Spring Boot ATNA support

ipf-atna-spring-boot-starter sets up the infrastructure for ATNA auditing.

The dependency on the IPF Spring Boot ATNA starter module is:

    <dependency>
        <groupId>org.openehealth.ipf.boot</groupId>
        <artifactId>ipf-atna-spring-boot-starter</artifactId>
    </dependency>

All IHE-related Spring boot starter modules depend on this starter module, so if you use one of those you do not have to explicitly depend on ipf-atna-spring-boot-starter.

As of IPF 3.7, ipf-atna-spring-boot-starter does not depend on ipf-spring-boot-starter anymore. This makes it usable in scenarios where no other IPF modules are used and does not drag in 3rd party dependencies like Apache Camel or Groovy anymore.

ipf-atna-spring-boot-starter auto-configures by default:

You can define your own @Beans of this type in order to override the defaults.

ipf-atna-spring-boot-starter provides the following application properties that configures the AuditContext as described here.

Property (ipf.atna.) Default Description
audit-enabled false Whether auditing is enabled
audit-repository-host localhost Host of the ATNA repository to send the events to
audit-repository-port 514 Port of the ATNA repository to send the events to
audit-repository-transport UDP Wire transport format (UDP, TLS, NETTY-UDP, NETTY-TLS, FHIR-REST-TLS)
audit-source-id ${spring.application.name} Source ID for ATNA events
audit-enterprise-site-id   Enterprise Site ID for ATNA events
include-participants-from-response false Whether to include (patient) participants from responses as well
audit-source-type 4 (ApplicationServerProcess) Type of Audit Source
audit-queue-class org.openehealth.ipf.commons.audit.queue.SynchronousAuditMessageQueue Queue implementation for auditing
audit-sender-class as indicated by audit-repository-transport ATNA sender implementation
audit-exception-handler-class org.openehealth.ipf.commons.audit.handler.LoggingAuditExceptionHandler Exception handler impleemntation
audit-value-if-missing UNKNOWN Value used for mandatory audit attributes that are not set
audit-message-post-processor-class none Class of the audit message post-processor
ws-audit-dataset-enricher-class none Class of the audit dataset enricher for Web Service based transactions (IPF 5.0+)
fhir-audit-dataset-enricher-class none Class of the audit dataset enricher for FHIR based transactions (IPF 5.0+)

Instead of specifying class names in configuration properties, you can provide Spring @Beans of the types AuditMessageQueue, AuditMessagePostProcessor, AuditTransmissionProtocol, AuditMetadataProvider, AuditExceptionHandler, WsAuditDatasetEnricher, and FhirAuditDatasetEnricher. Moreover, you can provide an own bean of the type TlsParameters.

As of IPF 4.8.0, you can audit following the IHE Basic Audit Log Patterns (BALP). By setting ipf.atna.balp properties you can enable FHIR-based auditing.

Property (ipf.atna.balp.) Default Description
audit-repository-context-path ”” URL context path of the FHIR Audit Repository
audit-event-serialization-type json Whether to encode the AuditEvent as json or xml
oauth.id-path jti Where to extract audit-relevant data from a JWT access token
oauth.issuer-path issuer  
oauth.client-id-path client_id, cid  
oauth.subject-path sub  
oauth.subject-name-path extensions:ihe_iua:subject_name  
oauth.subject-organization-path extensions:ihe_iua:subject_organization  
oauth.subject-organization-id-path extensions:ihe_iua:subject_organization_id  
oauth.subject-role-path extensions:ihe_iua:subject_role  
oauth.purpose-of-use-path extensions:ihe_iua:purpose_of_use  
oauth.home-community-id-path extensions:ihe_iua:home_community_id  
oauth.national-provider-id-path extensions:ihe_iua:national_provider_identifier  
oauth.person-id-path extensions:ihe_iua:person_id  
oauth.patient-id-path extensions:ihe_bppc:patient_id  
oauth.doc-id-path extensions:ihe_bppc:doc_id  
oauth.acp-path extensions:ihe_bppc:acp