FHIR Security

FHIR basic authentication options

Client-side FHIR endpoints (i.e. producers) can be configured with Basic Authentication credentials

Parameter name	Type	Default value	Short description
`username`	String	n/a	username for basic authentication
`password`	String	n/a	password for basic authentication

FHIR transport-level encryption

Consumer

SSL support for IPF IHE consumers side must be configured in their deployment container. See e.g. SSL How-To for Tomcat 8.

Producer

TLS-related aspects for client-side FHIR endpoints (i.e. producers) are controlled by the following URI parameters:

Parameter name	Type	Default value	Short description
`secure`	boolean	false	enables transport-level encryption for the given endpoint
`sslContextParameters`	SSLContextParameters	n/a	enables transport-level encryption and determines the SSL parameters that shall be applied to the endpoint
`hostnameVerifier`	HostnameVerifier	n/a	strategy for host name verification

If secure is set to true but no sslContextParameters are provided, the Camel registry is looked up for a unique sslContextParameters bean instance to be used. If none is found, a default SSL Context (optionally controlled by the system environment) is instantiated. If more than one sslContextParameters bean instance is found, an exception is thrown.

SSLContextParameters can be configured as shown in the example below. In this case, the FHIR producer URI requires the parameter sslContextParameters=#myContext.

     <beans xmlns="http://www.springframework.org/schema/beans"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:camel="http://camel.apache.org/schema/spring"
            xsi:schemaLocation="
     http://www.springframework.org/schema/beans
     http://www.springframework.org/schema/beans/spring-beans.xsd
     http://camel.apache.org/schema/spring
     http://camel.apache.org/schema/spring/camel-spring.xsd">
     
     ...
     
    <camel:sslContextParameters id="myContext">
        <camel:keyManagers keyPassword="changeit">
            <camel:keyStore type="JKS" password="changeit" resource="client.jks"/>
        </camel:keyManagers>
        <camel:trustManagers>
            <camel:keyStore type="JKS" password="changeit" resource="client.jks"/>
        </camel:trustManagers>
        <camel:clientParameters>
            <camel:cipherSuitesFilter>
                <camel:include>.*_EXPORT_.*</camel:include>
                <camel:include>.*_EXPORT1024_.*</camel:include>
                <camel:include>.*_WITH_DES_.*</camel:include>
                <camel:include>.*_WITH_NULL_.*</camel:include>
                <camel:exclude>.*_DH_anon_.*</camel:exclude>
            </camel:cipherSuitesFilter>
        </camel:clientParameters>
    </camel:sslContextParameters>    
     