Upgrade Secured - dcm4che/dcm4chee-arc-light GitHub Wiki

Upgrade Secure DCM4CHEE Archive light

Upgrade Database and LDAP. In addition to upgrading Wildfly below upgrade also needs to be done for secured archive.

Content

NOTE : If upgrading from any older versions to 5.16.1 (or newer versions), complete new setup of Wildfly is required. QueryDSL JBoss module is no longer supported.

Update LDAP Data

  • In v5.19.1, following configurations for Invoke Image Display URLs have changed. Invoke Image Display URLs : The LDAP attribute which referenced the Invoke Image Display Patient URL (dcmInvokeImageDisplayPatientURL) and Invoke Image Display Study URL (dcmInvokeImageDisplayStudyURL) used either on Archive Device or Archive Network AE level have been now removed and no longer supported. This has been now moved on Web Application level, where it can be set using Property (dcmProperty) in the format <name>=<value>.

    Replace any existing configuration

    Name (LDAP Attribute) Configured on Level Value (example)
    Invoke Image Display Patient URL (dcmInvokeImageDisplayPatientURL) Archive Device or Archive Network AE http(s)://:/IHEInvokeImageDisplay?requestType=PATIENT&patientID={}&access_token={}
    Invoke Image Display Study URL (dcmInvokeImageDisplayStudyURL) Archive Device or Archive Network AE http(s)://:/IHEInvokeImageDisplay?requestType=STUDY&studyUID={}&access_token={}

    By Either (For only UI secured)

    Name (LDAP Attribute) Configure on Level Value (example)
    Property (dcmProperty) Web Application IID_PATIENT_URL=weasis://$dicom:rs --url "{{qidoBaseURL}}{{qidoBasePath}}" -r "patientID={{patientID}}" --query-ext "&includedefaults=false"
    Property (dcmProperty) Web Application IID_STUDY_URL=weasis://$dicom:rs --url "{{qidoBaseURL}}{{qidoBasePath}}" -r "studyUID={{studyUID}}" --query-ext "&includedefaults=false"
    Property (dcmProperty) Web Application IID_URL_TARGET=_self

    Or (For both UI & RESTful secured)

    Name (LDAP Attribute) Configure on Level Value (example)
    Property (dcmProperty) Web Application IID_PATIENT_URL=weasis://$dicom:rs --url "{{qidoBaseURL}}{{qidoBasePath}}" -r "patientID={{patientID}}" --query-ext "&includedefaults=false" -H "Authorization: Bearer {{access_token}}
    Property (dcmProperty) Web Application IID_STUDY_URL=weasis://$dicom:rs --url "{{qidoBaseURL}}{{qidoBasePath}}" -r "studyUID={{studyUID}}" --query-ext "&includedefaults=false" -H "Authorization: Bearer {{access_token}}"
    Property (dcmProperty) Web Application IID_URL_TARGET=_self

Wildfly Configuration

  • Start WildFly in standalone mode with the correct configuration file:
    > $WILDFLY_HOME/bin/standalone.sh -c dcm4chee-arc.xml [UNIX]
    > %WILDFLY_HOME%\bin\standalone.bat -c dcm4chee-arc.xml [Windows]
    
  • Depending on whether you have Secured UI and Unsecured RESTful services or you have Secured UI and Secured RESTful services, follow either one of them to upgrade your installation.
  • Restart archive and access new secured archive.

Secured UI and Unsecured RESTful services

  • Undeploy old secure-ui archive and remove the old version secure-deployment from Keycloak Server subsystem using JBoss CLI.
    • Upto version 5.23.2
      > $WILDFLY_HOME/bin/jboss-cli.sh -c [UNIX]
      > %WILDFLY_HOME%\bin\jboss-cli.bat -c [Windows]
      [standalone@localhost:9990 /] undeploy dcm4chee-arc-ear-5.x.x-psql-secure-ui.ear
      [standalone@localhost:9990 /] /subsystem=keycloak/secure-deployment=dcm4chee-arc-ui2-5.x.x-secure.war:remove()
      
    • Version 5.23.3 onwards (Archive Backend and UI are separated)
      > $WILDFLY_HOME/bin/jboss-cli.sh -c [UNIX]
      > %WILDFLY_HOME%\bin\jboss-cli.bat -c [Windows]
      [standalone@localhost:9990 /] undeploy dcm4chee-arc-ear-5.x.x-psql.ear
      [standalone@localhost:9990 /] undeploy dcm4chee-arc-ui2-5.x.x-secure.war
      [standalone@localhost:9990 /] /subsystem=keycloak/secure-deployment=dcm4chee-arc-ui2-5.x.x-secure.war:remove()
      
    Note here that 5.x.x should be replaced with the old archive version that was deployed.
  • Restart the archive and deploy the new secure-ui archive. Also add new version secure-deployment from Keycloak Server subsystem using JBoss CLI.
    • Upto version 5.23.2
      > $WILDFLY_HOME/bin/jboss-cli.sh -c [UNIX]
      > %WILDFLY_HOME%\bin\jboss-cli.bat -c [Windows]
      [standalone@localhost:9990 /] deploy $DCM4CHEE_ARC/deploy/dcm4chee-arc-ear-5.x.x-psql-secure-ui.ear
      [standalone@localhost:9990 /] /subsystem=keycloak/secure-deployment=dcm4chee-arc-ui2-5.x.x-secure.war/:add(realm=dcm4che,resource=dcm4chee-arc-ui,auth-server-url=http://<host>:8880/auth,ssl-required=external,public-client=true)
      
    • Version 5.23.3 onwards (Archive Backend and UI are separated)
      > $WILDFLY_HOME/bin/jboss-cli.sh -c [UNIX]
      > %WILDFLY_HOME%\bin\jboss-cli.bat -c [Windows]
      [standalone@localhost:9990 /] deploy $DCM4CHEE_ARC/deploy/dcm4chee-arc-ear-5.x.x-psql.ear
      [standalone@localhost:9990 /] deploy $DCM4CHEE_ARC/deploy/dcm4chee-arc-ui2-5.x.x-secure.war
      [standalone@localhost:9990 /] /subsystem=keycloak/secure-deployment=dcm4chee-arc-ui2-5.x.x-secure.war/:add(realm=dcm4che,resource=dcm4chee-arc-ui,auth-server-url=http://<host>:8880/auth,ssl-required=external,public-client=true)
      
    Note here that 5.x.x should be replaced with the new archive version that needs to be deployed. Also replace <host> with the hostname where your Keycloak Standalone Server is running. Note that port 8880 should be changed if you used a different port while configuring Keycloak Standalone Server, (see third point).

Secured UI and Secured RESTful services

  • Undeploy old secure archive and remove the old version secure-deployment from Keycloak Server subsystem using JBoss CLI.
    • Upto version 5.23.2
      > $WILDFLY_HOME/bin/jboss-cli.sh -c [UNIX]
      > %WILDFLY_HOME%\bin\jboss-cli.bat -c [Windows]
      [standalone@localhost:9990 /] undeploy dcm4chee-arc-ear-5.x.x-psql-secure.ear
      [standalone@localhost:9990 /] /subsystem=keycloak/secure-deployment=dcm4chee-arc-ui2-5.x.x-secure.war:remove()
      [standalone@localhost:9990 /] /subsystem=keycloak/secure-deployment=dcm4chee-arc-war-5.x.x-secure.war:remove()
      
    • Version 5.23.3 onwards (Archive Backend and UI are separated)
      > $WILDFLY_HOME/bin/jboss-cli.sh -c [UNIX]
      > %WILDFLY_HOME%\bin\jboss-cli.bat -c [Windows]
      [standalone@localhost:9990 /] undeploy dcm4chee-arc-ear-5.x.x-psql-secure.ear
      [standalone@localhost:9990 /] undeploy dcm4chee-arc-ui2-5.x.x-secure.war
      [standalone@localhost:9990 /] /subsystem=keycloak/secure-deployment=dcm4chee-arc-ui2-5.x.x-secure.war:remove()
      [standalone@localhost:9990 /] /subsystem=keycloak/secure-deployment=dcm4chee-arc-war-5.x.x-secure.war:remove()
      
    Note here that 5.x.x should be replaced with the old archive version that was deployed.
  • Restart the archive and deploy new secure archive. Also add new version secure-deployment from Keycloak Server subsystem using JBoss CLI.
    • Upto version 5.23.2
      > $WILDFLY_HOME/bin/jboss-cli.sh -c [UNIX]
      > %WILDFLY_HOME%\bin\jboss-cli.bat -c [Windows]
      [standalone@localhost:9990 /] deploy $DCM4CHEE_ARC/deploy/dcm4chee-arc-ear-5.x.x-psql-secure.ear
      [standalone@localhost:9990 /] /subsystem=keycloak/secure-deployment=dcm4chee-arc-ui2-5.x.x-secure.war/:add(realm=dcm4che,resource=dcm4chee-arc-ui,auth-server-url=http://<host>:8880/auth,ssl-required=external,public-client=true)
      [standalone@localhost:9990 /] /subsystem=keycloak/secure-deployment=dcm4chee-arc-war-5.x.x-secure.war/:add(realm=dcm4che,resource=dcm4chee-arc-rs,auth-server-url=http://<host>:8880/auth,ssl-required=external,bearer-only=true)
      
    • Version 5.23.3 onwards (Archive Backend and UI are separated)
      > $WILDFLY_HOME/bin/jboss-cli.sh -c [UNIX]
      > %WILDFLY_HOME%\bin\jboss-cli.bat -c [Windows]
      [standalone@localhost:9990 /] deploy $DCM4CHEE_ARC/deploy/dcm4chee-arc-ear-5.x.x-psql-secure.ear
      [standalone@localhost:9990 /] deploy $DCM4CHEE_ARC/deploy/dcm4chee-arc-ui2-5.x.x-secure.war
      [standalone@localhost:9990 /] /subsystem=keycloak/secure-deployment=dcm4chee-arc-ui2-5.x.x-secure.war/:add(realm=dcm4che,resource=dcm4chee-arc-ui,auth-server-url=http://<host>:8880/auth,ssl-required=external,public-client=true)
      [standalone@localhost:9990 /] /subsystem=keycloak/secure-deployment=dcm4chee-arc-war-5.x.x-secure.war/:add(realm=dcm4che,resource=dcm4chee-arc-rs,auth-server-url=http://<host>:8880/auth,ssl-required=external,bearer-only=true)
      
    Note here that 5.x.x should be replaced with the new archive version that needs to be deployed. Also replace <host> with the hostname where your Keycloak Standalone Server is running. Note that port 8880 should be changed if you used a different port while configuring Keycloak Standalone Server, (see third point).
⚠️ **GitHub.com Fallback** ⚠️