FHIR Chat · Interceptor calling order changed in Hapi 3.8.0 · hapi

Stream: hapi

Topic: Interceptor calling order changed in Hapi 3.8.0

view this post on Zulip Matti Uusitalo (Jun 27 2019 at 07:09):

@James Agnew It appears that the Interceptor lifecycle has changed.
http://hapifhir.io/doc_rest_server_interceptor.html#_toc_registering_interceptors
"Note that order is important: The server will invoke incomingRequestPreProcessed and incomingRequestPostProcessed in the same order that they are registered to the server. The server will invoke outgoingResponse in the reverse order to the order in which the interceptors were registered. This means that interceptors can be thought of as "wrapping" the request. "

We register a UsageLoggingInterceptor, then AuthorizationInterceptor, then ProfileInterceptor. After upgrading to Hapi 3.8.0 we noticed that we started getting duplicate Usage log records from search operations where the client is not authorized to access a Patient's data. It seems that Hapi calls UsageLoggingInterceptor's outgoingResponse method first, then AuthorizationInterceptor. AuthorizationInterceptor then throws an Exception and PHR loops through the handleException methods.

I know there's a new Hook mechanism but isn't the ordering of the Hook & Pointcut basically same as with the earlier IServerInterceptor interface?

view this post on Zulip Matti Uusitalo (Jun 27 2019 at 07:28):

Could we perhaps mitigate it by implementing Hook to Pointcut.STORAGE_PREACCESS_RESOURCE in our AuthorizationInterceptor?

view this post on Zulip Matti Uusitalo (Jun 27 2019 at 09:39):

Could we perhaps mitigate it by implementing Hook to Pointcut.STORAGE_PREACCESS_RESOURCE in our AuthorizationInterceptor?

We could. What we did was we overrode AuthorizationInterceptor's outgoingResponse implementation with a no-op version and implemented a new method with Hook(Pointcut.STORAGE_PREACCESS_RESOURCE) which calls the super.outgoingResponse implementation.

I still consider this a workaround and we would prefer if the earlier ordering of interceptor calls were used.

view this post on Zulip James Agnew (Jun 27 2019 at 19:17):

Hmm, I'd consider this a bug in the new framework.

Ultimately, we are no longer relying on the order of registration, since that has always seemed brittle. In the new world, the @Hook and @Interceptor annotations have an optional attribute called order() that can be used to specify the order that an interceptor or any of its individual hooks should be executed in.

Looks like we haven't yet specified an order for AuthorizationInterceptor though. Will investigate.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -