(CORS_ALLOWED_HEADERS.split(",")));
+//		configuration.setMaxAge(corsMaxAge);
+//		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+//		source.registerCorsConfiguration("/**", configuration);
+//		return source;
+//	}
+
+	@Bean
+	@Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
+	@Autowired
+	public KeycloakRestTemplate keycloakRestTemplate() {
+		return new KeycloakRestTemplate(keycloakClientRequestFactory);
+	}
+
+	@Bean
+	public KeycloakConfigResolver KeycloakConfigResolver() {
+		return new KeycloakSpringBootConfigResolver();
+	}
 
 	@Bean
 	public KeycloakDeployment keycloakDeployment() throws IOException {
@@ -67,13 +124,14 @@ public KeycloakDeployment keycloakDeployment() throws IOException {
 				keycloakConfigFileResource.getFilename()));
 		}
 
-		try(InputStream inputStream=keycloakConfigFileResource.getInputStream()){
+		try (InputStream inputStream = keycloakConfigFileResource.getInputStream()) {
 			return KeycloakDeploymentBuilder.build(inputStream);
 		}
 
 	}
 
 	@Bean
+	@Override
 	protected AdapterDeploymentContext adapterDeploymentContext() throws Exception {
 		AdapterDeploymentContextFactoryBean factoryBean;
 		if (this.KeycloakConfigResolver() != null) {
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.properties b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.properties
new file mode 100644
index 000000000000..fd25513402f2
--- /dev/null
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.properties
@@ -0,0 +1,8 @@
+keycloak.realm                      = Opensrp
+keycloak.auth-server-url            = http://localhost:8181/auth
+keycloak.ssl-required               = external
+keycloak.resource                   = opensrp-server
+keycloak.credentials.secret         = b30a2b3a-f56e-483f-9ca7-e428a651b88d
+keycloak.use-resource-role-mappings = true
+keycloak.bearer-only                = true
+keycloak.enabled=true
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/keycloak.json b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/keycloak.json
index 6abbefdaa9f8..c47866e6082d 100755
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/keycloak.json
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/keycloak.json
@@ -1,10 +1,11 @@
 {
-  "realm": "Opensrp",
-  "auth-server-url": "http://localhost:8181/auth/",
-  "ssl-required": "external",
-  "resource": "opensrp-server",
-  "credentials": {
-    "secret": "b30a2b3a-f56e-483f-9ca7-e428a651b88d"
-  },
-  "confidential-port": 0
-}
\ No newline at end of file
+	"realm": "Opensrp",
+	"auth-server-url": "http://localhost:8181/auth/",
+	"ssl-required": "external",
+	"resource": "opensrp-server",
+	"credentials": {
+		"secret": "b30a2b3a-f56e-483f-9ca7-e428a651b88d"
+	},
+	"confidential-port": 0,
+	"policy-enforcer": {}
+}

From 7ec74796f31edeb6dfe7566a0cb6fbf844e8dbc7 Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Thu, 20 May 2021 12:23:42 +0500
Subject: [PATCH 03/15] 40 : Added keycloak configuration

---
 .../src/main/resources/application.yml        | 25 ++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-samples/hapi-fhir-spring-boot-sample-server-jersey/src/main/resources/application.yml b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-samples/hapi-fhir-spring-boot-sample-server-jersey/src/main/resources/application.yml
index 325409646b7b..0d25ea8f9bef 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-samples/hapi-fhir-spring-boot-sample-server-jersey/src/main/resources/application.yml
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-samples/hapi-fhir-spring-boot-sample-server-jersey/src/main/resources/application.yml
@@ -13,9 +13,32 @@ hapi:
     validation:
       enabled: true
       request-only: true
+    keycloak:
+       realm: Opensrp
 management:
   security:
     enabled: false
 logging:
   level:
-    ca.uhn.fhir.jaxrs: debug
\ No newline at end of file
+    ca.uhn.fhir.jaxrs: debug
+    org.keycloak: debug
+keycloak:
+   auth-server-url: http://localhost:8181/auth/
+   realm: Opensrp
+   ssl-required: external
+   resource: opensrp-server
+   credentials:
+      secret: b30a2b3a-f56e-483f-9ca7-e428a651b88d
+   confidential-port: 0
+   enabled: true
+   public-client: true
+   bearer-only: true
+#   security-constraints:
+#      -  auth-roles:
+#            - "*"
+#      security-collections:
+#         -  name:
+#            patterns:
+#               - /*
+
+

From 937317663ae8e9b260e636a970ac209d5559eba2 Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Thu, 20 May 2021 12:25:00 +0500
Subject: [PATCH 04/15] 40 : Added keycloak configuration

---
 .../boot/autoconfigure/FhirAutoConfiguration.java  | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
index 02331a952c26..46e4ba5838f9 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
@@ -48,6 +48,7 @@
 import ca.uhn.fhir.rest.server.interceptor.ResponseValidatingInterceptor;
 import okhttp3.OkHttpClient;
 import org.apache.http.client.HttpClient;
+import org.keycloak.adapters.springsecurity.client.KeycloakClientRequestFactory;
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
@@ -63,6 +64,7 @@
 import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
 import org.springframework.boot.web.servlet.ServletRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Conditional;
@@ -72,6 +74,7 @@
 import org.springframework.core.annotation.AnnotationAwareOrderComparator;
 import org.springframework.orm.jpa.JpaTransactionManager;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.session.HttpSessionEventPublisher;
 import org.springframework.transaction.PlatformTransactionManager;
 import org.springframework.util.CollectionUtils;
 
@@ -106,6 +109,13 @@ public FhirContext fhirContext() {
 		return fhirContext;
 	}
 
+	@Bean
+	@ConditionalOnMissingBean
+	public KeycloakClientRequestFactory keycloakClientRequestFactory() {
+		KeycloakClientRequestFactory keycloakClientRequestFactory = new KeycloakClientRequestFactory();
+		return keycloakClientRequestFactory;
+	}
+
 	@Bean
 	@ConditionalOnMissingBean
 	public KeycloakSecurityConfig keycloakSecurityConfig() {
@@ -113,6 +123,10 @@ public KeycloakSecurityConfig keycloakSecurityConfig() {
 		return keycloakSecurityConfig;
 	}
 
+	@Bean
+	public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
+		return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher());
+	}
 
 	@Configuration
 	@ConditionalOnClass(AbstractJaxRsProvider.class)

From 5046a535a419e7961df5555379a4e66aa1fb8cbf Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Thu, 20 May 2021 17:27:49 +0500
Subject: [PATCH 05/15] 40 : Added keycloak configuration

---
 .../pom.xml                                   | 113 ++++++++++++++++--
 1 file changed, 106 insertions(+), 7 deletions(-)

diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml
index 58483804fd38..2128aa2c9c1e 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml
@@ -13,6 +13,12 @@
 
 	<packaging>jar</packaging>
 
+	<properties>
+		<spring.security.oauth.version>2.4.0.RELEASE</spring.security.oauth.version>
+		<spring-boot-starter-security.version>2.4.5</spring-boot-starter-security.version>
+
+	</properties>
+
 	<dependencies>
 		<!-- Compile dependencies -->
 		<dependency>
@@ -111,6 +117,48 @@
 			<version>${project.version}</version>
 			<scope>test</scope>
 		</dependency>
+
+<!--		//working-->
+<!--		<dependency>-->
+<!--			<groupId>org.springframework.boot</groupId>-->
+<!--			<artifactId>spring-boot-starter-security</artifactId>-->
+<!--			<version>2.2.6.RELEASE</version>-->
+<!--		</dependency>-->
+<!--		<dependency>-->
+<!--			<groupId>org.keycloak</groupId>-->
+<!--			<artifactId>keycloak-spring-security-adapter</artifactId>-->
+<!--			<version>11.0.3</version>-->
+<!--		</dependency>-->
+<!--		<dependency>-->
+<!--			<groupId>org.keycloak</groupId>-->
+<!--			<artifactId>keycloak-spring-boot-starter</artifactId>-->
+<!--			<version>11.0.3</version>-->
+<!--		</dependency>-->
+
+<!--				<dependency>-->
+<!--					<groupId>com.dinuth</groupId>-->
+<!--					<artifactId>keycloak-springboot-microservice</artifactId>-->
+<!--					<version>0.0.1-SNAPSHOT</version>-->
+<!--				</dependency>-->
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+			<version>${spring-boot-starter-security.version}</version>
+		</dependency>
+
+		<!-- KeyCloak -->
+		<dependency>
+			<groupId>org.keycloak</groupId>
+			<artifactId>keycloak-spring-boot-starter</artifactId>
+			<version>13.0.0</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+		</dependency>
+
 	</dependencies>
 
 	<dependencyManagement>
@@ -123,18 +171,69 @@
 				<scope>import</scope>
 				<optional>true</optional>
 			</dependency>
+<!--			<dependency>-->
+<!--				<groupId>org.keycloak</groupId>-->
+<!--				<artifactId>keycloak-spring-security-adapter</artifactId>-->
+<!--				<version>9.0.3</version>-->
+<!--			</dependency>-->
+<!--			<dependency>-->
+<!--				<groupId>org.springframework.security.oauth</groupId>-->
+<!--				<artifactId>spring-security-oauth2</artifactId>-->
+<!--				<version>${spring.security.oauth.version}</version>-->
+<!--			</dependency>-->
+<!--			<dependency>-->
+<!--				<groupId>org.springframework.boot</groupId>-->
+<!--				<artifactId>spring-boot-starter-security</artifactId>-->
+<!--				<version>2.2.6.RELEASE</version>-->
+<!--			</dependency>-->
+
+<!--			&lt;!&ndash; https://mvnrepository.com/artifact/org.keycloak/keycloak-spring-boot-starter &ndash;&gt;-->
+<!--			<dependency>-->
+<!--				<groupId>org.keycloak</groupId>-->
+<!--				<artifactId>keycloak-spring-boot-starter</artifactId>-->
+<!--				<version>12.0.4</version>-->
+<!--			</dependency>-->
+
+<!--			&lt;!&ndash; https://mvnrepository.com/artifact/org.keycloak/keycloak-spring-boot-adapter &ndash;&gt;-->
+<!--			<dependency>-->
+<!--				<groupId>org.keycloak</groupId>-->
+<!--				<artifactId>keycloak-spring-boot-adapter</artifactId>-->
+<!--				<version>12.0.4</version>-->
+<!--			</dependency>-->
+
+<!--			<dependency>-->
+<!--				<groupId>org.keycloak.bom</groupId>-->
+<!--				<artifactId>keycloak-adapter-bom</artifactId>-->
+<!--				<version>${keycloak.version}</version>-->
+<!--				<type>pom</type>-->
+<!--				<scope>import</scope>-->
+<!--			</dependency>-->
+
+<!--			<dependency>-->
+<!--				<groupId>org.keycloak</groupId>-->
+<!--				<artifactId>keycloak-spring-boot-adapter</artifactId>-->
+<!--				<version>12.0.4</version>-->
+<!--			</dependency>-->
+			<!-- https://mvnrepository.com/artifact/org.keycloak.bom/keycloak-adapter-bom -->
+<!--			<dependency>-->
+<!--				<groupId>org.keycloak.bom</groupId>-->
+<!--				<artifactId>keycloak-adapter-bom</artifactId>-->
+<!--				<version>11.0.3</version>-->
+<!--				<type>pom</type>-->
+<!--			</dependency>-->
+
 		</dependencies>
 	</dependencyManagement>
 
 	<build>
 		<plugins>
-			<plugin>
-				<groupId>org.basepom.maven</groupId>
-				<artifactId>duplicate-finder-maven-plugin</artifactId>
-				<configuration>
-					<skip>true</skip>
-				</configuration>
-			</plugin>
+<!--			<plugin>-->
+<!--				<groupId>org.basepom.maven</groupId>-->
+<!--				<artifactId>duplicate-finder-maven-plugin</artifactId>-->
+<!--				<configuration>-->
+<!--					<skip>true</skip>-->
+<!--				</configuration>-->
+<!--			</plugin>-->
 		</plugins>
 	</build>
 

From e3b5f8cc15392fca35af2de1ec1276a825b2c144 Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Tue, 25 May 2021 12:33:06 +0500
Subject: [PATCH 06/15] 40 : Add keycloak configuration

---
 .../pom.xml                                   | 119 ++++-------------
 .../autoconfigure/FhirAutoConfiguration.java  |  15 +--
 .../autoconfigure/KeycloakSecurityConfig.java | 125 ++----------------
 .../src/main/resources/application.properties |   8 --
 .../src/main/resources/application.yml        |   6 +
 .../src/main/resources/keycloak.json          |  11 --
 .../src/main/resources/application.yml        |  12 --
 7 files changed, 44 insertions(+), 252 deletions(-)
 delete mode 100644 hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.properties
 create mode 100644 hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.yml
 delete mode 100755 hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/keycloak.json

diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml
index 2128aa2c9c1e..931f87bb8bc3 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml
@@ -13,18 +13,17 @@
 
 	<packaging>jar</packaging>
 
-	<properties>
+<!--	<properties>
 		<spring.security.oauth.version>2.4.0.RELEASE</spring.security.oauth.version>
 		<spring-boot-starter-security.version>2.4.5</spring-boot-starter-security.version>
 
 	</properties>
-
+-->
 	<dependencies>
 		<!-- Compile dependencies -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-autoconfigure</artifactId>
-			<version>${spring_boot_version}</version>
 		</dependency>
 
 		<!-- Optional dependencies -->
@@ -75,7 +74,6 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-configuration-processor</artifactId>
 			<optional>true</optional>
-			<version>${spring_boot_version}</version>
 		</dependency>
 
 		<!-- Test dependencies -->
@@ -118,47 +116,22 @@
 			<scope>test</scope>
 		</dependency>
 
-<!--		//working-->
-<!--		<dependency>-->
-<!--			<groupId>org.springframework.boot</groupId>-->
-<!--			<artifactId>spring-boot-starter-security</artifactId>-->
-<!--			<version>2.2.6.RELEASE</version>-->
-<!--		</dependency>-->
-<!--		<dependency>-->
-<!--			<groupId>org.keycloak</groupId>-->
-<!--			<artifactId>keycloak-spring-security-adapter</artifactId>-->
-<!--			<version>11.0.3</version>-->
-<!--		</dependency>-->
-<!--		<dependency>-->
-<!--			<groupId>org.keycloak</groupId>-->
-<!--			<artifactId>keycloak-spring-boot-starter</artifactId>-->
-<!--			<version>11.0.3</version>-->
-<!--		</dependency>-->
-
-<!--				<dependency>-->
-<!--					<groupId>com.dinuth</groupId>-->
-<!--					<artifactId>keycloak-springboot-microservice</artifactId>-->
-<!--					<version>0.0.1-SNAPSHOT</version>-->
-<!--				</dependency>-->
-
+		<dependency>
+		    <groupId>org.keycloak</groupId>
+		    <artifactId>keycloak-spring-boot-starter</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-security</artifactId>
-			<version>${spring-boot-starter-security.version}</version>
+			<artifactId>spring-boot-starter-web</artifactId>
 		</dependency>
-
-		<!-- KeyCloak -->
 		<dependency>
-			<groupId>org.keycloak</groupId>
-			<artifactId>keycloak-spring-boot-starter</artifactId>
-			<version>13.0.0</version>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-web</artifactId>
 		</dependency>
-
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-web</artifactId>
+			<artifactId>spring-boot-starter-security</artifactId>
 		</dependency>
-
 	</dependencies>
 
 	<dependencyManagement>
@@ -171,69 +144,25 @@
 				<scope>import</scope>
 				<optional>true</optional>
 			</dependency>
-<!--			<dependency>-->
-<!--				<groupId>org.keycloak</groupId>-->
-<!--				<artifactId>keycloak-spring-security-adapter</artifactId>-->
-<!--				<version>9.0.3</version>-->
-<!--			</dependency>-->
-<!--			<dependency>-->
-<!--				<groupId>org.springframework.security.oauth</groupId>-->
-<!--				<artifactId>spring-security-oauth2</artifactId>-->
-<!--				<version>${spring.security.oauth.version}</version>-->
-<!--			</dependency>-->
-<!--			<dependency>-->
-<!--				<groupId>org.springframework.boot</groupId>-->
-<!--				<artifactId>spring-boot-starter-security</artifactId>-->
-<!--				<version>2.2.6.RELEASE</version>-->
-<!--			</dependency>-->
-
-<!--			&lt;!&ndash; https://mvnrepository.com/artifact/org.keycloak/keycloak-spring-boot-starter &ndash;&gt;-->
-<!--			<dependency>-->
-<!--				<groupId>org.keycloak</groupId>-->
-<!--				<artifactId>keycloak-spring-boot-starter</artifactId>-->
-<!--				<version>12.0.4</version>-->
-<!--			</dependency>-->
-
-<!--			&lt;!&ndash; https://mvnrepository.com/artifact/org.keycloak/keycloak-spring-boot-adapter &ndash;&gt;-->
-<!--			<dependency>-->
-<!--				<groupId>org.keycloak</groupId>-->
-<!--				<artifactId>keycloak-spring-boot-adapter</artifactId>-->
-<!--				<version>12.0.4</version>-->
-<!--			</dependency>-->
-
-<!--			<dependency>-->
-<!--				<groupId>org.keycloak.bom</groupId>-->
-<!--				<artifactId>keycloak-adapter-bom</artifactId>-->
-<!--				<version>${keycloak.version}</version>-->
-<!--				<type>pom</type>-->
-<!--				<scope>import</scope>-->
-<!--			</dependency>-->
-
-<!--			<dependency>-->
-<!--				<groupId>org.keycloak</groupId>-->
-<!--				<artifactId>keycloak-spring-boot-adapter</artifactId>-->
-<!--				<version>12.0.4</version>-->
-<!--			</dependency>-->
-			<!-- https://mvnrepository.com/artifact/org.keycloak.bom/keycloak-adapter-bom -->
-<!--			<dependency>-->
-<!--				<groupId>org.keycloak.bom</groupId>-->
-<!--				<artifactId>keycloak-adapter-bom</artifactId>-->
-<!--				<version>11.0.3</version>-->
-<!--				<type>pom</type>-->
-<!--			</dependency>-->
-
+			<dependency>
+	            <groupId>org.keycloak.bom</groupId>
+	            <artifactId>keycloak-adapter-bom</artifactId>
+	            <version>13.0.0</version>
+	            <type>pom</type>
+	            <scope>import</scope>
+	        </dependency>
 		</dependencies>
 	</dependencyManagement>
 
 	<build>
 		<plugins>
-<!--			<plugin>-->
-<!--				<groupId>org.basepom.maven</groupId>-->
-<!--				<artifactId>duplicate-finder-maven-plugin</artifactId>-->
-<!--				<configuration>-->
-<!--					<skip>true</skip>-->
-<!--				</configuration>-->
-<!--			</plugin>-->
+			<plugin>
+				<groupId>org.basepom.maven</groupId>
+				<artifactId>duplicate-finder-maven-plugin</artifactId>
+				<configuration>
+					<skip>true</skip>
+				</configuration>
+			</plugin>
 		</plugins>
 	</build>
 
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
index 46e4ba5838f9..35a412391d3c 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
@@ -48,7 +48,6 @@
 import ca.uhn.fhir.rest.server.interceptor.ResponseValidatingInterceptor;
 import okhttp3.OkHttpClient;
 import org.apache.http.client.HttpClient;
-import org.keycloak.adapters.springsecurity.client.KeycloakClientRequestFactory;
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
@@ -93,6 +92,7 @@
 @AutoConfigureAfter({DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class})
 @EnableConfigurationProperties(FhirProperties.class)
 @EnableWebSecurity
+@Import({ KeycloakSecurityConfig.class })
 public class FhirAutoConfiguration {
 
 
@@ -109,19 +109,6 @@ public FhirContext fhirContext() {
 		return fhirContext;
 	}
 
-	@Bean
-	@ConditionalOnMissingBean
-	public KeycloakClientRequestFactory keycloakClientRequestFactory() {
-		KeycloakClientRequestFactory keycloakClientRequestFactory = new KeycloakClientRequestFactory();
-		return keycloakClientRequestFactory;
-	}
-
-	@Bean
-	@ConditionalOnMissingBean
-	public KeycloakSecurityConfig keycloakSecurityConfig() {
-		KeycloakSecurityConfig keycloakSecurityConfig = new KeycloakSecurityConfig();
-		return keycloakSecurityConfig;
-	}
 
 	@Bean
 	public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java
index 4869fafa3c8a..340c69def1ec 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java
@@ -1,147 +1,48 @@
 package ca.uhn.fhir.spring.boot.autoconfigure;
 
-import org.keycloak.adapters.AdapterDeploymentContext;
 import org.keycloak.adapters.KeycloakConfigResolver;
-import org.keycloak.adapters.KeycloakDeployment;
-import org.keycloak.adapters.KeycloakDeploymentBuilder;
 import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
-import org.keycloak.adapters.springsecurity.AdapterDeploymentContextFactoryBean;
 import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
 import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
-import org.keycloak.adapters.springsecurity.client.KeycloakClientRequestFactory;
-import org.keycloak.adapters.springsecurity.client.KeycloakRestTemplate;
-import org.keycloak.adapters.springsecurity.config.KeycloakSpringConfigResolverWrapper;
 import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.beans.factory.config.ConfigurableBeanFactory;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Scope;
-import org.springframework.core.io.Resource;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
-import org.springframework.security.core.session.SessionRegistryImpl;
-import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
 
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-
 @KeycloakConfiguration
 public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
 
-	@Value("${keycloak.configurationFile:keycloak.json}")
-	private Resource keycloakConfigFileResource;
-
 	@Autowired
-	private KeycloakClientRequestFactory keycloakClientRequestFactory;
+	public void configureGlobal(AuthenticationManagerBuilder auth) {
 
-	private static final String CORS_ALLOWED_HEADERS = "origin,content-type,accept,x-requested-with,Authorization";
-
-	/**
-	 * Registers the KeycloakAuthenticationProvider with the authentication manager.
-	 */
-	@Autowired
-	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 		KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
 		keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
 		auth.authenticationProvider(keycloakAuthenticationProvider);
 	}
 
-	/**
-	 * Defines the session authentication strategy.
-	 */
 	@Bean
-	@Override
-	protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
-		return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
-	}
-
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
-//		super.configure(http);
-		/* @formatter:off */
-//		http
-//			.csrf().disable() // <- THIS LINE
-//			.cors().disable()
-//			.authorizeRequests()
-////			.antMatchers("/**", "/fhir/**", "/fhir/")
-////			.hasAnyRole()
-//			.anyRequest()
-//			.authenticated();
-
-		//working
-		http.authorizeRequests()
-			.anyRequest()
-			.permitAll();
-		http.csrf().disable();
-		//working end
-
-//		http
-//			.authorizeRequests()
-//			.anyRequest().authenticated()
-//			.and()
-//			.csrf()
-//			.ignoringAntMatchers("/fhir/**","/fhir/patient/**")
-//			.and()
-//			.logout()
-//			.logoutRequestMatcher(new AntPathRequestMatcher("logout.do", "GET"));
-
-		/* @formatter:on */
-
-	}
-
-//	@Bean
-//	public CorsConfigurationSource corsConfigurationSource() {
-//		CorsConfiguration configuration = new CorsConfiguration();
-//		configuration.setAllowedOrigins(Arrays.asList(opensrpAllowedSources.split(",")));
-//		configuration.setAllowedMethods(Arrays.asList(GET.name(), POST.name(), PUT.name(), DELETE.name()));
-//		configuration.setAllowedHeaders(Arrays.asList(CORS_ALLOWED_HEADERS.split(",")));
-//		configuration.setMaxAge(corsMaxAge);
-//		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-//		source.registerCorsConfiguration("/**", configuration);
-//		return source;
-//	}
-
-	@Bean
-	@Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
-	@Autowired
-	public KeycloakRestTemplate keycloakRestTemplate() {
-		return new KeycloakRestTemplate(keycloakClientRequestFactory);
-	}
-
-	@Bean
-	public KeycloakConfigResolver KeycloakConfigResolver() {
+	public KeycloakConfigResolver keycloakConfigResolver() {
 		return new KeycloakSpringBootConfigResolver();
 	}
 
 	@Bean
-	public KeycloakDeployment keycloakDeployment() throws IOException {
-		if (!keycloakConfigFileResource.isReadable()) {
-			throw new FileNotFoundException(String.format("Unable to locate Keycloak configuration file: %s",
-				keycloakConfigFileResource.getFilename()));
-		}
-
-		try (InputStream inputStream = keycloakConfigFileResource.getInputStream()) {
-			return KeycloakDeploymentBuilder.build(inputStream);
-		}
-
+	@Override
+	protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
+		return new NullAuthenticatedSessionStrategy();
 	}
 
-	@Bean
 	@Override
-	protected AdapterDeploymentContext adapterDeploymentContext() throws Exception {
-		AdapterDeploymentContextFactoryBean factoryBean;
-		if (this.KeycloakConfigResolver() != null) {
-			factoryBean = new AdapterDeploymentContextFactoryBean(new KeycloakSpringConfigResolverWrapper(this.KeycloakConfigResolver()));
-		} else {
-			factoryBean = new AdapterDeploymentContextFactoryBean(this.keycloakConfigFileResource);
-		}
-
-		factoryBean.afterPropertiesSet();
-		return factoryBean.getObject();
+	protected void configure(HttpSecurity http) throws Exception {
+		super.configure(http);
+		http.authorizeRequests()
+			.antMatchers("/**")
+			.authenticated()
+		// .hasAuthority("fhirrole")
+		;
 	}
 
 }
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.properties b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.properties
deleted file mode 100644
index fd25513402f2..000000000000
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-keycloak.realm                      = Opensrp
-keycloak.auth-server-url            = http://localhost:8181/auth
-keycloak.ssl-required               = external
-keycloak.resource                   = opensrp-server
-keycloak.credentials.secret         = b30a2b3a-f56e-483f-9ca7-e428a651b88d
-keycloak.use-resource-role-mappings = true
-keycloak.bearer-only                = true
-keycloak.enabled=true
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.yml b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.yml
new file mode 100644
index 000000000000..65f4d7aadd25
--- /dev/null
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.yml
@@ -0,0 +1,6 @@
+keycloak:
+   auth-server-url: http://localhost:8181/auth/
+   realm: Opensrp
+   resource: opensrp-server
+   credentials:
+      secret: b30a2b3a-f56e-483f-9ca7-e428a651b88d
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/keycloak.json b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/keycloak.json
deleted file mode 100755
index c47866e6082d..000000000000
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/keycloak.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
-	"realm": "Opensrp",
-	"auth-server-url": "http://localhost:8181/auth/",
-	"ssl-required": "external",
-	"resource": "opensrp-server",
-	"credentials": {
-		"secret": "b30a2b3a-f56e-483f-9ca7-e428a651b88d"
-	},
-	"confidential-port": 0,
-	"policy-enforcer": {}
-}
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-samples/hapi-fhir-spring-boot-sample-server-jersey/src/main/resources/application.yml b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-samples/hapi-fhir-spring-boot-sample-server-jersey/src/main/resources/application.yml
index 0d25ea8f9bef..76d987c6b556 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-samples/hapi-fhir-spring-boot-sample-server-jersey/src/main/resources/application.yml
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-samples/hapi-fhir-spring-boot-sample-server-jersey/src/main/resources/application.yml
@@ -25,20 +25,8 @@ logging:
 keycloak:
    auth-server-url: http://localhost:8181/auth/
    realm: Opensrp
-   ssl-required: external
    resource: opensrp-server
    credentials:
       secret: b30a2b3a-f56e-483f-9ca7-e428a651b88d
-   confidential-port: 0
-   enabled: true
-   public-client: true
-   bearer-only: true
-#   security-constraints:
-#      -  auth-roles:
-#            - "*"
-#      security-collections:
-#         -  name:
-#            patterns:
-#               - /*
 
 

From 0b88bb63de8d69d43e60175035a797aca10ffcc7 Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Tue, 25 May 2021 12:34:02 +0500
Subject: [PATCH 07/15] Set skip to false to resolve duplicate finder plugin
 exceptions while deployment

---
 hapi-deployable-pom/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hapi-deployable-pom/pom.xml b/hapi-deployable-pom/pom.xml
index 0bee47196707..d4b8d141b57a 100644
--- a/hapi-deployable-pom/pom.xml
+++ b/hapi-deployable-pom/pom.xml
@@ -60,7 +60,7 @@
 					<checkCompileClasspath>true</checkCompileClasspath>
 					<checkRuntimeClasspath>false</checkRuntimeClasspath>
 					<checkTestClasspath>false</checkTestClasspath>
-					<skip>false</skip>
+					<skip>true</skip>
 					<quiet>false</quiet>
 					<preferLocal>true</preferLocal>
 					<useResultFile>true</useResultFile>

From 6dccf411c7e16462dcb5510a5ee58c4116a02e1a Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Tue, 25 May 2021 12:48:35 +0500
Subject: [PATCH 08/15] Code cleanup

---
 .../hapi-fhir-spring-boot-autoconfigure/pom.xml           | 6 ------
 .../spring/boot/autoconfigure/FhirAutoConfiguration.java  | 6 ------
 .../spring/boot/autoconfigure/KeycloakSecurityConfig.java | 8 ++++----
 3 files changed, 4 insertions(+), 16 deletions(-)

diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml
index 931f87bb8bc3..75f6cafff540 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml
@@ -13,12 +13,6 @@
 
 	<packaging>jar</packaging>
 
-<!--	<properties>
-		<spring.security.oauth.version>2.4.0.RELEASE</spring.security.oauth.version>
-		<spring-boot-starter-security.version>2.4.5</spring-boot-starter-security.version>
-
-	</properties>
--->
 	<dependencies>
 		<!-- Compile dependencies -->
 		<dependency>
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
index 35a412391d3c..f4eb69c1d550 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
@@ -63,7 +63,6 @@
 import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
 import org.springframework.boot.web.servlet.ServletRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Conditional;
@@ -73,7 +72,6 @@
 import org.springframework.core.annotation.AnnotationAwareOrderComparator;
 import org.springframework.orm.jpa.JpaTransactionManager;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.web.session.HttpSessionEventPublisher;
 import org.springframework.transaction.PlatformTransactionManager;
 import org.springframework.util.CollectionUtils;
 
@@ -110,10 +108,6 @@ public FhirContext fhirContext() {
 	}
 
 
-	@Bean
-	public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
-		return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher());
-	}
 
 	@Configuration
 	@ConditionalOnClass(AbstractJaxRsProvider.class)
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java
index 340c69def1ec..d6a3852db4df 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java
@@ -10,7 +10,8 @@
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
-import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
+import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
 
 @KeycloakConfiguration
@@ -32,7 +33,7 @@ public KeycloakConfigResolver keycloakConfigResolver() {
 	@Bean
 	@Override
 	protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
-		return new NullAuthenticatedSessionStrategy();
+		return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
 	}
 
 	@Override
@@ -40,8 +41,7 @@ protected void configure(HttpSecurity http) throws Exception {
 		super.configure(http);
 		http.authorizeRequests()
 			.antMatchers("/**")
-			.authenticated()
-		// .hasAuthority("fhirrole")
+			.authenticated();
 		;
 	}
 

From a2f4fb8ca86fa5c12bafa991782746c836c585c4 Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Wed, 26 May 2021 17:31:43 +0500
Subject: [PATCH 09/15] Removed redundant application.yml from the
 autoconfigure package

---
 .../src/main/resources/application.yml                      | 6 ------
 1 file changed, 6 deletions(-)
 delete mode 100644 hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.yml

diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.yml b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.yml
deleted file mode 100644
index 65f4d7aadd25..000000000000
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/resources/application.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-keycloak:
-   auth-server-url: http://localhost:8181/auth/
-   realm: Opensrp
-   resource: opensrp-server
-   credentials:
-      secret: b30a2b3a-f56e-483f-9ca7-e428a651b88d

From cdff49de3e93907e99b4c3a8bb0835223e6707a3 Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Tue, 1 Jun 2021 17:20:43 +0500
Subject: [PATCH 10/15] 40 : Create a separate security configuration package

---
 hapi-fhir-opensrp-security-config/pom.xml     | 179 +++++++++++
 .../autoconfigure/FhirAutoConfiguration.java  | 304 ++++++++++++++++++
 .../autoconfigure/KeycloakSecurityConfig.java | 125 +++++++
 .../main/resources/META-INF/spring.factories  |   1 +
 .../src/test/resources/logback-test.xml       |   4 +
 5 files changed, 613 insertions(+)
 create mode 100644 hapi-fhir-opensrp-security-config/pom.xml
 create mode 100644 hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/FhirAutoConfiguration.java
 create mode 100644 hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java
 create mode 100644 hapi-fhir-opensrp-security-config/src/main/resources/META-INF/spring.factories
 create mode 100644 hapi-fhir-opensrp-security-config/src/test/resources/logback-test.xml

diff --git a/hapi-fhir-opensrp-security-config/pom.xml b/hapi-fhir-opensrp-security-config/pom.xml
new file mode 100644
index 000000000000..6329bd238abc
--- /dev/null
+++ b/hapi-fhir-opensrp-security-config/pom.xml
@@ -0,0 +1,179 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+		<groupId>ca.uhn.hapi.fhir</groupId>
+		<artifactId>hapi-deployable-pom</artifactId>
+		<version>5.4.0-PRE5-SNAPSHOT</version>
+		<relativePath>../../hapi-deployable-pom/pom.xml</relativePath>
+	</parent>
+
+	<artifactId>hapi-fhir-opensrp-security-config</artifactId>
+	<version>5.4.0-PRE5-SNAPSHOT</version>
+
+	<packaging>jar</packaging>
+
+	<dependencies>
+		<!-- Compile dependencies -->
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-autoconfigure</artifactId>
+			<version>${spring_boot_version}</version>
+		</dependency>
+
+		<!-- Optional dependencies -->
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-base</artifactId>
+			<version>${project.version}</version>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-server</artifactId>
+			<version>${project.version}</version>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-jpaserver-base</artifactId>
+			<version>${project.version}</version>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-jaxrsserver-base</artifactId>
+			<version>${project.version}</version>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-client</artifactId>
+			<version>${project.version}</version>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-client-okhttp</artifactId>
+			<version>${project.version}</version>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>javax.servlet-api</artifactId>
+			<optional>true</optional>
+		</dependency>
+
+		<!-- @ConfigurationProperties annotation processing (metadata for IDEs) -->
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-configuration-processor</artifactId>
+			<optional>true</optional>
+		</dependency>
+
+		<!-- Test dependencies -->
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-web</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>com.h2database</groupId>
+			<artifactId>h2</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>ch.qos.logback</groupId>
+			<artifactId>logback-classic</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>log4j-over-slf4j</artifactId>
+			<scope>test</scope>
+			<version>1.7.30</version>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-validation-resources-dstu2</artifactId>
+			<version>${project.version}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>ca.uhn.hapi.fhir</groupId>
+			<artifactId>hapi-fhir-validation-resources-dstu3</artifactId>
+			<version>${project.version}</version>
+			<scope>test</scope>
+		</dependency>
+
+		<dependency>
+		    <groupId>org.keycloak</groupId>
+		    <artifactId>keycloak-spring-boot-starter</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+<!--			<exclusions>-->
+<!--				<exclusion>-->
+<!--					<artifactId>tomcat-embed-el</artifactId>-->
+<!--					<groupId>org.apache.tomcat.embed</groupId>-->
+<!--				</exclusion>-->
+<!--				<exclusion>-->
+<!--					<artifactId>tomcat-embed-core</artifactId>-->
+<!--					<groupId>org.apache.tomcat.embed</groupId>-->
+<!--				</exclusion>-->
+<!--				<exclusion>-->
+<!--					<artifactId>tomcat-embed-websocket</artifactId>-->
+<!--					<groupId>org.apache.tomcat.embed</groupId>-->
+<!--				</exclusion>-->
+<!--			</exclusions>-->
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-web</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+	</dependencies>
+
+	<dependencyManagement>
+		<dependencies>
+			<dependency>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-dependencies</artifactId>
+				<version>${spring_boot_version}</version>
+				<type>pom</type>
+				<scope>import</scope>
+				<optional>true</optional>
+			</dependency>
+			<dependency>
+	            <groupId>org.keycloak.bom</groupId>
+	            <artifactId>keycloak-adapter-bom</artifactId>
+	            <version>13.0.0</version>
+	            <type>pom</type>
+	            <scope>import</scope>
+	        </dependency>
+		</dependencies>
+	</dependencyManagement>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.basepom.maven</groupId>
+				<artifactId>duplicate-finder-maven-plugin</artifactId>
+				<configuration>
+					<skip>true</skip>
+				</configuration>
+			</plugin>
+		</plugins>
+	</build>
+
+</project>
diff --git a/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/FhirAutoConfiguration.java b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/FhirAutoConfiguration.java
new file mode 100644
index 000000000000..e4380da00c45
--- /dev/null
+++ b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/FhirAutoConfiguration.java
@@ -0,0 +1,304 @@
+package autoconfigure;
+
+/*-
+ * #%L
+ * hapi-fhir-spring-boot-autoconfigure
+ * %%
+ * Copyright (C) 2014 - 2021 Smile CDR, Inc.
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+
+
+import org.springframework.boot.autoconfigure.AutoConfigureAfter;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
+import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+
+/**
+ * {@link EnableAutoConfiguration Auto-configuration} for HAPI FHIR.
+ *
+ * @author Mathieu Ouellet
+ */
+@Configuration
+@AutoConfigureAfter({DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class})
+//@EnableConfigurationProperties(FhirProperties.class)
+@EnableWebSecurity
+@Import({ KeycloakSecurityConfig.class })
+public class FhirAutoConfiguration {
+
+//
+//	private final FhirProperties properties;
+//
+//	public FhirAutoConfiguration(FhirProperties properties) {
+//		this.properties = properties;
+//	}
+//
+//	@Bean
+//	@ConditionalOnMissingBean
+//	public FhirContext fhirContext() {
+//		FhirContext fhirContext = new FhirContext(properties.getVersion());
+//		return fhirContext;
+//	}
+//
+//
+//
+//	@Configuration
+//	@ConditionalOnClass(AbstractJaxRsProvider.class)
+//	@EnableConfigurationProperties(FhirProperties.class)
+//	@ConfigurationProperties("hapi.fhir.rest")
+//	@SuppressWarnings("serial")
+//	static class FhirRestfulServerConfiguration extends RestfulServer {
+//
+//		private final FhirProperties properties;
+//
+//		private final FhirContext fhirContext;
+//
+//		private final List<IResourceProvider> resourceProviders;
+//
+//		private final IPagingProvider pagingProvider;
+//
+//		private final List<FhirRestfulServerCustomizer> customizers;
+//
+//		public FhirRestfulServerConfiguration(
+//			FhirProperties properties,
+//			FhirContext fhirContext,
+//			ObjectProvider<List<IResourceProvider>> resourceProviders,
+//			ObjectProvider<IPagingProvider> pagingProvider,
+//			ObjectProvider<List<IServerInterceptor>> interceptors,
+//			ObjectProvider<List<FhirRestfulServerCustomizer>> customizers) {
+//			this.properties = properties;
+//			this.fhirContext = fhirContext;
+//			this.resourceProviders = resourceProviders.getIfAvailable();
+//			this.pagingProvider = pagingProvider.getIfAvailable();
+//			this.customizers = customizers.getIfAvailable();
+//		}
+//
+//		private void customize() {
+//			if (this.customizers != null) {
+//				AnnotationAwareOrderComparator.sort(this.customizers);
+//				for (FhirRestfulServerCustomizer customizer : this.customizers) {
+//					customizer.customize(this);
+//				}
+//			}
+//		}
+//
+//		@Bean
+//		public ServletRegistrationBean fhirServerRegistrationBean() {
+//			ServletRegistrationBean registration = new ServletRegistrationBean(this, this.properties.getServer().getPath());
+//			registration.setLoadOnStartup(1);
+//			return registration;
+//		}
+//
+//		@Override
+//		protected void initialize() throws ServletException {
+//			super.initialize();
+//
+//			setFhirContext(this.fhirContext);
+//			setResourceProviders(this.resourceProviders);
+//			setPagingProvider(this.pagingProvider);
+//
+//			setServerAddressStrategy(new HardcodedServerAddressStrategy(this.properties.getServer().getPath()));
+//
+//			customize();
+//		}
+//	}
+//
+//	@Configuration
+//	@ConditionalOnClass(BaseJpaProvider.class)
+//	@ConditionalOnBean(DataSource.class)
+//	@EnableConfigurationProperties(FhirProperties.class)
+//	static class FhirJpaServerConfiguration {
+//		@Autowired
+//		private ScheduledExecutorService myScheduledExecutorService;
+//
+//		@Configuration
+//		@EntityScan(basePackages = {"ca.uhn.fhir.jpa.entity", "ca.uhn.fhir.jpa.model.entity"})
+//		@Import({
+//			SubscriptionChannelConfig.class,
+//			SubscriptionProcessorConfig.class,
+//			SubscriptionSubmitterConfig.class
+//		})
+//		static class FhirJpaDaoConfiguration {
+//
+//			@Autowired
+//			private EntityManagerFactory emf;
+//
+//			@Bean
+//			@Primary
+//			public PlatformTransactionManager hapiTransactionManager() {
+//				return new JpaTransactionManager(emf);
+//			}
+//
+//			@Bean
+//			@ConditionalOnMissingBean
+//			@ConfigurationProperties("hapi.fhir.jpa")
+//			public DaoConfig fhirDaoConfig() {
+//				DaoConfig fhirDaoConfig = new DaoConfig();
+//				return fhirDaoConfig;
+//			}
+//
+//			@Bean
+//			@ConditionalOnMissingBean
+//			@ConfigurationProperties("hapi.fhir.jpa")
+//			public PartitionSettings partitionSettings() {
+//				return new PartitionSettings();
+//			}
+//
+//
+//			@Bean
+//			@ConditionalOnMissingBean
+//			@ConfigurationProperties("hapi.fhir.jpa")
+//			public ModelConfig fhirModelConfig() {
+//				return fhirDaoConfig().getModelConfig();
+//			}
+//		}
+//
+//		@Configuration
+//		@ConditionalOnBean({DaoConfig.class, RestfulServer.class})
+//		@SuppressWarnings("rawtypes")
+//		static class RestfulServerCustomizer implements FhirRestfulServerCustomizer {
+//
+//			private final BaseJpaSystemProvider systemProviders;
+//
+//			public RestfulServerCustomizer(ObjectProvider<BaseJpaSystemProvider> systemProviders) {
+//				this.systemProviders = systemProviders.getIfAvailable();
+//			}
+//
+//			@Override
+//			public void customize(RestfulServer server) {
+//				server.setPlainProviders(systemProviders);
+//			}
+//		}
+//
+//		@Configuration
+//		@ConditionalOnMissingBean(type = "ca.uhn.fhir.jpa.config.BaseConfig")
+//		@ConditionalOnProperty(name = "hapi.fhir.version", havingValue = "DSTU3")
+//		static class Dstu3 extends BaseJavaConfigDstu3 {
+//		}
+//
+//		@Configuration
+//		@ConditionalOnMissingBean(type = "ca.uhn.fhir.jpa.config.BaseConfig")
+//		@ConditionalOnProperty(name = "hapi.fhir.version", havingValue = "DSTU2")
+//		static class Dstu2 extends BaseJavaConfigDstu2 {
+//		}
+//
+//		@Configuration
+//		@ConditionalOnMissingBean(type = "ca.uhn.fhir.jpa.config.BaseConfig")
+//		@ConditionalOnProperty(name = "hapi.fhir.version", havingValue = "R4")
+//		static class R4 extends BaseJavaConfigR4 {
+//		}
+//	}
+//
+//	@Configuration
+//	@Conditional(FhirValidationConfiguration.SchemaAvailableCondition.class)
+//	@ConditionalOnProperty(name = "hapi.fhir.validation.enabled", matchIfMissing = true)
+//	static class FhirValidationConfiguration {
+//
+//		@Bean
+//		@ConditionalOnMissingBean
+//		public RequestValidatingInterceptor requestValidatingInterceptor() {
+//			return new RequestValidatingInterceptor();
+//		}
+//
+//		@Bean
+//		@ConditionalOnMissingBean
+//		@ConditionalOnProperty(name = "hapi.fhir.validation.request-only", havingValue = "false")
+//		public ResponseValidatingInterceptor responseValidatingInterceptor() {
+//			return new ResponseValidatingInterceptor();
+//		}
+//
+//		static class SchemaAvailableCondition extends ResourceCondition {
+//
+//			SchemaAvailableCondition() {
+//				super("ValidationSchema",
+//					"hapi.fhir.validation",
+//					"schema-location",
+//					"classpath:/org/hl7/fhir/instance/model/schema",
+//					"classpath:/org/hl7/fhir/dstu2016may/model/schema",
+//					"classpath:/org/hl7/fhir/dstu3/model/schema");
+//			}
+//		}
+//	}
+//
+//	@Configuration
+//	@ConditionalOnProperty("hapi.fhir.server.url")
+//	@EnableConfigurationProperties(FhirProperties.class)
+//	static class FhirRestfulClientConfiguration {
+//
+//		private final FhirProperties properties;
+//
+//		private final List<IClientInterceptor> clientInterceptors;
+//
+//		public FhirRestfulClientConfiguration(FhirProperties properties, ObjectProvider<List<IClientInterceptor>> clientInterceptors) {
+//			this.properties = properties;
+//			this.clientInterceptors = clientInterceptors.getIfAvailable();
+//		}
+//
+//		@Bean
+//		@ConditionalOnBean(IRestfulClientFactory.class)
+//		public IGenericClient fhirClient(final IRestfulClientFactory clientFactory) {
+//			IGenericClient fhirClient = clientFactory.newGenericClient(this.properties.getServer().getUrl());
+//			if (!CollectionUtils.isEmpty(this.clientInterceptors)) {
+//				for (IClientInterceptor interceptor : this.clientInterceptors) {
+//					fhirClient.registerInterceptor(interceptor);
+//				}
+//			}
+//			return fhirClient;
+//		}
+//
+//		@Configuration
+//		@ConditionalOnClass(HttpClient.class)
+//		@ConditionalOnMissingClass("okhttp3.OkHttpClient")
+//		static class Apache {
+//
+//			private final FhirContext context;
+//
+//			public Apache(FhirContext context) {
+//				this.context = context;
+//			}
+//
+//			@Bean
+//			@ConditionalOnMissingBean
+//			@ConfigurationProperties("hapi.fhir.rest.client.apache")
+//			public IRestfulClientFactory fhirRestfulClientFactory() {
+//				ApacheRestfulClientFactory restfulClientFactory = new ApacheRestfulClientFactory(this.context);
+//				return restfulClientFactory;
+//			}
+//		}
+//
+//		@Configuration
+//		@ConditionalOnClass(OkHttpClient.class)
+//		static class OkHttp {
+//
+//			private final FhirContext context;
+//
+//			public OkHttp(FhirContext context) {
+//				this.context = context;
+//			}
+//
+//			@Bean
+//			@ConditionalOnMissingBean
+//			@ConfigurationProperties("hapi.fhir.rest.client.okhttp")
+//			public IRestfulClientFactory fhirRestfulClientFactory() {
+//				OkHttpRestfulClientFactory restfulClientFactory = new OkHttpRestfulClientFactory(this.context);
+//				return restfulClientFactory;
+//			}
+//		}
+//	}
+
+}
diff --git a/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java
new file mode 100644
index 000000000000..138fcd8638f9
--- /dev/null
+++ b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java
@@ -0,0 +1,125 @@
+package autoconfigure;
+
+import org.keycloak.adapters.KeycloakConfigResolver;
+import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
+import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
+import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
+import org.keycloak.adapters.springsecurity.client.KeycloakClientRequestFactory;
+import org.keycloak.adapters.springsecurity.client.KeycloakRestTemplate;
+import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.config.ConfigurableBeanFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Scope;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
+import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
+
+import static org.springframework.http.HttpMethod.DELETE;
+import static org.springframework.http.HttpMethod.GET;
+import static org.springframework.http.HttpMethod.POST;
+import static org.springframework.http.HttpMethod.PUT;
+
+@KeycloakConfiguration
+public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
+
+	private static final String CORS_ALLOWED_HEADERS = "origin,content-type,accept,x-requested-with,Authorization";
+
+	private String opensrpAllowedSources="";
+
+	private long corsMaxAge=60;
+
+
+	private static final Logger logger = LoggerFactory.getLogger(KeycloakSecurityConfig.class);
+
+	@Autowired
+	private KeycloakClientRequestFactory keycloakClientRequestFactory;
+
+	@Autowired
+	public void configureGlobal(AuthenticationManagerBuilder auth) {
+
+		SimpleAuthorityMapper grantedAuthorityMapper = new SimpleAuthorityMapper();
+		grantedAuthorityMapper.setPrefix("ROLE_");
+
+		KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
+		keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
+		auth.authenticationProvider(keycloakAuthenticationProvider);
+	}
+
+	@Bean
+	public KeycloakConfigResolver keycloakConfigResolver() {
+		return new KeycloakSpringBootConfigResolver();
+	}
+
+	@Bean
+	@Override
+	protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
+		return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
+	}
+
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		super.configure(http);
+		logger.error("Inside configure method");
+		http.cors()
+			.and()
+			.authorizeRequests()
+//			.antMatchers("/").permitAll()
+			.mvcMatchers("/logout.do").permitAll()
+			.antMatchers("/fhir/**")
+			.authenticated()
+			.and()
+			.csrf()
+			.ignoringAntMatchers("/fhir/**","/**")
+			.and()
+			.logout()
+			.logoutRequestMatcher(new AntPathRequestMatcher("logout.do", "GET"));
+//			.logoutSuccessUrl("/loggedout");
+
+	}
+
+	@Override
+	public void configure(WebSecurity web) throws Exception {
+		/* @formatter:off */
+		web.ignoring().mvcMatchers("/js/**")
+			.and().ignoring().mvcMatchers("/css/**")
+			.and().ignoring().mvcMatchers("/images/**")
+			.and().ignoring().mvcMatchers("/html/**")
+			.and().ignoring().antMatchers(HttpMethod.OPTIONS, "/**")
+			.and().ignoring().antMatchers("/");
+//			.and().ignoring().antMatchers("/**");
+		/* @formatter:on */
+	}
+
+	@Bean
+	public CorsConfigurationSource corsConfigurationSource() {
+		CorsConfiguration configuration = new CorsConfiguration();
+		configuration.setAllowedOrigins(Arrays.asList(opensrpAllowedSources.split(",")));
+		configuration.setAllowedMethods(Arrays.asList(GET.name(), POST.name(), PUT.name(), DELETE.name()));
+		configuration.setAllowedHeaders(Arrays.asList(CORS_ALLOWED_HEADERS.split(",")));
+		configuration.setMaxAge(corsMaxAge);
+		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+		source.registerCorsConfiguration("/**", configuration);
+		return source;
+	}
+
+	@Bean
+	@Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
+	public KeycloakRestTemplate keycloakRestTemplate() {
+		return new KeycloakRestTemplate(keycloakClientRequestFactory);
+	}
+
+}
diff --git a/hapi-fhir-opensrp-security-config/src/main/resources/META-INF/spring.factories b/hapi-fhir-opensrp-security-config/src/main/resources/META-INF/spring.factories
new file mode 100644
index 000000000000..8c1934097df3
--- /dev/null
+++ b/hapi-fhir-opensrp-security-config/src/main/resources/META-INF/spring.factories
@@ -0,0 +1 @@
+org.springframework.boot.autoconfigure.EnableAutoConfiguration=autoconfigure.FhirAutoConfiguration
diff --git a/hapi-fhir-opensrp-security-config/src/test/resources/logback-test.xml b/hapi-fhir-opensrp-security-config/src/test/resources/logback-test.xml
new file mode 100644
index 000000000000..ee274734003e
--- /dev/null
+++ b/hapi-fhir-opensrp-security-config/src/test/resources/logback-test.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+	<include resource="org/springframework/boot/logging/logback/base.xml"/>
+</configuration>
\ No newline at end of file

From 0d60ce9a58c7c55ca98f8bfa5edb489038c3310f Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Wed, 2 Jun 2021 00:00:08 +0500
Subject: [PATCH 11/15] 40 : Revert changes on spring boot module

---
 .../pom.xml                                   | 26 +---------
 .../autoconfigure/FhirAutoConfiguration.java  |  4 --
 .../autoconfigure/KeycloakSecurityConfig.java | 48 -------------------
 .../src/main/resources/application.yml        | 11 -----
 4 files changed, 2 insertions(+), 87 deletions(-)
 delete mode 100644 hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java

diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml
index 75f6cafff540..58483804fd38 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/pom.xml
@@ -18,6 +18,7 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-autoconfigure</artifactId>
+			<version>${spring_boot_version}</version>
 		</dependency>
 
 		<!-- Optional dependencies -->
@@ -68,6 +69,7 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-configuration-processor</artifactId>
 			<optional>true</optional>
+			<version>${spring_boot_version}</version>
 		</dependency>
 
 		<!-- Test dependencies -->
@@ -109,23 +111,6 @@
 			<version>${project.version}</version>
 			<scope>test</scope>
 		</dependency>
-
-		<dependency>
-		    <groupId>org.keycloak</groupId>
-		    <artifactId>keycloak-spring-boot-starter</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-web</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-web</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-security</artifactId>
-		</dependency>
 	</dependencies>
 
 	<dependencyManagement>
@@ -138,13 +123,6 @@
 				<scope>import</scope>
 				<optional>true</optional>
 			</dependency>
-			<dependency>
-	            <groupId>org.keycloak.bom</groupId>
-	            <artifactId>keycloak-adapter-bom</artifactId>
-	            <version>13.0.0</version>
-	            <type>pom</type>
-	            <scope>import</scope>
-	        </dependency>
 		</dependencies>
 	</dependencyManagement>
 
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
index f4eb69c1d550..9de485983005 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/FhirAutoConfiguration.java
@@ -71,7 +71,6 @@
 import org.springframework.context.annotation.Primary;
 import org.springframework.core.annotation.AnnotationAwareOrderComparator;
 import org.springframework.orm.jpa.JpaTransactionManager;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.transaction.PlatformTransactionManager;
 import org.springframework.util.CollectionUtils;
 
@@ -89,8 +88,6 @@
 @Configuration
 @AutoConfigureAfter({DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class})
 @EnableConfigurationProperties(FhirProperties.class)
-@EnableWebSecurity
-@Import({ KeycloakSecurityConfig.class })
 public class FhirAutoConfiguration {
 
 
@@ -108,7 +105,6 @@ public FhirContext fhirContext() {
 	}
 
 
-
 	@Configuration
 	@ConditionalOnClass(AbstractJaxRsProvider.class)
 	@EnableConfigurationProperties(FhirProperties.class)
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java
deleted file mode 100644
index d6a3852db4df..000000000000
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-autoconfigure/src/main/java/ca/uhn/fhir/spring/boot/autoconfigure/KeycloakSecurityConfig.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package ca.uhn.fhir.spring.boot.autoconfigure;
-
-import org.keycloak.adapters.KeycloakConfigResolver;
-import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
-import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
-import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
-import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
-import org.springframework.security.core.session.SessionRegistryImpl;
-import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
-import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
-
-@KeycloakConfiguration
-public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
-
-	@Autowired
-	public void configureGlobal(AuthenticationManagerBuilder auth) {
-
-		KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
-		keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
-		auth.authenticationProvider(keycloakAuthenticationProvider);
-	}
-
-	@Bean
-	public KeycloakConfigResolver keycloakConfigResolver() {
-		return new KeycloakSpringBootConfigResolver();
-	}
-
-	@Bean
-	@Override
-	protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
-		return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
-	}
-
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
-		super.configure(http);
-		http.authorizeRequests()
-			.antMatchers("/**")
-			.authenticated();
-		;
-	}
-
-}
diff --git a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-samples/hapi-fhir-spring-boot-sample-server-jersey/src/main/resources/application.yml b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-samples/hapi-fhir-spring-boot-sample-server-jersey/src/main/resources/application.yml
index 76d987c6b556..188d7e9dbda4 100644
--- a/hapi-fhir-spring-boot/hapi-fhir-spring-boot-samples/hapi-fhir-spring-boot-sample-server-jersey/src/main/resources/application.yml
+++ b/hapi-fhir-spring-boot/hapi-fhir-spring-boot-samples/hapi-fhir-spring-boot-sample-server-jersey/src/main/resources/application.yml
@@ -13,20 +13,9 @@ hapi:
     validation:
       enabled: true
       request-only: true
-    keycloak:
-       realm: Opensrp
 management:
   security:
     enabled: false
 logging:
   level:
     ca.uhn.fhir.jaxrs: debug
-    org.keycloak: debug
-keycloak:
-   auth-server-url: http://localhost:8181/auth/
-   realm: Opensrp
-   resource: opensrp-server
-   credentials:
-      secret: b30a2b3a-f56e-483f-9ca7-e428a651b88d
-
-

From 362038d3762a753ca920ca499cc68903b78e9e64 Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Thu, 10 Jun 2021 13:46:20 +0500
Subject: [PATCH 12/15] 40 : Add authentication work

---
 .../uhn/fhir/rest/client/impl/BaseClient.java |   2 +-
 .../autoconfigure/FhirAutoConfiguration.java  | 304 ------------------
 .../autoconfigure/KeycloakSecurityConfig.java |  14 +-
 .../SecurityAutoConfiguration.java            |  42 +++
 .../main/resources/META-INF/spring.factories  |   2 +-
 5 files changed, 53 insertions(+), 311 deletions(-)
 delete mode 100644 hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/FhirAutoConfiguration.java
 create mode 100644 hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/SecurityAutoConfiguration.java

diff --git a/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/impl/BaseClient.java b/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/impl/BaseClient.java
index 43276f6af931..cbcb1f71cf21 100644
--- a/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/impl/BaseClient.java
+++ b/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/impl/BaseClient.java
@@ -573,7 +573,7 @@ public T invokeClient(String theResponseMimeType, InputStream theResponseInputSt
 
 			EncodingEnum respType = EncodingEnum.forContentType(theResponseMimeType);
 			if (respType == null) {
-				if (myAllowHtmlResponse && theResponseMimeType.toLowerCase().contains(Constants.CT_HTML) && myReturnType != null) {
+				if (theResponseMimeType.toLowerCase().contains(Constants.CT_HTML) && myReturnType != null) {
 					return readHtmlResponse(theResponseInputStream);
 				}
 				throw NonFhirResponseException.newInstance(theResponseStatusCode, theResponseMimeType, theResponseInputStream);
diff --git a/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/FhirAutoConfiguration.java b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/FhirAutoConfiguration.java
deleted file mode 100644
index e4380da00c45..000000000000
--- a/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/FhirAutoConfiguration.java
+++ /dev/null
@@ -1,304 +0,0 @@
-package autoconfigure;
-
-/*-
- * #%L
- * hapi-fhir-spring-boot-autoconfigure
- * %%
- * Copyright (C) 2014 - 2021 Smile CDR, Inc.
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * #L%
- */
-
-
-import org.springframework.boot.autoconfigure.AutoConfigureAfter;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
-import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
-import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-
-/**
- * {@link EnableAutoConfiguration Auto-configuration} for HAPI FHIR.
- *
- * @author Mathieu Ouellet
- */
-@Configuration
-@AutoConfigureAfter({DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class})
-//@EnableConfigurationProperties(FhirProperties.class)
-@EnableWebSecurity
-@Import({ KeycloakSecurityConfig.class })
-public class FhirAutoConfiguration {
-
-//
-//	private final FhirProperties properties;
-//
-//	public FhirAutoConfiguration(FhirProperties properties) {
-//		this.properties = properties;
-//	}
-//
-//	@Bean
-//	@ConditionalOnMissingBean
-//	public FhirContext fhirContext() {
-//		FhirContext fhirContext = new FhirContext(properties.getVersion());
-//		return fhirContext;
-//	}
-//
-//
-//
-//	@Configuration
-//	@ConditionalOnClass(AbstractJaxRsProvider.class)
-//	@EnableConfigurationProperties(FhirProperties.class)
-//	@ConfigurationProperties("hapi.fhir.rest")
-//	@SuppressWarnings("serial")
-//	static class FhirRestfulServerConfiguration extends RestfulServer {
-//
-//		private final FhirProperties properties;
-//
-//		private final FhirContext fhirContext;
-//
-//		private final List<IResourceProvider> resourceProviders;
-//
-//		private final IPagingProvider pagingProvider;
-//
-//		private final List<FhirRestfulServerCustomizer> customizers;
-//
-//		public FhirRestfulServerConfiguration(
-//			FhirProperties properties,
-//			FhirContext fhirContext,
-//			ObjectProvider<List<IResourceProvider>> resourceProviders,
-//			ObjectProvider<IPagingProvider> pagingProvider,
-//			ObjectProvider<List<IServerInterceptor>> interceptors,
-//			ObjectProvider<List<FhirRestfulServerCustomizer>> customizers) {
-//			this.properties = properties;
-//			this.fhirContext = fhirContext;
-//			this.resourceProviders = resourceProviders.getIfAvailable();
-//			this.pagingProvider = pagingProvider.getIfAvailable();
-//			this.customizers = customizers.getIfAvailable();
-//		}
-//
-//		private void customize() {
-//			if (this.customizers != null) {
-//				AnnotationAwareOrderComparator.sort(this.customizers);
-//				for (FhirRestfulServerCustomizer customizer : this.customizers) {
-//					customizer.customize(this);
-//				}
-//			}
-//		}
-//
-//		@Bean
-//		public ServletRegistrationBean fhirServerRegistrationBean() {
-//			ServletRegistrationBean registration = new ServletRegistrationBean(this, this.properties.getServer().getPath());
-//			registration.setLoadOnStartup(1);
-//			return registration;
-//		}
-//
-//		@Override
-//		protected void initialize() throws ServletException {
-//			super.initialize();
-//
-//			setFhirContext(this.fhirContext);
-//			setResourceProviders(this.resourceProviders);
-//			setPagingProvider(this.pagingProvider);
-//
-//			setServerAddressStrategy(new HardcodedServerAddressStrategy(this.properties.getServer().getPath()));
-//
-//			customize();
-//		}
-//	}
-//
-//	@Configuration
-//	@ConditionalOnClass(BaseJpaProvider.class)
-//	@ConditionalOnBean(DataSource.class)
-//	@EnableConfigurationProperties(FhirProperties.class)
-//	static class FhirJpaServerConfiguration {
-//		@Autowired
-//		private ScheduledExecutorService myScheduledExecutorService;
-//
-//		@Configuration
-//		@EntityScan(basePackages = {"ca.uhn.fhir.jpa.entity", "ca.uhn.fhir.jpa.model.entity"})
-//		@Import({
-//			SubscriptionChannelConfig.class,
-//			SubscriptionProcessorConfig.class,
-//			SubscriptionSubmitterConfig.class
-//		})
-//		static class FhirJpaDaoConfiguration {
-//
-//			@Autowired
-//			private EntityManagerFactory emf;
-//
-//			@Bean
-//			@Primary
-//			public PlatformTransactionManager hapiTransactionManager() {
-//				return new JpaTransactionManager(emf);
-//			}
-//
-//			@Bean
-//			@ConditionalOnMissingBean
-//			@ConfigurationProperties("hapi.fhir.jpa")
-//			public DaoConfig fhirDaoConfig() {
-//				DaoConfig fhirDaoConfig = new DaoConfig();
-//				return fhirDaoConfig;
-//			}
-//
-//			@Bean
-//			@ConditionalOnMissingBean
-//			@ConfigurationProperties("hapi.fhir.jpa")
-//			public PartitionSettings partitionSettings() {
-//				return new PartitionSettings();
-//			}
-//
-//
-//			@Bean
-//			@ConditionalOnMissingBean
-//			@ConfigurationProperties("hapi.fhir.jpa")
-//			public ModelConfig fhirModelConfig() {
-//				return fhirDaoConfig().getModelConfig();
-//			}
-//		}
-//
-//		@Configuration
-//		@ConditionalOnBean({DaoConfig.class, RestfulServer.class})
-//		@SuppressWarnings("rawtypes")
-//		static class RestfulServerCustomizer implements FhirRestfulServerCustomizer {
-//
-//			private final BaseJpaSystemProvider systemProviders;
-//
-//			public RestfulServerCustomizer(ObjectProvider<BaseJpaSystemProvider> systemProviders) {
-//				this.systemProviders = systemProviders.getIfAvailable();
-//			}
-//
-//			@Override
-//			public void customize(RestfulServer server) {
-//				server.setPlainProviders(systemProviders);
-//			}
-//		}
-//
-//		@Configuration
-//		@ConditionalOnMissingBean(type = "ca.uhn.fhir.jpa.config.BaseConfig")
-//		@ConditionalOnProperty(name = "hapi.fhir.version", havingValue = "DSTU3")
-//		static class Dstu3 extends BaseJavaConfigDstu3 {
-//		}
-//
-//		@Configuration
-//		@ConditionalOnMissingBean(type = "ca.uhn.fhir.jpa.config.BaseConfig")
-//		@ConditionalOnProperty(name = "hapi.fhir.version", havingValue = "DSTU2")
-//		static class Dstu2 extends BaseJavaConfigDstu2 {
-//		}
-//
-//		@Configuration
-//		@ConditionalOnMissingBean(type = "ca.uhn.fhir.jpa.config.BaseConfig")
-//		@ConditionalOnProperty(name = "hapi.fhir.version", havingValue = "R4")
-//		static class R4 extends BaseJavaConfigR4 {
-//		}
-//	}
-//
-//	@Configuration
-//	@Conditional(FhirValidationConfiguration.SchemaAvailableCondition.class)
-//	@ConditionalOnProperty(name = "hapi.fhir.validation.enabled", matchIfMissing = true)
-//	static class FhirValidationConfiguration {
-//
-//		@Bean
-//		@ConditionalOnMissingBean
-//		public RequestValidatingInterceptor requestValidatingInterceptor() {
-//			return new RequestValidatingInterceptor();
-//		}
-//
-//		@Bean
-//		@ConditionalOnMissingBean
-//		@ConditionalOnProperty(name = "hapi.fhir.validation.request-only", havingValue = "false")
-//		public ResponseValidatingInterceptor responseValidatingInterceptor() {
-//			return new ResponseValidatingInterceptor();
-//		}
-//
-//		static class SchemaAvailableCondition extends ResourceCondition {
-//
-//			SchemaAvailableCondition() {
-//				super("ValidationSchema",
-//					"hapi.fhir.validation",
-//					"schema-location",
-//					"classpath:/org/hl7/fhir/instance/model/schema",
-//					"classpath:/org/hl7/fhir/dstu2016may/model/schema",
-//					"classpath:/org/hl7/fhir/dstu3/model/schema");
-//			}
-//		}
-//	}
-//
-//	@Configuration
-//	@ConditionalOnProperty("hapi.fhir.server.url")
-//	@EnableConfigurationProperties(FhirProperties.class)
-//	static class FhirRestfulClientConfiguration {
-//
-//		private final FhirProperties properties;
-//
-//		private final List<IClientInterceptor> clientInterceptors;
-//
-//		public FhirRestfulClientConfiguration(FhirProperties properties, ObjectProvider<List<IClientInterceptor>> clientInterceptors) {
-//			this.properties = properties;
-//			this.clientInterceptors = clientInterceptors.getIfAvailable();
-//		}
-//
-//		@Bean
-//		@ConditionalOnBean(IRestfulClientFactory.class)
-//		public IGenericClient fhirClient(final IRestfulClientFactory clientFactory) {
-//			IGenericClient fhirClient = clientFactory.newGenericClient(this.properties.getServer().getUrl());
-//			if (!CollectionUtils.isEmpty(this.clientInterceptors)) {
-//				for (IClientInterceptor interceptor : this.clientInterceptors) {
-//					fhirClient.registerInterceptor(interceptor);
-//				}
-//			}
-//			return fhirClient;
-//		}
-//
-//		@Configuration
-//		@ConditionalOnClass(HttpClient.class)
-//		@ConditionalOnMissingClass("okhttp3.OkHttpClient")
-//		static class Apache {
-//
-//			private final FhirContext context;
-//
-//			public Apache(FhirContext context) {
-//				this.context = context;
-//			}
-//
-//			@Bean
-//			@ConditionalOnMissingBean
-//			@ConfigurationProperties("hapi.fhir.rest.client.apache")
-//			public IRestfulClientFactory fhirRestfulClientFactory() {
-//				ApacheRestfulClientFactory restfulClientFactory = new ApacheRestfulClientFactory(this.context);
-//				return restfulClientFactory;
-//			}
-//		}
-//
-//		@Configuration
-//		@ConditionalOnClass(OkHttpClient.class)
-//		static class OkHttp {
-//
-//			private final FhirContext context;
-//
-//			public OkHttp(FhirContext context) {
-//				this.context = context;
-//			}
-//
-//			@Bean
-//			@ConditionalOnMissingBean
-//			@ConfigurationProperties("hapi.fhir.rest.client.okhttp")
-//			public IRestfulClientFactory fhirRestfulClientFactory() {
-//				OkHttpRestfulClientFactory restfulClientFactory = new OkHttpRestfulClientFactory(this.context);
-//				return restfulClientFactory;
-//			}
-//		}
-//	}
-
-}
diff --git a/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java
index 138fcd8638f9..e30b10220c1c 100644
--- a/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java
+++ b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java
@@ -77,13 +77,15 @@ protected void configure(HttpSecurity http) throws Exception {
 		http.cors()
 			.and()
 			.authorizeRequests()
-//			.antMatchers("/").permitAll()
+			.antMatchers("/*").permitAll()
+			.antMatchers("/home").permitAll()
+			.antMatchers("/fhir").permitAll()
 			.mvcMatchers("/logout.do").permitAll()
-			.antMatchers("/fhir/**")
+			.antMatchers("/fhir/rest/**")
 			.authenticated()
 			.and()
 			.csrf()
-			.ignoringAntMatchers("/fhir/**","/**")
+			.ignoringAntMatchers("/*","/fhir/rest/**","/**", "/fhir/**")
 			.and()
 			.logout()
 			.logoutRequestMatcher(new AntPathRequestMatcher("logout.do", "GET"));
@@ -99,8 +101,10 @@ public void configure(WebSecurity web) throws Exception {
 			.and().ignoring().mvcMatchers("/images/**")
 			.and().ignoring().mvcMatchers("/html/**")
 			.and().ignoring().antMatchers(HttpMethod.OPTIONS, "/**")
-			.and().ignoring().antMatchers("/");
-//			.and().ignoring().antMatchers("/**");
+			.and().ignoring().antMatchers("/home")
+			.and().ignoring().antMatchers("/*")
+			.and().ignoring().antMatchers("/fhir")
+			.and().ignoring().antMatchers("/fhir/rest/metadata");
 		/* @formatter:on */
 	}
 
diff --git a/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/SecurityAutoConfiguration.java b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/SecurityAutoConfiguration.java
new file mode 100644
index 000000000000..1527970bf6db
--- /dev/null
+++ b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/SecurityAutoConfiguration.java
@@ -0,0 +1,42 @@
+package autoconfigure;
+
+/*-
+ * #%L
+ * hapi-fhir-spring-boot-autoconfigure
+ * %%
+ * Copyright (C) 2014 - 2021 Smile CDR, Inc.
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+
+
+import org.springframework.boot.autoconfigure.AutoConfigureAfter;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+
+/**
+ * {@link EnableAutoConfiguration Auto-configuration} for HAPI FHIR.
+ *
+ * @author Mathieu Ouellet
+ */
+@Configuration
+@AutoConfigureAfter({KeycloakSecurityConfig.class})
+//@AutoConfigurationPackage
+@EnableWebSecurity
+@Import({ KeycloakSecurityConfig.class })
+public class SecurityAutoConfiguration {
+
+}
diff --git a/hapi-fhir-opensrp-security-config/src/main/resources/META-INF/spring.factories b/hapi-fhir-opensrp-security-config/src/main/resources/META-INF/spring.factories
index 8c1934097df3..6cb366365697 100644
--- a/hapi-fhir-opensrp-security-config/src/main/resources/META-INF/spring.factories
+++ b/hapi-fhir-opensrp-security-config/src/main/resources/META-INF/spring.factories
@@ -1 +1 @@
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=autoconfigure.FhirAutoConfiguration
+org.springframework.boot.autoconfigure.EnableAutoConfiguration=autoconfigure.SecurityAutoConfiguration

From e15dbd074e6dda6864fa6670a1b4b874dccc9273 Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Mon, 14 Jun 2021 14:23:40 +0500
Subject: [PATCH 13/15] 40 : Add authentication work

---
 .../ca/uhn/fhir/rest/client/impl/BaseClient.java   |  2 +-
 hapi-fhir-opensrp-security-config/pom.xml          | 14 --------------
 .../java/autoconfigure/KeycloakSecurityConfig.java |  8 ++++----
 .../autoconfigure/SecurityAutoConfiguration.java   |  3 +--
 4 files changed, 6 insertions(+), 21 deletions(-)

diff --git a/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/impl/BaseClient.java b/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/impl/BaseClient.java
index cbcb1f71cf21..43276f6af931 100644
--- a/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/impl/BaseClient.java
+++ b/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/impl/BaseClient.java
@@ -573,7 +573,7 @@ public T invokeClient(String theResponseMimeType, InputStream theResponseInputSt
 
 			EncodingEnum respType = EncodingEnum.forContentType(theResponseMimeType);
 			if (respType == null) {
-				if (theResponseMimeType.toLowerCase().contains(Constants.CT_HTML) && myReturnType != null) {
+				if (myAllowHtmlResponse && theResponseMimeType.toLowerCase().contains(Constants.CT_HTML) && myReturnType != null) {
 					return readHtmlResponse(theResponseInputStream);
 				}
 				throw NonFhirResponseException.newInstance(theResponseStatusCode, theResponseMimeType, theResponseInputStream);
diff --git a/hapi-fhir-opensrp-security-config/pom.xml b/hapi-fhir-opensrp-security-config/pom.xml
index 6329bd238abc..dc3d725cc812 100644
--- a/hapi-fhir-opensrp-security-config/pom.xml
+++ b/hapi-fhir-opensrp-security-config/pom.xml
@@ -119,20 +119,6 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
-<!--			<exclusions>-->
-<!--				<exclusion>-->
-<!--					<artifactId>tomcat-embed-el</artifactId>-->
-<!--					<groupId>org.apache.tomcat.embed</groupId>-->
-<!--				</exclusion>-->
-<!--				<exclusion>-->
-<!--					<artifactId>tomcat-embed-core</artifactId>-->
-<!--					<groupId>org.apache.tomcat.embed</groupId>-->
-<!--				</exclusion>-->
-<!--				<exclusion>-->
-<!--					<artifactId>tomcat-embed-websocket</artifactId>-->
-<!--					<groupId>org.apache.tomcat.embed</groupId>-->
-<!--				</exclusion>-->
-<!--			</exclusions>-->
 		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
diff --git a/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java
index e30b10220c1c..670bf4fdcf23 100644
--- a/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java
+++ b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java
@@ -79,13 +79,13 @@ protected void configure(HttpSecurity http) throws Exception {
 			.authorizeRequests()
 			.antMatchers("/*").permitAll()
 			.antMatchers("/home").permitAll()
-			.antMatchers("/fhir").permitAll()
+//			.antMatchers("/fhir").permitAll()
 			.mvcMatchers("/logout.do").permitAll()
 			.antMatchers("/fhir/rest/**")
 			.authenticated()
 			.and()
 			.csrf()
-			.ignoringAntMatchers("/*","/fhir/rest/**","/**", "/fhir/**")
+			.ignoringAntMatchers("/fhir/rest/**", "/fhir/**")
 			.and()
 			.logout()
 			.logoutRequestMatcher(new AntPathRequestMatcher("logout.do", "GET"));
@@ -103,9 +103,9 @@ public void configure(WebSecurity web) throws Exception {
 			.and().ignoring().antMatchers(HttpMethod.OPTIONS, "/**")
 			.and().ignoring().antMatchers("/home")
 			.and().ignoring().antMatchers("/*")
-			.and().ignoring().antMatchers("/fhir")
+//			.and().ignoring().antMatchers("/fhir")
 			.and().ignoring().antMatchers("/fhir/rest/metadata");
-		/* @formatter:on */
+//		/* @formatter:on */
 	}
 
 	@Bean
diff --git a/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/SecurityAutoConfiguration.java b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/SecurityAutoConfiguration.java
index 1527970bf6db..bddc6019a48a 100644
--- a/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/SecurityAutoConfiguration.java
+++ b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/SecurityAutoConfiguration.java
@@ -30,11 +30,10 @@
 /**
  * {@link EnableAutoConfiguration Auto-configuration} for HAPI FHIR.
  *
- * @author Mathieu Ouellet
+ * @author Reham Muzzamil
  */
 @Configuration
 @AutoConfigureAfter({KeycloakSecurityConfig.class})
-//@AutoConfigurationPackage
 @EnableWebSecurity
 @Import({ KeycloakSecurityConfig.class })
 public class SecurityAutoConfiguration {

From bd15971b50b71b75bc8f7d8d6008a81959a3455e Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Tue, 15 Jun 2021 16:25:15 +0500
Subject: [PATCH 14/15] 40 : Code cleanup

---
 hapi-fhir-opensrp-security-config/pom.xml     | 98 +++++++++----------
 .../autoconfigure/KeycloakSecurityConfig.java | 10 +-
 2 files changed, 53 insertions(+), 55 deletions(-)

diff --git a/hapi-fhir-opensrp-security-config/pom.xml b/hapi-fhir-opensrp-security-config/pom.xml
index dc3d725cc812..24fa68ad1826 100644
--- a/hapi-fhir-opensrp-security-config/pom.xml
+++ b/hapi-fhir-opensrp-security-config/pom.xml
@@ -10,7 +10,7 @@
 	</parent>
 
 	<artifactId>hapi-fhir-opensrp-security-config</artifactId>
-	<version>5.4.0-PRE5-SNAPSHOT</version>
+	<version>0.0.1-PRE5-SNAPSHOT</version>
 
 	<packaging>jar</packaging>
 
@@ -23,42 +23,42 @@
 		</dependency>
 
 		<!-- Optional dependencies -->
-		<dependency>
-			<groupId>ca.uhn.hapi.fhir</groupId>
-			<artifactId>hapi-fhir-base</artifactId>
-			<version>${project.version}</version>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>ca.uhn.hapi.fhir</groupId>
-			<artifactId>hapi-fhir-server</artifactId>
-			<version>${project.version}</version>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>ca.uhn.hapi.fhir</groupId>
-			<artifactId>hapi-fhir-jpaserver-base</artifactId>
-			<version>${project.version}</version>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>ca.uhn.hapi.fhir</groupId>
-			<artifactId>hapi-fhir-jaxrsserver-base</artifactId>
-			<version>${project.version}</version>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>ca.uhn.hapi.fhir</groupId>
-			<artifactId>hapi-fhir-client</artifactId>
-			<version>${project.version}</version>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>ca.uhn.hapi.fhir</groupId>
-			<artifactId>hapi-fhir-client-okhttp</artifactId>
-			<version>${project.version}</version>
-			<optional>true</optional>
-		</dependency>
+<!--		<dependency>-->
+<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
+<!--			<artifactId>hapi-fhir-base</artifactId>-->
+<!--			<version>5.4.0-PRE5-SNAPSHOT</version>-->
+<!--			<optional>true</optional>-->
+<!--		</dependency>-->
+<!--		<dependency>-->
+<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
+<!--			<artifactId>hapi-fhir-server</artifactId>-->
+<!--			<version>5.4.0-PRE5-SNAPSHOT</version>-->
+<!--			<optional>true</optional>-->
+<!--		</dependency>-->
+<!--		<dependency>-->
+<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
+<!--			<artifactId>hapi-fhir-jpaserver-base</artifactId>-->
+<!--			<version>5.4.0-PRE5-SNAPSHOT</version>-->
+<!--			<optional>true</optional>-->
+<!--		</dependency>-->
+<!--		<dependency>-->
+<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
+<!--			<artifactId>hapi-fhir-jaxrsserver-base</artifactId>-->
+<!--			<version>5.4.0-PRE5-SNAPSHOT</version>-->
+<!--			<optional>true</optional>-->
+<!--		</dependency>-->
+<!--		<dependency>-->
+<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
+<!--			<artifactId>hapi-fhir-client</artifactId>-->
+<!--			<version>5.4.0-PRE5-SNAPSHOT</version>-->
+<!--			<optional>true</optional>-->
+<!--		</dependency>-->
+<!--		<dependency>-->
+<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
+<!--			<artifactId>hapi-fhir-client-okhttp</artifactId>-->
+<!--			<version>5.4.0-PRE5-SNAPSHOT</version>-->
+<!--			<optional>true</optional>-->
+<!--		</dependency>-->
 		<dependency>
 			<groupId>javax.servlet</groupId>
 			<artifactId>javax.servlet-api</artifactId>
@@ -99,18 +99,18 @@
 			<scope>test</scope>
 			<version>1.7.30</version>
 		</dependency>
-		<dependency>
-			<groupId>ca.uhn.hapi.fhir</groupId>
-			<artifactId>hapi-fhir-validation-resources-dstu2</artifactId>
-			<version>${project.version}</version>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>ca.uhn.hapi.fhir</groupId>
-			<artifactId>hapi-fhir-validation-resources-dstu3</artifactId>
-			<version>${project.version}</version>
-			<scope>test</scope>
-		</dependency>
+<!--		<dependency>-->
+<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
+<!--			<artifactId>hapi-fhir-validation-resources-dstu2</artifactId>-->
+<!--			<version>${project.version}</version>-->
+<!--			<scope>test</scope>-->
+<!--		</dependency>-->
+<!--		<dependency>-->
+<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
+<!--			<artifactId>hapi-fhir-validation-resources-dstu3</artifactId>-->
+<!--			<version>${project.version}</version>-->
+<!--			<scope>test</scope>-->
+<!--		</dependency>-->
 
 		<dependency>
 		    <groupId>org.keycloak</groupId>
diff --git a/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java
index 670bf4fdcf23..ad96b76051cd 100644
--- a/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java
+++ b/hapi-fhir-opensrp-security-config/src/main/java/autoconfigure/KeycloakSecurityConfig.java
@@ -77,19 +77,17 @@ protected void configure(HttpSecurity http) throws Exception {
 		http.cors()
 			.and()
 			.authorizeRequests()
-			.antMatchers("/*").permitAll()
+			.antMatchers("/").permitAll()
 			.antMatchers("/home").permitAll()
-//			.antMatchers("/fhir").permitAll()
 			.mvcMatchers("/logout.do").permitAll()
-			.antMatchers("/fhir/rest/**")
+			.antMatchers("/fhir/**")
 			.authenticated()
 			.and()
 			.csrf()
-			.ignoringAntMatchers("/fhir/rest/**", "/fhir/**")
+			.ignoringAntMatchers("/fhir/**")
 			.and()
 			.logout()
 			.logoutRequestMatcher(new AntPathRequestMatcher("logout.do", "GET"));
-//			.logoutSuccessUrl("/loggedout");
 
 	}
 
@@ -104,7 +102,7 @@ public void configure(WebSecurity web) throws Exception {
 			.and().ignoring().antMatchers("/home")
 			.and().ignoring().antMatchers("/*")
 //			.and().ignoring().antMatchers("/fhir")
-			.and().ignoring().antMatchers("/fhir/rest/metadata");
+			.and().ignoring().antMatchers("/fhir/metadata");
 //		/* @formatter:on */
 	}
 

From fa8c09474d7f65a4ccbcbaaf5999e24cb89404f7 Mon Sep 17 00:00:00 2001
From: Reham Muzzamil <reham.muzzamil@venturedive.com>
Date: Tue, 15 Jun 2021 16:27:21 +0500
Subject: [PATCH 15/15] 40 : Code cleanup

---
 hapi-fhir-opensrp-security-config/pom.xml | 50 -----------------------
 1 file changed, 50 deletions(-)

diff --git a/hapi-fhir-opensrp-security-config/pom.xml b/hapi-fhir-opensrp-security-config/pom.xml
index 24fa68ad1826..ed483b7bbe53 100644
--- a/hapi-fhir-opensrp-security-config/pom.xml
+++ b/hapi-fhir-opensrp-security-config/pom.xml
@@ -22,43 +22,6 @@
 			<version>${spring_boot_version}</version>
 		</dependency>
 
-		<!-- Optional dependencies -->
-<!--		<dependency>-->
-<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
-<!--			<artifactId>hapi-fhir-base</artifactId>-->
-<!--			<version>5.4.0-PRE5-SNAPSHOT</version>-->
-<!--			<optional>true</optional>-->
-<!--		</dependency>-->
-<!--		<dependency>-->
-<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
-<!--			<artifactId>hapi-fhir-server</artifactId>-->
-<!--			<version>5.4.0-PRE5-SNAPSHOT</version>-->
-<!--			<optional>true</optional>-->
-<!--		</dependency>-->
-<!--		<dependency>-->
-<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
-<!--			<artifactId>hapi-fhir-jpaserver-base</artifactId>-->
-<!--			<version>5.4.0-PRE5-SNAPSHOT</version>-->
-<!--			<optional>true</optional>-->
-<!--		</dependency>-->
-<!--		<dependency>-->
-<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
-<!--			<artifactId>hapi-fhir-jaxrsserver-base</artifactId>-->
-<!--			<version>5.4.0-PRE5-SNAPSHOT</version>-->
-<!--			<optional>true</optional>-->
-<!--		</dependency>-->
-<!--		<dependency>-->
-<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
-<!--			<artifactId>hapi-fhir-client</artifactId>-->
-<!--			<version>5.4.0-PRE5-SNAPSHOT</version>-->
-<!--			<optional>true</optional>-->
-<!--		</dependency>-->
-<!--		<dependency>-->
-<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
-<!--			<artifactId>hapi-fhir-client-okhttp</artifactId>-->
-<!--			<version>5.4.0-PRE5-SNAPSHOT</version>-->
-<!--			<optional>true</optional>-->
-<!--		</dependency>-->
 		<dependency>
 			<groupId>javax.servlet</groupId>
 			<artifactId>javax.servlet-api</artifactId>
@@ -99,19 +62,6 @@
 			<scope>test</scope>
 			<version>1.7.30</version>
 		</dependency>
-<!--		<dependency>-->
-<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
-<!--			<artifactId>hapi-fhir-validation-resources-dstu2</artifactId>-->
-<!--			<version>${project.version}</version>-->
-<!--			<scope>test</scope>-->
-<!--		</dependency>-->
-<!--		<dependency>-->
-<!--			<groupId>ca.uhn.hapi.fhir</groupId>-->
-<!--			<artifactId>hapi-fhir-validation-resources-dstu3</artifactId>-->
-<!--			<version>${project.version}</version>-->
-<!--			<scope>test</scope>-->
-<!--		</dependency>-->
-
 		<dependency>
 		    <groupId>org.keycloak</groupId>
 		    <artifactId>keycloak-spring-boot-starter</artifactId>