AJ Consent Manager Quick Start

Option A — Drop-in HAPI interceptor (no separate service)

Add the JAR to your HAPI FHIR classpath and configure two properties:

pom.xml
<dependency>
  <groupId>com.akhester</groupId>
  <artifactId>aj-consent-interceptor</artifactId>
  <version>1.0.0</version>
</dependency>

application.yaml
aj:
  consent:
    enabled: true
    fail-closed: true
    consent-manager-url: http://aj-consent:8082

The ConsentEnforcementInterceptor registers itself automatically via Spring auto-configuration. No code changes needed.

Option B — Standalone service with patient portal

docker run -d \
  --name aj-consent \
  -p 8082:8082 \
  -e HAPI_FHIR_URL=http://hapi:8080/fhir \
  ghcr.io/akhester-technologies/aj-consent:1.0.0

Patient portal: http://localhost:8082/portal

POST /fhir/Consent HTTP/1.1
Host: localhost:8082
Content-Type: application/fhir+json

{
  "resourceType": "Consent",
  "status": "active",
  "patient": {"reference": "Patient/GOLDEN-00441"},
  "provision": {
    "type": "permit",
    "actor": [{"reference": {"reference": "Organization/chain-all"}}],
    "class": [{"code": "Patient"}, {"code": "Encounter"}, {"code": "Observation"}],
    "purpose": [{"code": "TREAT"}]
  }
}

Test deny-by-default

# Without a Consent resource, this returns 403:
curl http://localhost:8080/fhir/Patient/GOLDEN-00999 \
  -H "Authorization: Bearer {token}"
# HTTP 403 Forbidden
# {"issue": [{"severity": "error", "code": "forbidden",
#   "diagnostics": "Consent denied — no active Consent resource for this patient-actor combination"}]}

Option A — Drop-in HAPI interceptor (no separate service)​

Option B — Standalone service with patient portal​

Seed a consent policy​

Test deny-by-default​

Option A — Drop-in HAPI interceptor (no separate service)

Option B — Standalone service with patient portal

Seed a consent policy

Test deny-by-default