Personal tools
You are here: Home / MyOSCAR PHR / Developers / Installing MyOscar2 / MyOscar2 on Java 7 Install

MyOscar2 on Java 7 Install

Installation instructions for MyOscar on Java 7 when running Oscar 12_1

Preface

These instructions are adequate for a local instance of MyOscar2 for development work. 
You are advised to review the notes on a 2014 installation of MyOSCAR attached in docx format.

Document Version History

  • v1.0 – initial public release on oscarmanual.org – April 14, 2013
  • v1.1 – cleanup  – April 18, 2013
  • v1.2 – minor revisions - Oct 3, 2013
  • v1.3 – minor revisions - April 2, 2014
This document is based on advice from Ted Leung
copyright by Peter Hutten-Czapski 2011-2013 © under the Creative Commons Attribution-Share Alike 3.0 Unported License

Contents

  1. Preface
    1. Document Version History
  2. Prerequisites
  3. Overview
  4. War File Installation
  5. MyOscar Server
  6. MyOscar Client
  7. Oscar Configuration
  8. Security Considerations

Prerequisites

It is assumed that
  1. You already have Oscar 12_1 installed on Ubuntu according to instructions on Tomcat 6
  2. You have configured Tomcat to provide Https connections.
  3. You have MySQL installed.
  4. You have a moderate level of Linux knowledge.
Note: These instructions assume that you will be adding the MyOscar servers on another Ubuntu machine.  MyOscar was designed to operate as a stand-alone server.

Overview:

Configuring and installing the MyOscar2 system involves four servers.  One Oscar server and three MyOscar servers.

  1. The original Oscar itself.  These instructions are for Oscar12_1.
  2. MyOscar_server. This server will respond to either Oscar or MyOscar_client through an XML protocol
  3. MyOscar_client server.  This is the web GUI for administrative and patient access to the MyOscar system
  4. Oscar Clinic Component server.  This is the server that administers appointment setting, and is normally accessed through the MyOscar client

Java 7 Installation

Technically any Java7 will do, however development is done on Oracle Java 7.

Download from Oracle the 32bit or 64bit Linux "compressed binary file" - it has a ".tar.gz" file extension i.e. "[java-version]-i586.tar.gz" for 32bit and "[java-version]-x64.tar.gz" for 64bit.  NOTE the following uses the file pattern for Java Oracle update 17.  Yours will be newer and have slightly different naming which should be reflected in the commands you use.

Uncompress it
tar -xvf jdk-7u17-linux-i586.tar.gz
(32bit)

tar -xvf jdk-7u17-linux-x64.tar.gz (64bit)

The JDK 7 package is thus extracted into ./jdk1.7.0_17 directory (again yours will be newer and have a slightly different directory). -Now move the JDK 7 directory to /usr/lib

sudo mv ./jdk1.7.0_17 /usr/lib/jvm/java-7-oracle

Use the debian alternatives tool to register this java with the java  master group link

sudo update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/java-7-oracle/bin/java" 1
sudo update-alternatives --install "/usr/bin/javac" "javac" "/usr/lib/jvm/java-7-oracle/bin/javac" 1

Now get a choice of slave linked java's to activate

sudo update-alternatives --config java

This will give you options of java for your system, in this example you would pick 3 for Oracle Java 7

There are 3 choices for the alternative java (providing /usr/bin/java).

Selection Path Priority Status
————————————————————
* 0 /usr/lib/jvm/java-6-openjdk/jre/bin/java 1061 auto mode
1 /usr/lib/jvm/java-6-openjdk/jre/bin/java 1061 manual mode
2 /usr/lib/jvm/java-6-sun/jre/bin/java 63 manual mode
3 /usr/lib/jvm/java-7-oracle/jre/bin/java 3 manual mode

Press enter to keep the current choice[*], or type selection number: 3
update-alternatives: using /usr/lib/jvm/java-7-oracle/jre/bin/java to provide /usr/bin/java (java) in manual mode.

Check the version of your new JDK 7 installation to confirm you have the version you want:

$sudo java -version
java version “1.7.0”
Java(TM) SE Runtime Environment (build 1.7.0_17-b10)
Java HotSpot(TM) Client VM (build 23.3-b01, mixed mode) 

Repeat for the java compiler

sudo update-alternatives --config javac

 Tomcat 7 Installation 

Preferred Option: Standalone MyOscar

The following instructions will install Tomcat 7 to your new stand alone Ubuntu 12_04 LTS MyOscar installation

sudo apt-get update
sudo apt-get install tomcat7

Now stop the tomcat7 service

sudo service tomcat7 stop
Stopping Tomcat servlet engine tomcat7 [ OK ]

Run the following command in your console to edit JAVA_HOME in the default tomcat7 start-up configuration file:

sudo nano /etc/default/tomcat7

Change the JAVA_HOME option to the following:

JAVA_HOME=/usr/lib/jvm/java-7-oracle

Save the file and you are done. Tomcat will now start using the Oracle JDK instead of OpenJDK when you start the tomcat7 service

sudo service tomcat7 start

Check to ensure that Tomcat is running and you are running on the Oracle JDK

/usr/share/tomcat7/bin/version.sh

Now change to a directory and then skip to the instructions that follow for setting up SSL work

cd /var/lib

Option B: MyOscar Colocated on Oscar Server

You cannot use apt-get to install Tomcat 7 on a machine where you have Tomcat 6 installed, it will fail.  And yet Tomcat 6 is necessary to run Oscar12_1.  Thus a manual installation is required. 

You should install Tomcat 7 as the user who will run MyOscar...

so as root change to a directory where you will install Tomcat . Then get the latest Tomcat 7 binary from Apache.  The version number below may have been superseded by the time you are reading this, so you may want to browse http://tomcat.apache.org/download-70.cgi for the best mirror and the number of the latest version .  Then decompress the tarball

cd /var/lib
sudo wget http://apache.mirror.rafal.ca/tomcat/tomcat-7/v7.0.39/bin/apache-tomcat-7.0.39.tar.gz
sudo tar xvzf apache-tomcat-7.0.39.tar.gz
For convenience (and so that these instructions remain current) assign a symbolic link to the named directory
sudo ln -s /var/lib/apache-tomcat-7.0.39 ./tomcat7
Now change ownership of the files to the unpriveldeged user who will be running Tomcat, in this case the tomcat7 user
sudo chown -R tomcat7:tomcat7 tomcat7

 SSL connections for Everyone

SSL, or Secure Socket Layer, is a technology which allows web browsers and web servers to communicate over a secured connection.For My Oscar the major use is for security to ensure that the data being sent is encrypted by one side, transmitted, then decrypted by the other side before processing

You can set up SSL connection via Tomcat with the instructions below.  If you need lower port numbers or need to run a full web server you can set up SSL with Apache (see Installing Oscar to run on port 443)

a) Prepare a Certificate

Use the Java keytool to generate a key for tomcat using standard RSA encryption.  Use the same password for both the keypass and the storepass (technically they don't have to be the same for Tomcat 7 but its simpler this way)/  Remember to use your own password instead of the placeholder "liyi". 

sudo $JAVA_HOME/bin/keytool -genkey -alias tomcat -validity 3650 -keyalg RSA -keystore /var/lib/tomcat7/.keystore -keypass liyi -storepass liyi
You will be prompted for your name (supply your server IP or domain),  organisational unit (clinic), organisation (.),  city, province and country. The result is a hidden .keystore file in the tomcat7 directory. 

Now reference the generated keystore in the tomcat configuration file. Activate those connectors in server.xml specification taking care that you don't conflict with another services that might be using those ports.

sudo nano tomcat7/conf/server.xml

Now adjust the data so it looks something like the below (ports 8090 and 8091 used below as they don't conflict with default Tomcat6 settings) changing the location of the keystoreFile and the keystore password to match the actual ones you used. 

   <Connector port="8090" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8091" />  
   <Connector port="8091" protocol="HTTP/1.1" 
               SSLEnabled="true"
               maxThreads="200" 
               scheme="https" 
               secure="true" 
               enableLookups="false" 
               disableUploadTimeout="true" 
               clientAuth="false"  
               sslProtocol="TLS" 
               keystoreFile="/var/lib/tomcat7/.keystore"
               keystorePass="liyi"   />

b) Install Oscar's Server Certificate

Copy over the base64 certificate from the -BEGIN CERTIFICATE- to the -END CERTIFICATE- you are using on the Oscar server.  if you can't access the certificate easily (you can view the certificate in FireFox) the following script may help

#!/bin/sh
#
# usage: retrieve-cert.sh remote.host.name [port]
#
REMHOST=$1
REMPORT=${2:-443}
echo |\
openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

sample usage to extract the certificate for an Oscar server on 10.69.241.1 accessed on ssh on port 8443 would be

retrieve-cert.sh 10.69.241.1:8443 > oscar_certificate.file

Now add the certificate you are using for the OSCAR server to the myoscar's Java 7 keystore 

$JAVA_HOME/bin/keytool -import -alias oscar -file oscar_certificate.file -keystore /var/lib/tomcat7/.keystore

You will be prompted for the passwords for the keystore, the certificate to be imported will be displayed, and then you will be asked if you Trust it

Trust this certificate? [no]:  Yes
Certificate was added to keystore

Now recipricate for the myoscar server's certificate on the OSCAR server.

War File Installation

The source is in Git.  Follow the IDE Oscar install instructions, clone the source oscar_clinic_component, myoscar_server2 and oscar_client2 projects.  Then change to each projects directory and compile each with maven and copy the resultant to the tomcat webapps directory. 

Most of these components  are built against java 7.   Oscar_clinic_component is different and handled separately below. The following are not requirements but are versions that work for compiling

- oracle jdk1.7.0_17
- maven 3.0.5
For the myoscar_server use the following.  For the other wars do similarly.
mvn package -Dmaven.test.skip=true
cd target
sudo mv *-SNAPSHOT.war /var/lib/tomcat7/webapps/myoscar_server.war

Alternately copy the binary war files from Sourceforge to tomcat webapps or CATALINA_BASE as below. 

$ wget http://sourceforge.net/projects/myoscar/files/myoscar2/myoscar_server-2013-08-13.war
$ wget http://sourceforge.net/projects/myoscar/files/myoscar2/myoscar_client-2013-08-13.war
$ sudo cp myoscar_server-2013-08-13.war $CATALINA_BASE/myoscar_server.war
$ sudo cp myoscar_client-2013-08-13.war $CATALINA_BASE/myoscar.war

Optional bits

 

OPTIONAL  If in development environment it may be useful to run the tests to check the build, to do that you need to setup a dbuser user with the dbpasswordf password for MySQL prior to compiling .  At the MySQL prompt type

mysql>CREATE USER 'dbuser'@'localhost' IDENTIFIED BY 'dbpassword';
mysql>GRANT ALL ON *.* to 'dbuser'@'localhost' IDENTIFIED BY 'dbpassword';

Note that running the tests creates a myoscar_server database that will need to be dropped prior to initializing with a blank database or test data.  For security reasons in production use remember to DROP USER the dbuser user or change the password to one that is not published after you are done with building.

OPTIONAL  For debugging purposes it may be useful to setup the tomcat manager application by editing tomcat-users.xml

sudo nano /var/lib/tomcat7/conf/tomcat-users.xml

and add the following to the <tomcat-users> section (provide your own username and password)

<role rolename="manager-gui"/>
<role rolename="admin"/> 
<user username="tomcat" password="liyi" roles="manager-gui,admin"/>

MyOscar Server Configuration

Note: You need to start Tomcat and allow config.xml to be expanded before you can edit config.xml  (see below)

edit config.xml

sudo nano $CATALINA_BASE/myoscar_server/WEB-INF/classes/config.xml

And review and change as needed the following.  Leave most of the settings alone.  Do set the database configuration parameters in here if not smtp parameters as well. The user entry is the name of a MySQL user that has read write privileges on the myoscar_server2 database when identified by the password.

<?xml version="1.0" encoding="UTF-8"?>
<server>
	<database>
		<user>MySQLuser</user>
		<password>MySQLpassword</password>
		<url_prefix>jdbc:mysql://127.0.0.1:3306/</url_prefix>
		<schema>myoscar_server2</schema>
		<driver>com.mysql.jdbc.Driver</driver>
	</database>
	<smtp>
		<host>smpt.gmail.com</host>
		<ssl_port>443</ssl_port>
		<user>user</user>
		<password>userpassword</password>
	</smtp>
</server>

Optional bit

TIP: If you are going to be re-installing the war, rather than redoing this every time, copy this modified configuration outside the application itself and reference it when you start tomcat.  To do that pass a system parameter of "-Dmyoscar_server_config=override.xml" where override.xml is an xml config file which trumps the default one.  One way of doing this is to put this information into the bin directory of Tomcat7 in setenv.sh which gets run when you start Tomcat7

You only have to put in the sections that differ from the rest of the standard config file, and you probably should limit to that for safety (and have the build date and other developer tuned settings update when you update the war).

NOTE manually installed Tomcat 7s as above will have the bin at /var/lib/tomcat7/bin rather than the path shown below

sudo nano /usr/share/tomcat7/bin/setenv.sh

The file will be empty.  You can specify a number of options here.  By example you could put in

export JAVA_HOME="/usr/lib/jvm/java-7-oracle"

but for this purpose we want to add a parameter to JAVA_OPTS

JAVA_OPTS="${JAVA_OPTS} -Dmyoscar_server_config=/var/local/tomcat7/webapps/server_override.xml"
JAVA_OPTS="${JAVA_OPTS} -Dmyoscar_client_config=/var/local/tomcat7/webapps/client_override.xml"
JAVA_OPTS="${JAVA_OPTS} -Doscar_patient_portal_config=/var/local/tomcat7/webapps/portal_override.xml"
export JAVA_OPTS

Remember to make setenv.sh executionable

sudo chmod +x setenv.sh

Initialize the Database

Start Tomcat 7

cd /var/local/tomcat7/bin
sudo ./startup.sh

After installation and loading Tomcat you should go to http://localhost:8090/myoscar_server/admin/install.jsp to initialize the database. 

You will be warned if a database already exists (you will have to drop the schema manually if you want to reload a blank database)

Encryption is optional.  Probably you should NOT encrypt the database if you followed the instructions to encrypt the entire Ubuntu disk as suggested in the Oscar installation instructions.  Click the button.

MyOscar2 Server Initialising

 Wait a while and you will be given a screen with the following message:

MyOscar Server Admin

Database created successfully.
You will need to start the application server / tomcat.

At this point MyOscar Server Admin Database, myoscar_server2 has been created successfully with the database credentials as indicated in your confix.xml and with the administrative user credentials as you provided.
You can check this with the mysql command line by logging into myoscar_server2 and showing tables, there will be about 35, with a line in Person with your administrative user and password (encrypted). 

Then test that the connection works on http://localhost:8090/myoscar_server/ws

MyOscar2 SOAP Services

 Finally test that the connection also works on what you supplied for  "https_endpoint_url_base" in the XML file https://localhost:8091/myoscar_server/ws  as its this connection that the MyOscar client uses.  (you will see the same screen if it works)

MyOscar Client Configuration

Copy over the myoscar_client.war to the webapps directory as simply myoscar.war (this will be part of the URL that the user is going to type so keep it short).  After the war expands alter your  config.xml file.

sudo vi $CATALINA_BASE/myoscar/WEB-INF/classes/config.xml

And review and change as needed the following.  Leave most of the settings alone.  Match the "myoscar_base_url" that you are using for the server. smtp parameters need to be added as well for the contact us link to work.

<?xml version="1.0" encoding="UTF-8"?>
<server>
        <smtp>
                <host>smtp.gmail.com</host>
                <ssl_port>465</ssl_port>
                <user>user@gmail.com</user>
                <password>userpassword</password>
       </smtp>
       <myoscar_client>
                <!-- 
                <myoscar_server_base_url>http://127.0.0.1:8090/myoscar_server</myoscar_server_base_url>
                 -->
                <myoscar_server_base_url>https://127.0.0.1:8091/myoscar_server</myoscar_server_base_url>
                <contact_us_recipient_email_addresses>example@domain</contact_us_recipient_email_addresses>
                <contact_us_from_email_address>notifier@example.com</contact_us_from_email_address>

       </myoscar_client>
</server>

Restart tomcat

cd /var/local/tomcat7/bin
sudo ./shutdown.sh
sudo ./startup.sh

Test your login to the client http://127.0.0.1:8090/myoscar

MyOscar Client Login
Note that the bottom right corner of the login page should have in faint gray the build date, and if you hover the mouse over it, it should show you the server URL it's connected to.

You should be able to login with the administrative user/password you specified when you initialized the server database above.
MyOscar Terms of Use

Agree to the legal stuff (you only have to do this once)

MyOscar Welcome

  • For the purposes of testing, click on the red "Create new user" menu link and create a provider account and assign a password. 
  • It can match the credentials the provider uses for Oscar but is probably better if it is something different.
  • MyOscar user-names should be simple alpha numeric such as peterhc or john1

MyOscar New User

You should be able to login to the MyOscar Client using the provider user/password, just to verify the account/password does work.

You should also setup a "code" user name and a password that you will use for configuring web components that might link to MyOscar.

Optional bit

TIP: If you are going to be re-installing the war, rather than redoing this every time, copy this modified configuration outside the application itself and reference it when you start tomcat.  To do that pass a system parameter of "-Dmyoscar_client_config=override.xml" where override.xml is an xml config file which trumps the default one.  One way of doing this is to put this information into the bin directory of Tomcat7 in setenv.sh which gets run when you start Tomcat7 with 

sudo vi /var/local/tomcat7/bin/setenv.sh

You can specify a number of options here but for this purpose we want to add a parameter to JAVA_OPTS

JAVA_OPTS="${JAVA_OPTS} -Dmyoscar_client_config=client_override.xml"

 Oscar Clinic Component Configuration

Its optional but if you want appointment scheduling we have to configure that too.   You will need to have setup Oscar with the schedule templates for the providers working schedule. This means you must also have created appointment types and time codes for the schedule, also make sure you setup the holiday days properly in oscar.

First clone the code (you need an account on oscartools.org to download)

peter@phc-14:~/git$ git clone ssh://peterhc@source.oscartools.org:29418/oscar_clinic_component
Cloning into 'oscar_clinic_component'...

remote: Counting objects: 359, done
remote: Finding sources: 100% (359/359)
remote: Total 359 (delta 115), reused 359 (delta 115)
Receiving objects: 100% (359/359), 912.09 KiB | 575 KiB/s, done.
Resolving deltas: 100% (115/115), done.

Unlike the other components  this is built against java 6.  You can check what you are using by checking version information for maven

peter@phc-14:~/git/oscar_clinic_component$ mvn -version
Apache Maven 2.2.1 (rdebian-1)
Java version: 1.6.0_35
Java home: /usr/lib/jvm/jdk1.6.0/jre
Default locale: en_CA, platform encoding: UTF-8
OS name: "linux" version: "2.6.32-32-generic" arch: "amd64" Family: "unix"
The following are not requirements but are versions that work for compiling. 
- jdk1.6.0_24 and 1.6.0_35
- maven2 2.2.1
Ok so you have the right compiler - Put it to use!
peter@phc-14:~/git$ cd oscar_clinic_component/
peter@phc-14:~/git/oscar_clinic_component$ mvn -Dmaven.test.skip=true clean package

Second deploy/copy the war file into the Tomcat 7 servlet container like any standard war.

cd target
sudo cp *-SNAPSHOT.war /var/local/tomcat7/webapps/oscar_clinc_component.war

Edit config.xml, and preferably externalise the changes as am portal_override.xml file. The 2 most important settings would be the oscar web services settings and the myoscar server web services settings, they need to be correct for this to connect to them.

<server>
        <misc>
                <override_config_sytem_property_key>oscar_patient_portal_config</override_config_sytem_property_key>
        </misc>
        <oscar_patient_portal>
                <myoscar_server_base_url>http://localhost:8090/myoscar_server</myoscar_server_base_url>
                <myoscar_server_user>code_component_user</myoscar_server_user>
                <myoscar_server_password>code_component_user_pass</myoscar_server_password>
                <application_entry_uri>http://localhost:8090/oscar_clinic_component/index.jsp</application_entry_uri>
                <booking_config_file list_entry="true">/var/lib/tomcat7/webapps/clinicBooking.xml</booking_config_file>
                <!-- due to oscar security the url must end with a / -->
                <oscar_server_base_url>https://localhost:8443/Oscar12_1/ws/</oscar_server_base_url>
                <oscar_server_user>oscar_user</oscar_server_user>
                <oscar_server_password>oscar_password</oscar_server_password>

        </oscar_patient_portal>
</server>

Note that the actual appointment settings have been externalised as well to clinicBooking.xml which might look like the following.  Note that the appointment_code is a comma separated subset of codes found in Oscar's database oscar_12_1.scheduletemplatecode.code.  Similarly the appointment_type id's and names are taken from oscar_12_1.appointmentType

<root name="Northern Clinic">
<clinic name="default"></clinic>
     <title>Haileybury Clinic Bookings</title>
     <address>555 Meridian</address>
     <phone>705-672-5555</phone>
     <hours>Mon-Fri, 9AM-4PM</hours>

     <daysToSearchAheadLimit>180</daysToSearchAheadLimit>
<numberOfAppointmentOptionsToReturn>30</numberOfAppointmentOptionsToReturn>
     <appointment_code duration="15" code="1"></appointment_code>
     <appointment_type id="3" name="MyOscar"></appointment_type>
    <allowedProvider providerNo="101" role="PROVIDER">
         <allowed_appointment id="1" appointment_codes="1" duration="15">
     </allowed_appointment>
    </allowedProvider>
</root>
Restart tomcat.  For deb installed tomcat you can
sudo service tomcat7 stop
sudo service tomcat7 start

For manually installed tomcat 7 it will be like the following

cd /var/lib/tomcat7/bin
sudo ./shutdown.sh
sudo ./startup.sh
From the myoscar_client side, assuming your configuration is correct, it should register itself with the myoscar system with in a minute if you starting the server. Activate it in My Account > preferences. Once that happens you should see it as the last option under the persons preferences (green highlighted with mouseover below).
Clinic Component Registered

If it hasn't registered itself (There is no entry in the left hand column that corresponds) it might be that you may need to load it yourself in the myoscar2 schema from the MySQL prompt.  Note that the componentName has to match in both tables with something like:
INSERT INTO `RemoteComponent` (`id`, `componentName`, `componentUri`, `editDate`, `editorId`) VALUES
(1, 'oclinic_Northern Clinic', 'http://localhost:8090/oscar_clinic_component/index.jsp?clinic=Northern Clinic', '2013-04-17 20:13:30', 5);
INSERT INTO `RemoteComponentText` (`id`, `authorText`, `componentName`, `displayDescriptionText`, `displayName`, `locale`, `termsOfUseText`) VALUES
(1, 'Peter H-C', 'oclinic_Northern Clinic', 'This component allows patients to book their own appointments online', 'Haileybury FHT', 'en_US', 'None.');

Optional bit

TIP: If you are going to be re-installing the war, rather than redoing this every time, copy this modified configuration outside the application itself and reference it when you start tomcat.  To do that pass a system parameter of "-Doscar_patient_portal_config=override.xml" where override.xml is an xml config file which trumps the default one.  One way of doing this is to put this information into the bin directory of Tomcat7 in setenv.sh which gets run when you start Tomcat7 with 

sudo vi /var/local/tomcat7/bin/setenv.sh

You can specify a number of options here but for this purpose we want to add a parameter to JAVA_OPTS

JAVA_OPTS="${JAVA_OPTS} -oscar_patient_portal_config=portal_override.xml"

Oscar Configuration for MyOscar2

Setup eForm to PDF

The eForm's "Send To PHR" functionality necessary for sending eForms and labwork to MyOscar relies on the HTML to PDF conversion feature.  The Oscar12_1 deb installs and configures this for you.  Test that it is working by printing something out of the Rich Text Editor which will produce a pdf for you if this is set up property.

Change the MyOscar settings in the Properties File

Alter your Oscar.properties file to match something like the following.

MY_OSCAR=yes
MY_OSCAR_EXCHANGE_INTERVAL = 5
ModuleNames=Indivo
# this is the link for 'view PHR record' in Oscar's Master File for the myOscar client
# If anyone needs to use Oscar off site it should be set to the myoscar client WAN IP and NOT the LAN 
myOSCAR.url = https://WAN_IP:8091/myoscar/
# this is the Oscar server to myoscar_server connection so should be routed locally
# currently if you have a self signed certificate, you may have to run it as http
myoscar_server_base_url=http://10.69.241.1:8090/myoscar_server/ws
# cxf web services set to your LAN ip of your OSCAR instance
https_endpint_url_base=http://192.168.1.1:8080/Oscar12_1/ws 

If your Oscar database is not configured with MyOscar tables (the deb installation is so configured automatically) then load them (replace ***** with the MySQL root password and oscar_mcmaster with the name of the 12_1 database)

$ mysql -uroot -p********* oscar_mcmaster < $HOME/src/oscar_source/oscar/database/mysql/updates/update-phr-docs.sql 

Restart tomcat 6

sudo /etc/init.d/tomcat6 restart

Setting up Oscar Providers

When you login as oscardoc, go to the top menu "pref", near the bottom of the screen will be "set myoscar login id".

11x Oscar Preferences

Enter the provider username you created above and save it.

11x Set MyOscar Username

Go to the patients master file record and hit "edit". On the right hand column between "country of origin" and "sin" should by " Register for MyOSCAR" option link. 

Edit Master Record

The subsequent screen should prompt you for your myoscar password. Once you fill that in, it should pre-populate most of the patients information. A username and initial password is supplied for the patient which you may edit, check off the provider(s) who should be allowed to access that chart, and if the patient should be allowed to contact them, then submit.  You will be given the option of printing the username and password for the patient to take home.

A warning "The user and corresponding permissions have been added. All checked providers must authorize this demographic as "patient" from the OSCAR Personal Health Record message screen before the patient can communicate with them. " .
Register Indivio MyOscar through Oscar
If you now go back to the patient ui, you should be able to login with that username/password.
On the left menu of the patient ui, there should be "messages", click on that. Click on "send new message". The "to" list should have your provider as an option, put in a test subject and a test message and send it. On the patient ui, on the left menu should be a "sent" option, you should now notice the message you just sent is in that list.

If you now go back to the oscar ui as the provider, click on the "myoscar" option on the top menu of the appointment/schedule screen. It should default to the inbox and you should see your test message. You should be able to reply etc to the message as well and verify that in the patient ui the patient sees the response etc.

 

Security Considerations

Securing your MyOscar box is beyond the scope of this paper.  However as MyOscar is designed to be accessible over the internet, we should be conscious of the issues.

The MyOscar client / patient ui by the nature of it's purpose, is meant to have an open port on the internet for patients to use.

The MyOscar server by virtue of it's design purpose is also meant to have an open port on the internet as other "Oscars" are suppose to be able to communicate with it. If you are not giving anyone else access to your MyOscar server then there's no need to forward or open *that* port.  So in most cases, keep that one closed.

Oscar itself is an in between case.  You mostly will access it on your LAN and only certain parties at certain locations will need to access it remotely. As described in security hardening, if you want to access it outside the LAN (and that is convenient), then for the few machines that need to do so you can can build an SSH tunnel with key authentication.

As for whether all 3 of these services are on the same machine or not, it should not really matter, however we have run into intermittent ssl_error_internal_error_alert with Firefox (only) on servers running both Tomcat 6 and Tomcat 7 on the same JVM.

You should not be opening any machine to the internet in any case. In theory you should only be opening the ports you need, i.e. the Myoscar client's http port. This makes it no less secure than any other http port on the planet like ebay's or your banks, or anything else.

To be nit picky about internal security, you could put all 3 applications on 3 different physical servers, heck why not put the database on a 4th server too, and have different passwords on all 4 servers and put firewalls up between all of them. You need to decide your effort vs returns. There would have to be a serious error/flaw in one of the applications web pages before anything else is compromised let alone significantly compromised.

 

Document Actions