|
%SYS
|
|
|
%SYS
|
|
This class defines the applications for a system. More...
Public Member Functions | |
| _.Library.Status | OnAfterSave (_.Library.Boolean insert) |
| This callback method is invoked by the <METHOD>Save</METHOD> method to. More... | |
| _.Library.Boolean | IsPublic () |
| Application is public. More... | |
Public Attributes | |
| AutheEnabled | |
| Authentication and Session mechanisms enabled. More... | |
| AutoCompile | |
| This specifies whether CSP files should automatically compile or not. More... | |
| CSPZENEnabled | |
| Indicates whether this application will process CSP/Zen Pages. More... | |
| CSRFToken | |
| Prevent login CSRF attack. More... | |
| ChangePasswordPage | |
| A predefined change password page that can be sent out to the browser if the user account requires More... | |
| ClientApplications | |
| List of time stamps and hash values for valid executables. More... | |
| CookiePath | |
| Scope of the session cookie. More... | |
| DeepSeeEnabled | |
| Indicates whether DeepSee access is enabled for this application. More... | |
| Description | |
| Application description. More... | |
| DispatchClass | |
| If defined this will dispatch all requests in this CSP application to this one class. More... | |
| Enabled | |
| Application is enabled. More... | |
| ErrorPage | |
| A CSP or CLS page that will be displayed if an error occurs when generating the page. More... | |
| EventClass | |
| This specifies the class whose methods are invoked for CSP application events, More... | |
| GroupById | |
| Indicates whether this application's authentication will move in sync with other applications in the same id group. More... | |
| InbndWebServicesEnabled | |
| Indicates whether this application will process Web Services. More... | |
| IsNameSpaceDefault | |
| Indicates that this application is the default application for its namespace. More... | |
| JWTAccessTokenTimeout | |
| Specifies the timeout (in seconds) for JWT Access Tokens. More... | |
| JWTAuthEnabled | |
| Indicates that this application uses JWT Bearer tokens for authentication. More... | |
| JWTRefreshTokenTimeout | |
| Specifies the timeout (in seconds) for JWT Refresh Tokens. More... | |
| LockCSPName | |
| Lock CSP Name. More... | |
| LoginPage | |
| A predefined login page that can be sent out to the browser if the application requires More... | |
| MatchRoles | |
| Mapping of MatchRole/TargetRoles pairs to assign to the application More... | |
| Name | |
| Short Name for Application. More... | |
| NameSpace | |
| The namespace where pages for this application are run. More... | |
| Package | |
| Specifies the package to prefix to the class name for all CSP files in this application. More... | |
| Path | |
| This specifies the physical path (directory) for the CSP files on the InterSystems IRIS server. More... | |
| PermittedClasses | |
| A name pattern which is used by the CSP Server to limit the classes which may be run in this application. More... | |
| Recurse | |
| This specifies whether to use subdirectories. More... | |
| RedirectEmptyPath | |
| This specifies whether to use FHIR-standard redirects of empty paths. More... | |
| Resource | |
| The Resource name that controls access to this application. More... | |
| Routines | |
| List of Routines that can invoke this application. More... | |
| ServeFiles | |
| Allows the web server built into InterSystems IRIS to serve up static files, e.g., html or jpg files, from this application path. More... | |
| ServeFilesTimeout | |
| Time, in seconds, of how long to cache static files. More... | |
| SessionScope | |
| SameSite value that is used for CSP Session cookies. More... | |
| SuperClass | |
| This specifies the default superclass. More... | |
| Timeout | |
| This specifies the default session timeout, in seconds. More... | |
| Type | |
| Type - Bitmap describing the type of application More... | |
| UseCookies | |
| This specifies whether to use cookies for CSP session management or not. More... | |
| UserCookieScope | |
| Default SameSite value for cookies created by users' calls to CSP.Response.SetCookie(). More... | |
| WSGIAppLocation | |
| This is the path of the directory containing the python application. More... | |
| WSGIAppName | |
| This is the name of the WSGI-compliant python application (e.g flask_app) More... | |
| WSGICallable | |
| This is the name of the WSGI callable application. More... | |
| iKnowEnabled | |
| Indicates whether iKnow access is enabled for this application. More... | |
Private Attributes | |
| __ForceSave | |
| Used to force a save of the object. More... | |
This class defines the applications for a system.
There are three types of applications which can be defined:
1) Web applications: CSP/ZEN and REST
2) Privileged routine applications
3) Doc DB Applications, previously known as Client Application<br>
Depending on the type of application defined (Type property), properties may or may not be relevant to that type of application. See each property description for its relevance for each type of application.
Application names have the following properties:
1) Application names are case insensitive.
2) Maximum length of an application name is 64 characters.
The Admin Secure:USE permission is required to operate on an application
The table for this class should be manipulated only through object access, the published API's or through the System Management Portal. It should not be updated through direct SQL access.
| _.Library.Status OnAfterSave | ( | _.Library.Boolean | insert | ) |
This callback method is invoked by the <METHOD>Save</METHOD> method to.
provide notification that the object is being saved. It is called after the object's data has been successfully written to disk.
insert will be set to 1 if this object is being saved for the first time.
If this method returns an error then the call to <METHOD>Save</METHOD> will fail.
|
static |
Copy an application.
Copy an existing application in the Security database to a new one.
Parameters:
Name - Name of the Application to be copied
NewName - Name of the Application to be created
NewDescription - Full name of the application
|
static |
Create an Application.
Create an Application in the Security database.
For all application types.
Parameters:
Name - Name of the application to create
Properties - Array of properties to set.
Properties only need to be defined if required for that type of application. Properties are in the format defined by the property definitions for the class with the following exceptions:
"MatchRoles" - MatchRole/TargetRoles pairs to assign to the application
MatchRoles are in the format:
MatchRole1:TargetRole1:TargetRole2,MatchRole2:TargetRole3:TargetRole4
"Routines" - Routine/Database pairs
Routines are in the format:
Routine1:dbname:Flag,Routine2:dbname:Flag
"ClientApplications" - Client application identification hash
ClientApplications are in the format:
Hash,Hash1,Hash2
kill prop Set prop("AutheEnabled")=authenticationType Set prop("DispatchClass")=dispatch Set prop("NameSpace")=namespace set name=xxx set sc=##class(Security.Applications).Create(name,.prop)
For CSP applications, if the path specified does not exist, it is created.
|
static |
Delete an Application.
This method will delete an application from the security database.
For all application types.
Parameters:
Name - Name of application to delete
|
static |
Application exists.
This method checks for the existence of an application in the security database.
For all application types.
Parameters:
Name - Name of the application to check existence of
Return values:
If Value of the method = 0 (Application does not exist, or some error occured)
Application = Null
Status = Application "x" does not exist, or other error message<br>
If Value of the method = 1 (Application exists)
Application = Object handle to application
Status = $$$OK
|
static |
This method exports Application records to a file in xml format.
For all application types.
Parameters:
FileName - Output file name
NumExported (byref) - Returns number of records exported
Applications - Comma separated list of Applications to export, "*" = All
Type - Bitmap describing the type of applications to export, -1 = all
Bit 0 = System Application - Reserved
Bit 1 = CSP/REST Web Application
Bit 2 = Privileged routine application
Bit 3 - Client/DocDB Application
|
static |
Get an application's properties.
Gets an applications properties from the security database.
For all application types.
Parameters:
Name - Name of the application to get
Return values:
Properties - See the Create method for more information on properties returned
|
static |
Return a hash value and last modified timestamp for a visual basic cache direct executable.
For Client/DocDB application.
|
static |
Import Applications records from an xml file.
Parameters:
FileName - Filename to import Application records from
NumImported (byref) - Returns number of records imported
Flags - Control import
Bit 0 - Do not import records, just return count
Note: On failure, no records will be imported
| _.Library.Boolean IsPublic | ( | ) |
Application is public.
|
static |
Modify an aplication.
Modify an existing application's properties in the security database.
Parameters:
Name - Name of the application to modify
Properties - Array of properties to modify.
See the Create() method for a description of the Properties parameter.
| AutheEnabled |
Authentication and Session mechanisms enabled.
For CSP Web Application only.
Note that these bits correspond to the same bit numbers in the Security.System class
Bit 2 = AutheK5API
Bit 5 - AuthePassword
Bit 6 = AutheUnauthenticated
Bit 11 = AutheLDAP
Bit 13 = AutheDelegated
Bit 14 = LoginToken
Bit 20 = TwoFactorSMS
Bit 21 = TwoFactorPW
| AutoCompile |
This specifies whether CSP files should automatically compile or not.
For CSP Web Application only.
If this is turned on, then when a CSP file is more recent than its compiled class,
it is recompiled. This is normally something you would turn on in development environments
and turn off in production environments.
| CSPZENEnabled |
Indicates whether this application will process CSP/Zen Pages.
For CSP Web Application only.
| CSRFToken |
Prevent login CSRF attack.
For CSP Web Application only.
When enabled generate a token and cookie in the login page that is validated before accepting any username/password. Enabling this will prevent programatic access to pages in this application that just pass in the username/password on the initial request. It also prevents the use of the CSPSHARE=1 URL Parameter to pass the session token in the URL when cookies are required for the application.
| ChangePasswordPage |
A predefined change password page that can be sent out to the browser if the user account requires
that a password change is required.
For CSP Web Application only.
| ClientApplications |
List of time stamps and hash values for valid executables.
Each element is in the form $zdatetime($h,3)^HashValue. For DocDB/Client Application only.
| CookiePath |
Scope of the session cookie.
For CSP Web Application only.
This determines which urls the browser will send the session cookie back to InterSystems IRIS.
If your application name is 'myapp', it defaults to '/myapp/' meaning it will only send
the cookie for pages under '/myapp/'. You should restrict this to only what is required
by your application to prevent this session cookie being used by other CSP application
on this machine, or from being seen by any other application on this web server.
| DeepSeeEnabled |
Indicates whether DeepSee access is enabled for this application.
For CSP Web Application only.
Corresponds with the Analytics option shown in Management Portal
| Description |
Application description.
For all application types.
| DispatchClass |
If defined this will dispatch all requests in this CSP application to this one class.
This will bypass the normal url to classname conversion so allowing the specified class complete control over this dispatch of the page. A predefined dispatch class that can be used is 'CSP.REST' which provides REST dispatch capabilities. For REST Web Application only.
| Enabled |
Application is enabled.
For all application types.
| ErrorPage |
A CSP or CLS page that will be displayed if an error occurs when generating the page.
For CSP Web Application only.
| EventClass |
This specifies the class whose methods are invoked for CSP application events,
such as a timeout. For CSP Web Application only.
|
private |
Used to force a save of the object.
| GroupById |
Indicates whether this application's authentication will move in sync with other applications in the same id group.
For CSP Web Application only.
| InbndWebServicesEnabled |
Indicates whether this application will process Web Services.
For CSP Web Application only.
Corresponds with the "Inbound Web Services" option shown in Management Portal.
| IsNameSpaceDefault |
Indicates that this application is the default application for its namespace.
As such it will be returned by the call $System.CSP.GetDefaultApp(). Corresponds with the "Namespace Default Application" option shown in Management Portal.
| JWTAccessTokenTimeout |
Specifies the timeout (in seconds) for JWT Access Tokens.
This is only relevant for REST Web Applications where <property>JWTAuthEnabled</property> is true.
| JWTAuthEnabled |
Indicates that this application uses JWT Bearer tokens for authentication.
For REST Web Application only.
| JWTRefreshTokenTimeout |
Specifies the timeout (in seconds) for JWT Refresh Tokens.
This is only relevant for REST Web Applications where <property>JWTAuthEnabled</property> is true.
| LockCSPName |
Lock CSP Name.
For CSP Web Application only.
If true, then you can only access this CSP page if the url you enter matches the url stored in the CSPURL parameter value in the class. CSP pages have the CSPURL set to the original url requested automatically when they are compiled. If the url does not match, you get a page not found error.
For example if you have two CSP applications defined that both map to the same namespace and the same directory '/A' and '/B'. Then you view '/A/page.csp' this will load this page and create the class 'csp.page' with the CSPURL parameter set to '/A/page.csp'. With this flag set you may only access this page using the url '/A/page.csp'. If this flag is false you may access it via the pages '/B/page.csp', '/A/csp.page.cls', '/B/csp.page.cls'. Note that the flag is checked on the application associated with the CSPURL parameter, so even if the '/B' application has the flag turned off, if the '/A' application has it turned on you will get a page not found error from '/B/page.csp'.
If you modify the CSP class and change the CSPURL="" then this disables checking for this page.
| LoginPage |
A predefined login page that can be sent out to the browser if the application requires
For CSP Web Application only.
an authenticated identity and one is not available yet.
| MatchRoles |
Mapping of MatchRole/TargetRoles pairs to assign to the application
For all application types.
MatchRoles are in the format:
MatchRole1:TargetRole1:TargetRole2,MatchRole2:TargetRole3:TargetRole4
To specify a role to always be granted to an application, set MatchRole="", i.e. (:TargetRole1)
For Routine/Database pairs, Routines are in the format:
Routine1:dbname:Flag,Routine2:dbname:Flag<br>
For Client application identification hash, ClientApplications are in the format:
Hash,Hash1,Hash2<br>
| Name |
Short Name for Application.
Web applications should start with a "/".
Client Applications are in the format AppName.EXE.
Privileged routines can be any format.
| NameSpace |
The namespace where pages for this application are run.
For CSP Web Application only.
| Package |
Specifies the package to prefix to the class name for all CSP files in this application.
For CSP Web Application only.
If not specified it defaults to "csp".
| Path |
This specifies the physical path (directory) for the CSP files on the InterSystems IRIS server.
For CSP Web Application only.
| PermittedClasses |
A name pattern which is used by the CSP Server to limit the classes which may be run in this application.
For CSP Web Application only.
This is a COS pattern, (1"B",1"A".1N) match {B.cls, A0.cls ... A9.cls}
| Recurse |
This specifies whether to use subdirectories.
For CSP Web Application only.
If WPath is the Web Path and PPath is the Physical Path, then with recurse turned on,
WPath/xxx/yyy will look in PPath/xxx/yyy. If recurse is turned off, only files directly
contained in WPath are used.
| RedirectEmptyPath |
This specifies whether to use FHIR-standard redirects of empty paths.
For REST Web Application only.
For example, if the request is for WPath/csp/appname and the app /csp/appname/
has this property enabled, then instead of serving the request with the next level down
(csp, if it exists), the request will be served by /csp/appname/.
The Resource name that controls access to this application.
For all application types.
If no resource is defined, then it is a public application which anyone can run.
| Routines |
List of Routines that can invoke this application.
For Privileged Routine Applications only.
These are in the format Routine/Class:dbname:Flag, where dbname is the name of the database where the routine resides; Flag=0 is a routine, Flag=1 is a class name.
| ServeFiles |
Allows the web server built into InterSystems IRIS to serve up static files, e.g., html or jpg files, from this application path.
For CSP Web Application only.
This also allows the stream server to serve files from this path.
0 - No - Never serve files from this application path
1 - Always - Always serve files from this application path, ignore CSP security setting for this path for static files. This is the default for new applications as it is backward compatible with serving files from the web server.
2 - Always and cached - Always serve files from this application path and allow the CSP gateway to cache these files to avoid having to request them from InterSystems IRIS. This is the mode we expect deployed application to use
3 - Use CSP security - If the user has permissions to view a csp/cls page in this application then allow them to view a static file, if they do not have permissions to view a csp/cls page then return a 404 page not found page.
| ServeFilesTimeout |
Time, in seconds, of how long to cache static files.
For CSP Web Application only.
| SessionScope |
SameSite value that is used for CSP Session cookies.
For REST and CSP Web Application only.
This setting affects whether session cookies are sent for cross-site requests.
The default setting for a new application is Strict.
0 - None - Send cookie with cross-site requests .
1 - Lax - Send cookie with top-level cross-site navigation.
2 - Strict - Do not send cookie with cross-site requests. Default.
| SuperClass |
This specifies the default superclass.
For CSP Web Application only.
If blank, it defaults to CSP.Page.
| Timeout |
This specifies the default session timeout, in seconds.
For CSP Web Application only.
| Type |
Type - Bitmap describing the type of application
Bit 0 = System Application - Reserved
Bit 1 = CSP/REST Web Application (Default)
Bit 2 = Privileged routine application
Bit 3 = DocDB/Client Application
| UseCookies |
This specifies whether to use cookies for CSP session management or not.
For REST and CSP Web Application only.
You can set this on a per-application basis. It does NOT affect the user's use of
cookies in their application, simply how the session is managed. The available
options are:
'Never' use cookies - This will just use the CSPCHD parameter to persist the session
state from page to page and will not send a cookie to the browser at all.
'AutoDetect' (the default) - This will start by sending the cookie to the browser and
also including the CSPCHD parameter in all the links and forms. Then when the user clicks
on the next link if the browser accepted the cookie it will switch to the 'Always'
mode and turn off the use of the CSPCHD parameters. If the browser did not accept
the cookie it will turn into the 'Never' mode.
'Always' use cookies - Do not include the CSPCHD parameter. Default.
0 = Never, 1 = AutoDetect, 2 = Always
| UserCookieScope |
Default SameSite value for cookies created by users' calls to CSP.Response.SetCookie().
For REST and CSP Web Application only.
This setting affects whether session cookies are sent for cross-site requests.
Users can override the default by specifying the SameSite value in their SetCookie call.
0 - None - Send cookie with cross-site requests .
1 - Lax - Send same-site cookies with top-level cross-site navigation.
2 - Strict - Do not send same-site cookies with cross-site requests. Default.
| WSGIAppLocation |
This is the path of the directory containing the python application.
| WSGIAppName |
This is the name of the WSGI-compliant python application (e.g flask_app)
| WSGICallable |
This is the name of the WSGI callable application.
| iKnowEnabled |
Indicates whether iKnow access is enabled for this application.
Like the DeepSeeEnabled property , this corresponds with the Analytics option shown in Management Portal.
1.9.1