annotate Sphinx/source/plugins/authorization.rst @ 919:5c1ce758f748

uclouvain
author Sebastien Jodogne <s.jodogne@gmail.com>
date Fri, 17 Mar 2023 12:58:14 +0100
parents 8b48d42665c4
children 1d9e0aa08fdd
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
96
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1 .. _authorization:
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
2
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
3
851
f282da89c1c1 auth plugin not deprecated anymore
Alain Mazy <am@osimis.io>
parents: 761
diff changeset
4 Advanced authorization plugin
f282da89c1c1 auth plugin not deprecated anymore
Alain Mazy <am@osimis.io>
parents: 761
diff changeset
5 =============================
96
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
6
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
7 .. contents::
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
8
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
9 This **official plugin by Osimis** extends Orthanc with an advanced
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
10 authorization mechanism. For each incoming REST request to some URI,
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
11 the plugin will query a Web service to know whether the access is
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
12 granted to the user. If access is not granted, the HTTP status code is
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
13 set to ``403`` (Forbidden).
96
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
14
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
15 The `source code of this plugin
449
2922fb1bd65e fix links
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 361
diff changeset
16 <https://hg.orthanc-server.com/orthanc-authorization/file/default>`__ is
361
84e3a2612c36 links to hg
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 274
diff changeset
17 freely available under the terms of the AGPLv3 license.
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
18
96
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
19
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
20 Compilation
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
21 -----------
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
22
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
23 .. highlight:: bash
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
24
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
25 The procedure to compile this plugin is similar of that for the
96
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
26 :ref:`core of Orthanc <binaries>`. The following commands should work
761
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 556
diff changeset
27 for most UNIX-like distribution (including GNU/Linux)::
96
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
28
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
29 $ mkdir Build
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
30 $ cd Build
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
31 $ cmake .. -DSTATIC_BUILD=ON -DCMAKE_BUILD_TYPE=Release
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
32 $ make
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
33
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
34 The compilation will produce a shared library ``OrthancAuthorization``
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
35 that contains the authorization plugin.
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
36
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
37 Usage
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
38 -----
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
39
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
40 .. highlight:: json
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
41
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
42 You of course first have to :ref:`install Orthanc <compiling>`. Once
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
43 Orthanc is installed, you must change the :ref:`configuration file
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
44 <configuration>` to tell Orthanc where it can find the plugin: This is
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
45 done by properly modifying the ``Plugins`` option. You could for
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
46 instance use the following configuration file::
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
47
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
48 {
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
49 "Name" : "MyOrthanc",
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
50 [...]
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
51 "Plugins" : [
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
52 "/home/user/OrthancAuthorization/Build/libOrthancAuthorization.so"
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
53 ],
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
54 "Authorization" : {
878
2e3493d618ad auth 0.3.0
Alain Mazy <am@osimis.io>
parents: 851
diff changeset
55 "WebService" : "http://localhost:8000/",
2e3493d618ad auth 0.3.0
Alain Mazy <am@osimis.io>
parents: 851
diff changeset
56 "WebServiceUsername": "my-user",
2e3493d618ad auth 0.3.0
Alain Mazy <am@osimis.io>
parents: 851
diff changeset
57 "WebServicePassword": "my-password",
2e3493d618ad auth 0.3.0
Alain Mazy <am@osimis.io>
parents: 851
diff changeset
58 "WebServiceIdentifier": "my-id"
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
59 }
96
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
60 }
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
61
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
62 Orthanc must of course be restarted after the modification of its
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
63 configuration file.
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
64
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
65
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
66 Web Service
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
67 -----------
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
68
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
69 This section describes how a Web service suitable for the
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
70 authorization plugin can be designed.
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
71
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
72 **Note:** The behavior described in this section is implemented by the
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
73 ``AuthorizationWebService`` C++ class in the source code. It is
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
74 possible to define a different authorization back-end by deriving
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
75 from interface ``IAuthorizationService``.
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
76
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
77
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
78 Incoming request
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
79 ^^^^^^^^^^^^^^^^
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
80
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
81 For each HTTP/REST request that Orthanc receives, the plugin will
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
82 issue a set of HTTP ``POST`` requests against the Web service that is
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
83 specified in the configuration file (in the basic configuration file
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
84 above, the Web service listening at ``http://localhost:8000/`` is
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
85 used). The body of each of those ``POST`` requests is a JSON file
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
86 similar to the following one::
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
87
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
88 {
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
89 "dicom-uid" : "123ABC",
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
90 "level" : "patient",
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
91 "method" : "get",
878
2e3493d618ad auth 0.3.0
Alain Mazy <am@osimis.io>
parents: 851
diff changeset
92 "orthanc-id" : "6eeded74-75005003-c3ae9738-d4a06a4f-6beedeb8",
2e3493d618ad auth 0.3.0
Alain Mazy <am@osimis.io>
parents: 851
diff changeset
93 "identifier": "my-id"
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
94 }
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
95
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
96 In this example, the user is accessing an URI that is related to some
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
97 DICOM resource, namely a patient whose DICOM identifier is
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
98 ``123ABC``. In such a case, the following fields will be set in the
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
99 JSON body:
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
100
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
101 * The ``level`` field specifies which type of resource the user is
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
102 accessing, according to the :ref:`DICOM model of the real world
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
103 <model-world>`. This field can be set to ``patient``, ``study``,
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
104 ``series``, or ``instance``.
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
105 * The ``method`` field specifies which HTTP method is used by the
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
106 to-be-authorized request. It can be set to ``get``, ``post``,
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
107 ``delete``, or ``put``.
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
108 * The ``dicom-uid`` field gives the :ref:`DICOM identifier
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
109 <dicom-identifiers>` of the resource that is accessed. If the
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
110 resource is a patient, this field contains the ``PatientID`` DICOM
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
111 tag. For a study, it contains its ``StudyInstanceUID``. For a
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
112 series, it contains its ``SeriesInstanceUID``. For an instance, it
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
113 contains its ``SOPInstanceUID``.
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
114 * The ``orthanc-id`` field gives the :ref:`Orthanc identifier
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
115 <orthanc-ids>` of the resource.
878
2e3493d618ad auth 0.3.0
Alain Mazy <am@osimis.io>
parents: 851
diff changeset
116 * The ``identifier`` field contains the value of the ``WebServiceIdentifier``
2e3493d618ad auth 0.3.0
Alain Mazy <am@osimis.io>
parents: 851
diff changeset
117 configuration or ``null`` if this configuration is not defined. This allows
2e3493d618ad auth 0.3.0
Alain Mazy <am@osimis.io>
parents: 851
diff changeset
118 the WebService to identity which Orthanc instance is calling it (new in v 0.3.0).
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
119
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
120 When the user accesses a lower-level resource in the DICOM hierarchy
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
121 (a study, a series or an instance), the authorization plugin will
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
122 issue one separate call to the Web service for each level of the
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
123 hierarchy. For instance, here are the 3 successive requests that are
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
124 issued when accessing some series::
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
125
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
126 {
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
127 "dicom-uid" : "123ABC",
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
128 "level" : "patient",
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
129 "method" : "get",
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
130 "orthanc-id" : "6eeded74-75005003-c3ae9738-d4a06a4f-6beedeb8"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
131 }
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
132 {
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
133 "dicom-uid" : "1.3.51.0.1.1.192.168.29.133.1681753.1681732",
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
134 "level" : "study",
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
135 "method" : "get",
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
136 "orthanc-id" : "6e2c0ec2-5d99c8ca-c1c21cee-79a09605-68391d12"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
137 }
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
138 {
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
139 "dicom-uid" : "1.3.12.2.1107.5.2.33.37097.2012041612474981424569674.0.0.0",
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
140 "level" : "series",
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
141 "method" : "get",
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
142 "orthanc-id" : "6ca4c9f3-5e895cb3-4d82c6da-09e060fe-9c59f228"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
143 }
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
144
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
145 It the user is accessing a URI that is not directly related to an
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
146 individual DICOM resource, the JSON body will look as follows::
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
147
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
148 {
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
149 "level" : "system",
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
150 "method" : "get",
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
151 "uri" : "/changes"
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
152 }
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
153
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
154 In such a situation, the following fields are set:
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
155
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
156 * The ``level`` field is always set to ``system``.
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
157 * The ``method`` field is the same as above.
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
158 * The ``uri`` field provides the URI that was accessed by the user.
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
159
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
160 **Important note:** The plugin will transparently parse the URIs of
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
161 the core :ref:`REST API of Orthanc <rest>`, of the :ref:`Web viewer
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
162 plugin <webviewer>`, of the :ref:`DICOMweb plugin <dicomweb>`, and of
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
163 the :ref:`whole-slide imaging plugin <wsi>`. Unrecognized URIs (such
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
164 as those introduced by other plugins) will be handled as a ``system``
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
165 call. It is possible to introduce parsing support for more plugins by
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
166 modifying the ``DefaultAuthorizationParser`` C++ class in the source
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
167 code of the plugin.
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
168
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
169
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
170 Expected answer
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
171 ^^^^^^^^^^^^^^^
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
172
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
173 The Web service must answer by sending a JSON file that tells whether
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
174 the access is granted or not to the user. Here is a sample answer::
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
175
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
176 {
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
177 "granted": true,
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
178 "validity" : 5
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
179 }
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
180
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
181 Here is a description of these two fields:
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
182
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
183 * ``granted`` tells whether access to the resource is granted
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
184 (``true``) or not granted (``false``). In the case the user is
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
185 accessing a DICOM resource, the access to *all* the levels of the
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
186 hierarchy above this resource must be granted (logical conjunction
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
187 over the levels).
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
188 * ``validity`` tells the authorization plugin for how many seconds the
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
189 result of the Web service must be cached. If set to ``0`` second,
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
190 the cache entry will never expire.
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
191
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
192 **Note:** The source code of the plugin contains a `basic example
449
2922fb1bd65e fix links
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 361
diff changeset
193 <https://hg.orthanc-server.com/orthanc-authorization/file/default/Resources/TestService.js>`__
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
194 of such a Web service written in node.js.
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
195
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
196
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
197 Authentication tokens
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
198 ^^^^^^^^^^^^^^^^^^^^^
96
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
199
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
200 It is obviously desirable to limit access to the resources depending
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
201 on the user that is logged in. Real-life Web framework such as Django
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
202 would send the identity of the authenticated user either as an HTTP
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
203 header, or as an additional argument for ``GET`` requests. The
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
204 authorization plugin allows to forward these authentication tokens to
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
205 the Web service.
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
206
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
207 To configure the authentication plugin to use some HTTP header, one
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
208 must provide the option ``TokenHttpHeaders`` the configuration file of
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
209 Orthanc as follows::
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
210
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
211 {
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
212 "Name" : "MyOrthanc",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
213 [...]
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
214 "Authorization" : {
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
215 "WebService" : "http://localhost:8000/",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
216 "TokenHttpHeaders" : [ "hello" ]
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
217 }
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
218 }
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
219
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
220 .. highlight:: text
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
221
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
222 In such a situation, if some HTTP client issues the following call::
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
223
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
224 # curl -H 'hello: world' http://localhost:8042/patients/6eeded74-75005003-c3ae9738-d4a06a4f-6beedeb8
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
225
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
226 .. highlight:: json
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
227
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
228 Here is the JSON body the Web service would receive::
96
750f7ab733c1 start documentation of authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
229
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
230 {
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
231 "dicom-uid" : "123ABC",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
232 "level" : "patient",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
233 "method" : "get",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
234 "orthanc-id" : "6eeded74-75005003-c3ae9738-d4a06a4f-6beedeb8",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
235 "token-key" : "hello",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
236 "token-value" : "world"
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
237 }
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
238
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
239 .. highlight:: text
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
240
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
241 Note how the key and the value of the authentication token stored as a
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
242 HTTP header are forwarded to the Web service.
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
243
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
244 The same mechanism can be used if the authentication token is provided
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
245 as some ``GET`` argument by setting the ``TokenGetArguments``
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
246 configuration option::
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
247
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
248 # curl http://localhost:8042/patients/6eeded74-75005003-c3ae9738-d4a06a4f-6beedeb8?hello=world
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
249 {
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
250 "dicom-uid" : "123ABC",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
251 "level" : "patient",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
252 "method" : "get",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
253 "orthanc-id" : "6eeded74-75005003-c3ae9738-d4a06a4f-6beedeb8",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
254 "token-key" : "hello",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
255 "token-value" : "world"
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
256 }
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
257
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
258 **Note 1:** It is allowed to provide a list of HTTP tokens or a list
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
259 of ``GET`` arguments in the configuration options. In this case, the
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
260 authorization plugin will loop over all the available authentication
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
261 tokens, until it finds one for which the access is granted (logical
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
262 disjunction over the authentication tokens).
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
263
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
264 **Note 2:** The cache entry that remembers whether some access was
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
265 granted in the past, depends on the value of the token.
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
266
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
267 **Note 3:** The support of authentication tokens provided as ``GET``
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
268 arguments requires a version of Orthanc that is above 1.2.1.
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
269
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
270
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
271 Full configuration
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
272 ------------------
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
273
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
274 .. highlight:: json
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
275
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
276 Here is the list of all the configuration options::
97
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 96
diff changeset
277
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
278 {
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
279 "Name" : "MyOrthanc",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
280 [...]
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
281 "Authorization" : {
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
282 "WebService" : "http://localhost:8000/",
878
2e3493d618ad auth 0.3.0
Alain Mazy <am@osimis.io>
parents: 851
diff changeset
283 "WebServiceUsername": "my-user", // new in v 0.3.0
2e3493d618ad auth 0.3.0
Alain Mazy <am@osimis.io>
parents: 851
diff changeset
284 "WebServicePassword": "my-password", // new in v 0.3.0
2e3493d618ad auth 0.3.0
Alain Mazy <am@osimis.io>
parents: 851
diff changeset
285 "WebServiceIdentifier": "my-id", // new in v 0.3.0
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
286 "TokenGetArguments" : [ "user" ],
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
287 "TokenHttpHeaders" : [ "hello" ],
893
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
288 "StandardConfigurations": [ // new in v 0.4.0
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
289 "osimis-web-viewer",
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
290 "stone-webviewer"
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
291 ],
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
292 "UncheckedResources" : [
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
293 "/series",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
294 "/instances",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
295 "/patients",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
296 "/studies",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
297 "/plugins/explorer.js",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
298 "/system"
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
299 ],
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
300 "UncheckedFolders" : [
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
301 "/app/",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
302 "/web-viewer/app/",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
303 "/web-viewer/libs/",
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
304 "/wsi/app/"
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
305 ],
893
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
306 "CheckedLevel" : "studies", // new in v 0.4.0
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
307 "UncheckedLevels" : [
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
308 "patients",
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
309 "series",
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
310 "instances"
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
311 ]
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
312 }
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
313 }
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
314
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
315 The following options have been described above: ``WebService``,
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
316 ``TokenGetArguments``, and ``TokenHttpHeaders``. Here are the
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
317 remaining options:
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
318
893
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
319 * ``StandardConfigurations`` is a helper configuration to pre-populate
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
320 ``UncheckedResources``, ``UncheckedFolders``, ``TokenGetArguments``,
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
321 and ``TokenHttpHeaders`` of well-known plugins.
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
322 Allowed values are ``osimis-web-viewer``, ``stone-webviewer``.
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
323
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
324 * ``CheckedLevel`` may replace ``UncheckedLevels`` when authorization
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
325 is checked only at one level of the DICOM hierarchy. This is the most
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
326 common use-case.
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
327
98
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
328 * ``UncheckedResources`` specifies a list of resources for which the
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
329 authentication plugin is not triggered, and to which access is
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
330 always granted.
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
331
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
332 * ``UncheckedFolders`` is similar to ``UncheckedResources`` for folders:
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
333 Access to all the URIs below the unchecked folders is always granted.
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
334
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
335 * ``UncheckedLevels`` allows to specify which levels of the
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
336 :ref:`DICOM hierarchy <model-world>` are ignored by the authorization
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
337 plugin. This can be used to reduce the number of calls to the Web
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
338 service. Think for instance about an authorization mechanism that
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
339 simply associates its studies to a set of granted users: In this case,
b56083f38695 authorization
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 97
diff changeset
340 the series and instance levels can be ignored.
274
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
341
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
342
893
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
343 Here is a minimal configuration for the :ref:`Stone Web viewer <stone_webviewer>`::
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
344
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
345 {
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
346 // disable basic authentication since it is replaced by the authorization plugin
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
347 "AuthenticationEnabled": false,
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
348
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
349 "Authorization" : {
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
350 "WebService" : "http://localhost:8000/shares/validate",
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
351 "StandardConfigurations": [
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
352 "stone-webviewer"
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
353 ],
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
354 "CheckedLevel" : "studies"
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
355 }
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
356 }
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
357
8b48d42665c4 auth 0.4.0
Alain Mazy <am@osimis.io>
parents: 878
diff changeset
358
274
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
359 .. _orthanc-explorer-authorization:
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
360
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
361 Integration with the Orthanc Explorer
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
362 -------------------------------------
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
363
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
364 Starting from Orthanc 1.5.8, you can pass authorization tokens in the url
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
365 search params when opening the Orthanc explorer i.e.
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
366 http://localhost:8042/app/explorer.html?token=1234. This token will be
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
367 included as an HTTP header in every request sent to the Orthanc Rest API.
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
368 It will also be included in the url search params when opening the Orthanc
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
369 or Osimis viewer.
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
370
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
371 Only 3 tokens name will be recognized and forwarded: ``token``, ``auth-token``
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
372 and ``authorization``.
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
373
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
374 Please note that the Orthanc Explorer has not been designed to handle
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
375 the authorization so, when an authorization is not granted, it will simply
c310a795c133 auth-token in search params
amazy
parents: 98
diff changeset
376 display an empty page or an error message.