OAuth2 Module - for Module Developers

Module developers can chose to protect their module resources by OAuth2 Protocol using the OAuth2 module. 

The OAuth2 module hosts a Spring Security Filter Chain which can be configured to intercept URI's specific to your module. Currently we are supporting only static configuration i.e you will be required to change the OAuth2 module source, package and deploy it before it can intercept requests to your module. In future, we will provide hooks to the OAuth2 module to allow for seamless dynamic integration with your module.

Note : By default, OAuth2 module intercepts requests to the FHIR module.

Configure OAuth2 module to protect resources of any module

For this, you will need to fork/clone the OAuth2 module from it's GitHub repository : https://github.com/maany/openmrs-module-oauth2-prototype

  1. Once you have the source code, add the following web/http security (Spring Security) configuration snippet to /omod/src/main/resources/webModuleApplicationContext.xml : 

OAuth2 module : add new protected resource

 

1

2

3

4

5

6

<security:http pattern="<resource_uri>" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" authentication-manager-ref="authenticationManager">

<security:anonymous enabled="false"/>

<security:intercept-url pattern="<resource_uri>" access="hasAnyRole('ROLE_USER','ROLE_CLIENT')"/>

<security:custom-filter ref="OpenMRSGenericResourceServerFilter" before="PRE_AUTH_FILTER"/>

<security:access-denied-handler ref="oauthAccessDeniedHandler"/>

</security:http>

 

Make sure you replace <resource_uri> with the URI of the resource you want to protect using OAuth2.

       2. Goto root directory of module and run the Maven command "mvn package" to package the OAuth2 module

       3. Install the OAuth2 module on the OpenMRS installation. 

       4. Install your module on the OpenMRS installation.

Now if you try to access the URI specified, you would only be able to access it if the request is accompanied by a valid token issued by the OAuth2 module.