Hi Arpit!
> I'm trying to access the FHIR web services through Java program but for
> each url I get the login page as response. How do I bypass this? Shall I
> simply send username and password through POST method at */auth/login *(but
> in what format) and will it work for each request after that?
Yes, POST the info, get the cookie, then you can acces the resources.
In curl:
# With CSRF protection disabled, directly authenticate
$ curl -c cookie.jar -X POST -d 'username=admin' -d 'password=gnusolidario' \
health.gnusolidario.org:5000/auth/login
# Now, resources are available
$ curl -b cookie.jar health.gnusolidario.org:5000/Patient
With CSRF protection enabled in the config , it's a bit more annoying,
but still possible
# Retrieve login form
$ curl fhir.example.com/<login_url>
# Now, have to look for the CSRF token in the login form
# Then, authenticate with token
$ curl -c cookie.jar -X POST -d 'username=example' -d 'password=example' \
-d 'csrf_token=<token>' fhir.example.com/<login_url>
Then similar access as before.
Not familiar with Java, but there is probably a similar workflow as
curl.
Hope that helps.
-C
