OHDSI Home | Forums | Wiki | Github

New Wiki Entry: Setting up Basic Security for a demo environment

security
atlas
webapi

(Frank DeFalco) #1

I’ve put together a new wiki entry that describes the process for setting up basic security using a custom database for credentials. The article describes the process for setting up the OHDSI WebAPI and ATLAS with security enabled. This is useful for those looking to work on developing features that leverage security but may not be in an environment with ‘enterprise’ security established.

http://www.ohdsi.org/web/wiki/doku.php?id=documentation:software:webapi:basic_security


(Rohan Surdikar) #2

Hi Frank,

Thanks for the wiki article on webapi security. I followed instructions as you mentioned but I keep on getting 404 not found error when I submit login form.

Also, I am not sure which bcrypt hash to choose for my password?
Currently, I have used same email/password combination given on wiki page.

Here is my settings.xml

<settings>
<profiles>
  <profile>
    <id>webapi-mssql</id>
    <properties>
      <datasource.driverClassName>com.microsoft.sqlserver.jdbc.SQLServerDriver</datasource.driverClassName>
      <datasource.url>jdbc:sqlserver://localhost;databasename=cdmtestdb</datasource.url>
      <datasource.username>sa</datasource.username>
      <datasource.password>*****</datasource.password>
      <datasource.dialect>sql server</datasource.dialect>
      <datasource.ohdsi.schema>webapi</datasource.ohdsi.schema>
      <flyway.datasource.driverClassName>${datasource.driverClassName}</flyway.datasource.driverClassName>
      <flyway.datasource.url>${datasource.url}</flyway.datasource.url>
      <flyway.datasource.username>${datasource.username}</flyway.datasource.username>
      <flyway.datasource.password>${datasource.password}</flyway.datasource.password>
      <flyway.locations>classpath:db/migration/sqlserver</flyway.locations>
      <security.enabled>true</security.enabled>
      <security.origin>*</security.origin>
      <security.db.datasource.url>${datasource.url}</security.db.datasource.url>
        <security.db.datasource.driverClassName>${datasource.driverClassName}</security.db.datasource.driverClassName>
        <security.db.datasource.schema>${datasource.ohdsi.schema}</security.db.datasource.schema>
        <security.db.datasource.username>ohdsi</security.db.datasource.username>
        <security.db.datasource.password>ohdsi</security.db.datasource.password>
        <security.db.datasource.authenticationQuery>select password from ${datasource.ohdsi.schema}.demo_security where email = ?</security.db.datasource.authenticationQuery>
    </properties> 
  </profile>  
</profiles>
</settings>

And my config-local.js file

define([], function () {
    var configLocal = {};
 
    configLocal.api = {
        name: 'Test',
        url: 'http://localhost:8080/WebAPI/'
    };
 
    configLocal.userAuthenticationEnabled = true;

    configLocal.authProviders = [{
        "name": "Test CDM Security",
        "url": "user/login/db",
        "ajax": true,
        "icon": "fa fa-database",
        "isUseCredentialsForm": true
    }];
    
    return configLocal;
});

Any advise or guidance would be appreciated. Thanks.


t