Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POST requests without an ID cause a NPE with fhir-smart enabled #3576

Closed
SibrenTalens opened this issue Apr 14, 2022 · 1 comment
Closed

POST requests without an ID cause a NPE with fhir-smart enabled #3576

SibrenTalens opened this issue Apr 14, 2022 · 1 comment
Assignees
@lmsurpre
Labels
bug Something isn't working P1 Priority 1 - Must Have

Comments

@SibrenTalens
Copy link

Describe the bug

A POST request for a new resource (as tested, Observation) without an id causes a NullPointerException because of this Objects.requireNonNull check in fhir-smart. When an id is present, it is ignored in accordance to the specifications and the resource is created as usual with a server generated ID.

Environment
4.11.0, using the Docker image docker.io/ibmcom/ibm-fhir-server with fhir-smart enabled.

To Reproduce
Perform a create by sending a POST request with a new resource to an endpoint without an id present in the request body. This will cause a NullPointerException and a 500 Internal Server Error response without the resource being created.

Expected behavior
A 201 Created response for POST requests without an id key present, and the resource being created with an ID generated by the server.

Additional context
Request headers:

POST /fhir-server/api/v4/Observation HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Authorization: Bearer <redacted>
Connection: keep-alive
Content-Length: 458
Content-Type: application/json
Host: localhost:9080
Origin: http://localhost:3000
Prefer: return=representation
Referer: http://localhost:3000/

Request JSON:

{
  "resourceType":"Observation",
  "status":"final",
  "effectiveDateTime":"2022-04-14T12:38:18+02:00",
  "subject":{
    "reference":"Patient/001467ad114848ad824fc6878ef9b267"
  },
  "code":{
    "coding":[
      {
        "code":"29463-7",
        "system":"http://loinc.org"
      }
    ]
  },
  "category":[
    {
      "coding":[
        {
          "code":"vital-signs",
          "display":"Vital Signs",
          "system":"http://hl7.org/fhir/observation-category"
        }
      ]
    }
  ],
  "note":[
    
  ],
  "valueQuantity":{
    "unit":"kg",
    "system":"http://unitsofmeasure.org",
    "value":123
  },
  "component":[
    
  ]
}

Logs:

[4/14/22, 10:38:23:398 UTC] 00000046 FHIRRestServl I   Received request: tenantId:[default] dsId:[default] user:[<user>] method:[POST] uri:[http://localhost:9080/fhir-server/api/v4/Observation]
[4/14/22, 10:38:23:416 UTC] 00000046 CacheTransact I   Transaction failed - afterCompletion(status = STATUS_ROLLEDBACK)
[4/14/22, 10:38:23:416 UTC] 00000046 FHIRResource  E   An unexpected exception occurred while processing the request
                                 java.lang.NullPointerException: resourceId
 at java.base/java.util.Objects.requireNonNull(Objects.java:246)
 at com.ibm.fhir.smart.AuthzPolicyEnforcementPersistenceInterceptor.isAllowed(AuthzPolicyEnforcementPersistenceInterceptor.java:823)
 at com.ibm.fhir.smart.AuthzPolicyEnforcementPersistenceInterceptor.enforce(AuthzPolicyEnforcementPersistenceInterceptor.java:798)
 at com.ibm.fhir.smart.AuthzPolicyEnforcementPersistenceInterceptor.enforce(AuthzPolicyEnforcementPersistenceInterceptor.java:782)
 at com.ibm.fhir.smart.AuthzPolicyEnforcementPersistenceInterceptor.beforeCreate(AuthzPolicyEnforcementPersistenceInterceptor.java:490)
 at com.ibm.fhir.server.interceptor.FHIRPersistenceInterceptorMgr.fireBeforeCreateEvent(FHIRPersistenceInterceptorMgr.java:79)
 at com.ibm.fhir.server.util.FHIRRestHelper.doCreateMeta(FHIRRestHelper.java:325)
 at com.ibm.fhir.server.util.FHIRRestHelper.doCreate(FHIRRestHelper.java:217)
 at com.ibm.fhir.server.spi.operation.FHIRResourceHelpers.doCreate(FHIRResourceHelpers.java:114)
 at com.ibm.fhir.server.resources.Create.create(Create.java:76)
 at com.ibm.fhir.server.resources.Create$Proxy$_$$_WeldClientProxy.create(Unknown Source)
 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.base/java.lang.reflect.Method.invoke(Method.java:566)
 at com.ibm.ws.jaxrs20.cdi.component.JaxRsFactoryImplicitBeanCDICustomizer.serviceInvoke(JaxRsFactoryImplicitBeanCDICustomizer.java:350)
 at com.ibm.ws.jaxrs20.server.LibertyJaxRsServerFactoryBean.performInvocation(LibertyJaxRsServerFactoryBean.java:641)
 at com.ibm.ws.jaxrs20.server.LibertyJaxRsInvoker.performInvocation(LibertyJaxRsInvoker.java:160)
 at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:101)
 at com.ibm.ws.jaxrs20.server.LibertyJaxRsInvoker.invoke(LibertyJaxRsInvoker.java:273)
 at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:213)
 at com.ibm.ws.jaxrs20.server.LibertyJaxRsInvoker.invoke(LibertyJaxRsInvoker.java:444)
 at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:112)
 at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
 at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
 at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
 at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:123)
 at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:277)
 at com.ibm.ws.jaxrs20.endpoint.AbstractJaxRsWebEndpoint.invoke(AbstractJaxRsWebEndpoint.java:137)
 at com.ibm.websphere.jaxrs.server.IBMRestServlet.handleRequest(IBMRestServlet.java:146)
 at com.ibm.websphere.jaxrs.server.IBMRestServlet.doPost(IBMRestServlet.java:104)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:706)
 at com.ibm.websphere.jaxrs.server.IBMRestServlet.service(IBMRestServlet.java:96)
 at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1258)
 at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:746)
 at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:443)
 at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:193)
 at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:98)
 at com.ibm.fhir.server.filter.rest.FHIRRestServletFilter.doFilter(FHIRRestServletFilter.java:152)
 at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:127)
 at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
 at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
 at com.ibm.ws.security.jaspi.JaspiServletFilter.doFilter(JaspiServletFilter.java:56)
 at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:201)
 at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
 at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:1002)
 at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1140)
 at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1011)
 at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:75)
 at com.ibm.ws.webcontainer40.servlet.CacheServletWrapper40.handleRequest(CacheServletWrapper40.java:85)
 at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:938)
 at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:281)
 at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:1184)
 at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.wrapHandlerAndExecute(HttpDispatcherLink.java:453)
 at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.ready(HttpDispatcherLink.java:412)
 at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:566)
 at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleNewRequest(HttpInboundLink.java:500)
 at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.processRequest(HttpInboundLink.java:360)
 at com.ibm.ws.http.channel.internal.inbound.HttpICLReadCallback.complete(HttpICLReadCallback.java:70)
 at com.ibm.ws.tcpchannel.internal.WorkQueueManager.requestComplete(WorkQueueManager.java:514)
 at com.ibm.ws.tcpchannel.internal.WorkQueueManager.attemptIO(WorkQueueManager.java:584)
 at com.ibm.ws.tcpchannel.internal.WorkQueueManager.workerRun(WorkQueueManager.java:968)
 at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1057)
 at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:245)
 at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
 at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
 at java.base/java.lang.Thread.run(Thread.java:866)

[4/14/22, 10:38:23:431 UTC] 00000046 FHIRRestServl I   Completed request[0.033278206 secs]: tenantId:[default] dsId:[default] user:[<user>] method:[POST] uri:[http://localhost:9080/fhir-server/api/v4/Observation] status:[500]
@SibrenTalens SibrenTalens added the bug Something isn't working label Apr 14, 2022
@lmsurpre lmsurpre added the P1 Priority 1 - Must Have label Apr 19, 2022
@lmsurpre lmsurpre self-assigned this Apr 19, 2022
lmsurpre added a commit that referenced this issue Apr 19, 2022
@lmsurpre
issue #3576 - remove unnecessary check for null ids
9bf079c 
Now that our persistence layer requires resources to have proper
metadata prior to calling create/update/delete, I thought that resources
will always have an id before we call the persistence interceptors.

However, it turns out that we call the beforeCreate from the REST layer
BEFORE setting this metadata on the resource.
After a brief discussion, we decided to leave that as-is and update the
interceptor to allow a null id.

Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre added a commit that referenced this issue Apr 20, 2022
@lmsurpre
Merge pull request #3580 from IBM/issue-3576
b508492 
issue #3576 - remove unnecessary guard against null resourceId
lmsurpre added a commit that referenced this issue Apr 20, 2022
@lmsurpre
issue #3576 - remove Resource.id passed via POST
ab01a9c 
prior to calling doCreate on the interceptors

Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre added a commit that referenced this issue Apr 21, 2022
@lmsurpre
Merge pull request #3586 from IBM/issue-3576
f6d8962 
issue #3576 - remove Resource.id passed via POST
@d0roppe
Copy link
Collaborator

d0roppe commented Apr 22, 2022

verified that this now does not give a NPE and allows you to create a Patient compartment reource that is linked to the patient you have access too.

@d0roppe d0roppe closed this as completed Apr 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lmsurpre lmsurpre

Labels
bug Something isn't working P1 Priority 1 - Must Have
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lmsurpre @SibrenTalens @d0roppe