- cors configuration via hapi properties based on change request 6858c0d799 (r266027967)

- reverted mysql as default and used derby based on change request 6858c0d799 (r266028296) and updated readme to include specifics on configuring mysql
- defaulted to jetty configs on hapi.properties so that this starter app will outright work without changing any configs with mvn jetty:run
- updated subscription configs as it doesn't match already active subscription on subsequent runs using mysql as db
- updated project based path resolution and removed unused file .keep_hapi-fhir-jpaserver-starter

src/main/java/ca/uhn/fhir/jpa/starter/HapiProperties.java

@@ -41,6 +41,8 @@ public class HapiProperties {
     static final String SUBSCRIPTION_WEBSOCKET_ENABLED = "subscription.websocket.enabled";
     static final String TEST_PORT = "test.port";
     static final String TESTER_CONFIG_REFUSE_TO_FETCH_THIRD_PARTY_URLS = "tester.config.refuse_to_fetch_third_party_urls";
+    static final String CORS_ENABLED = "cors.enabled";
+    static final String CORS_ALLOWED_ORIGIN = "cors.allowed_origin";
 
     private static Properties properties;
 
@@ -255,6 +257,14 @@ public class HapiProperties {
         return HapiProperties.getBooleanProperty(TESTER_CONFIG_REFUSE_TO_FETCH_THIRD_PARTY_URLS, false);
     }
 
+    public static Boolean getCorsEnabled() {
+        return HapiProperties.getBooleanProperty(CORS_ENABLED, true);
+    }
+
+    public static String getCorsAllowedOrigin() {
+        return HapiProperties.getProperty(CORS_ALLOWED_ORIGIN, "*");
+    }
+
     public static String getServerBase() {
         return HapiProperties.getProperty(SERVER_BASE, "/fhir");
     }

src/main/java/ca/uhn/fhir/jpa/starter/JpaRestfulServer.java

@@ -5,7 +5,6 @@ import ca.uhn.fhir.context.FhirVersionEnum;
 import ca.uhn.fhir.jpa.dao.DaoConfig;
 import ca.uhn.fhir.jpa.dao.IFhirSystemDao;
 import ca.uhn.fhir.jpa.model.interceptor.executor.InterceptorService;
-import ca.uhn.fhir.jpa.model.interceptor.api.IInterceptorRegistry;
 import ca.uhn.fhir.jpa.provider.JpaConformanceProviderDstu2;
 import ca.uhn.fhir.jpa.provider.JpaSystemProviderDstu2;
 import ca.uhn.fhir.jpa.provider.SubscriptionTriggeringProvider;
@@ -18,8 +17,6 @@ import ca.uhn.fhir.jpa.provider.r4.TerminologyUploaderProviderR4;
 import ca.uhn.fhir.jpa.search.DatabaseBackedPagingProvider;
 import ca.uhn.fhir.jpa.subscription.SubscriptionInterceptorLoader;
 import ca.uhn.fhir.jpa.subscription.module.interceptor.SubscriptionDebugLogInterceptor;
-import ca.uhn.fhir.jpa.subscription.SubscriptionActivatingInterceptor;
-import ca.uhn.fhir.jpa.subscription.SubscriptionMatcherInterceptor;
 import ca.uhn.fhir.model.dstu2.composite.MetaDt;
 import ca.uhn.fhir.narrative.DefaultThymeleafNarrativeGenerator;
 import ca.uhn.fhir.rest.server.HardcodedServerAddressStrategy;
@@ -175,29 +172,30 @@ public class JpaRestfulServer extends RestfulServer {
         // Define your CORS configuration. This is an example
         // showing a typical setup. You should customize this
         // to your specific needs
-        CorsConfiguration config = new CorsConfiguration();
-        config.addAllowedHeader("x-fhir-starter");
-        config.addAllowedHeader("Origin");
-        config.addAllowedHeader("Accept");
-        config.addAllowedHeader("X-Requested-With");
-        config.addAllowedHeader("Content-Type");
+        if(HapiProperties.getCorsEnabled()) {
+            CorsConfiguration config = new CorsConfiguration();
+            config.addAllowedHeader("x-fhir-starter");
+            config.addAllowedHeader("Origin");
+            config.addAllowedHeader("Accept");
+            config.addAllowedHeader("X-Requested-With");
+            config.addAllowedHeader("Content-Type");
 
-        config.addAllowedOrigin("*");
+            config.addAllowedOrigin(HapiProperties.getCorsAllowedOrigin());
 
-        config.addExposedHeader("Location");
-        config.addExposedHeader("Content-Location");
-        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
+            config.addExposedHeader("Location");
+            config.addExposedHeader("Content-Location");
+            config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
 
-        // Create the interceptor and register it
-        CorsInterceptor interceptor = new CorsInterceptor(config);
-        registerInterceptor(interceptor);
+            // Create the interceptor and register it
+            CorsInterceptor interceptor = new CorsInterceptor(config);
+            registerInterceptor(interceptor);
+        }
 
         // If subscriptions are enabled, we want to register the interceptor that
         // will activate them and match results against them
         if (HapiProperties.getSubscriptionWebsocketEnabled() ||
                 HapiProperties.getSubscriptionEmailEnabled() ||
                 HapiProperties.getSubscriptionRestHookEnabled()) {
-
             // Loads subscription interceptors (SubscriptionActivatingInterceptor, SubscriptionMatcherInterceptor)
             // with activation of scheduled subscription
             SubscriptionInterceptorLoader subscriptionInterceptorLoader = appCtx.getBean(SubscriptionInterceptorLoader.class);
@@ -206,7 +204,6 @@ public class JpaRestfulServer extends RestfulServer {
             // Subscription debug logging
             InterceptorService interceptorService = (InterceptorService) appCtx.getBean("interceptorService");
             interceptorService.registerInterceptor(new SubscriptionDebugLogInterceptor());
-
         }
 
     }