cortexcloud · hlab-pawat · Feb 9, 2024 · Feb 10, 2024 · Feb 11, 2024 · Feb 11, 2024
diff --git a/Dockerfile b/Dockerfile
@@ -35,6 +35,8 @@ COPY --from=build-hapi --chown=1001:1001 /tmp/hapi-fhir-jpaserver-starter/opente
 
 ENV ALLOW_EMPTY_PASSWORD=yes
 
+FROM busybox:1.35.0-uclibc as busybox
+
 ########### distroless brings focus on security and runs on plain spring boot - this is the default image
 FROM gcr.io/distroless/java17-debian11:nonroot AS default
 # 65532 is the nonroot user's uid
@@ -45,5 +47,8 @@ WORKDIR /app
 
 COPY --chown=nonroot:nonroot --from=build-distroless /app /app
 COPY --chown=nonroot:nonroot --from=build-hapi /tmp/hapi-fhir-jpaserver-starter/opentelemetry-javaagent.jar /app
+COPY --chown=nonroot:nonroot --from=busybox /bin/sh /bin/sh
+COPY --chown=nonroot:nonroot --from=busybox /bin/cat /bin/cat
-COPY --chown=nonroot:nonroot --from=busybox /bin/sh /bin/sh
-COPY --chown=nonroot:nonroot --from=busybox /bin/cat /bin/cat
+COPY --chown=nonroot:nonroot --from=busybox /bin/sh /bin/cat /bin/
-COPY --chown=nonroot:nonroot --from=busybox /bin/sh /bin/sh
-COPY --chown=nonroot:nonroot --from=busybox /bin/cat /bin/cat
+COPY --chown=nonroot:nonroot --from=busybox /bin/sh /bin/cat /bin/
+COPY --chown=nonroot:nonroot entrypoint.sh /entrypoint.sh
 
-ENTRYPOINT ["java", "--class-path", "/app/main.war", "-Dloader.path=main.war!/WEB-INF/classes/,main.war!/WEB-INF/,/app/extra-classes", "org.springframework.boot.loader.PropertiesLauncher"]
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+export ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD:=`cat ${ELASTICSEARCH_PASSWORD_FILE}`}
+export HAPI_DATASOURCE_PASSWORD=${HAPI_DATASOURCE_PASSWORD:=`cat ${HAPI_DATASOURCE_PASSWORD_FILE}`}
+
+# Execute the Java application
+java --class-path "/app/main.war" \
+-Dloader.path="main.war!/WEB-INF/classes/,main.war!/WEB-INF/,/app/extra-classes" \
+org.springframework.boot.loader.PropertiesLauncher "$@"
diff --git a/pom.xml b/pom.xml
@@ -403,6 +403,17 @@
             <version>${logback-classic.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>jwks-rsa</artifactId>
+            <version>0.22.1</version>
+        </dependency>
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>4.4.0</version>
+        </dependency>
+
     </dependencies>
 
     <build>

diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java b/src/main/java/ca/uhn/fhir/jpa/starter/AppProperties.java
@@ -85,6 +85,7 @@ public class AppProperties {
 
   private Boolean lastn_enabled = false;
   private boolean store_resource_in_lucene_index_enabled = false;
+  private String elasticsearch_index_prefix = "";
   private NormalizedQuantitySearchLevel normalized_quantity_search_level = NormalizedQuantitySearchLevel.NORMALIZED_QUANTITY_SEARCH_NOT_SUPPORTED;
 
   private Boolean use_apache_address_strategy = false;
@@ -94,6 +95,8 @@ public class AppProperties {
   private Integer bundle_batch_pool_max_size = 100;
   private final Set<String> local_base_urls = new HashSet<>();
   private final Set<String> logical_urls = new HashSet<>();
+
+  private Oauth2 oauth2 = new Oauth2();
 
   private final List<String> custom_interceptor_classes = new ArrayList<>();
 
@@ -560,6 +563,14 @@ public void setStore_resource_in_lucene_index_enabled(Boolean store_resource_in_
 		this.store_resource_in_lucene_index_enabled = store_resource_in_lucene_index_enabled;
 	}
 
+	public String getElasticsearch_index_prefix() {
+		return elasticsearch_index_prefix;
+	}
+
+	public void setElasticsearch_index_prefix(String elasticsearch_index_prefix) {
+		this.elasticsearch_index_prefix = elasticsearch_index_prefix;
+	}
+
 	public NormalizedQuantitySearchLevel getNormalized_quantity_search_level() {
 	return this.normalized_quantity_search_level;
   }
@@ -879,4 +890,43 @@ public boolean getEnable_index_of_type() {
   public void setEnable_index_of_type(boolean enable_index_of_type) {
     this.enable_index_of_type = enable_index_of_type;
   }
+
+  public static class Oauth2 {
+
+		public Boolean enabled = false;
+		public String issuer = "";
+		public String jwks_uri = "";
+
+	  public Boolean getEnabled() {
+		  return enabled;
+	  }
+
+	  public void setEnabled(Boolean enabled) {
+		  this.enabled = enabled;
+	  }
+
+	  public String getIssuer() {
+		  return issuer;
+	  }
+
+	  public void setIssuer(String issuer) {
+		  this.issuer = issuer;
+	  }
+
+	  public String getJwks_uri() {
+		  return jwks_uri;
+	  }
+
+	  public void setJwks_uri(String jwks_uri) {
+		  this.jwks_uri = jwks_uri;
+	  }
+  }
+
+	public Oauth2 getOauth2() {
+		return oauth2;
+	}
+
+	public void setOauth2(Oauth2 oauth2) {
+		this.oauth2 = oauth2;
+	}
 }
diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/common/FhirServerConfigCommon.java b/src/main/java/ca/uhn/fhir/jpa/starter/common/FhirServerConfigCommon.java
@@ -160,6 +160,10 @@ public JpaStorageSettings jpaStorageSettings(AppProperties appProperties) {
 			jpaStorageSettings.setInlineResourceTextBelowSize(appProperties.getInline_resource_storage_below_size());
 		}
 
+		if (appProperties.getElasticsearch_index_prefix() != null && !appProperties.getElasticsearch_index_prefix().isEmpty()) {
+			jpaStorageSettings.setHSearchIndexPrefix(appProperties.getElasticsearch_index_prefix());
+		}
+
 		jpaStorageSettings.setStoreResourceInHSearchIndex(appProperties.getStore_resource_in_lucene_index_enabled());
 		jpaStorageSettings.setNormalizedQuantitySearchLevel(appProperties.getNormalized_quantity_search_level());
 		jpaStorageSettings.setIndexOnContainedResources(appProperties.getEnable_index_contained_resource());