Class Reference
InterSystems: The power behind what matters   
Documentation  Search
 

persistent class Security.Applications extends %Persistent, %XML.Adaptor, %SYSTEM.Help

This class defines the applications for a system.
There are three types of applications which can be defined:

1) CSP applications
2) Privileged routine applications
3) Client Applications

Depending on the type of application defined (Type property), properties may or may not be relevant to that type of application. See each property description for its relevance for each type of application.
Application names have the following properties:
1) Application names are case insensitive.
2) Maximum length of an application name is 64 characters.
The %Admin Secure:USE permission is required to operate on an application


The table for this class should be manipulated only through object access, the published API's or through the System Management Portal. It should not be updated through direct SQL access.

Inventory

Parameters Properties Methods Queries Indices ForeignKeys Triggers
36 30 4 1


Summary

Properties
AutheEnabled AutoCompile CSPZENEnabled ChangePasswordPage
ClientApplications CookiePath DeepSeeEnabled Description
DispatchClass Enabled ErrorPage EventClass
GroupById InbndWebServicesEnabled IsNameSpaceDefault LockCSPName
LoginPage MatchRoles Name NameSpace
Package Path PermittedClasses Recurse
Resource Routines ServeFiles ServeFilesTimeout
SuperClass Timeout Type UseCookies
iKnowEnabled

Methods
%AddToSaveSet %AddToSyncSet %BMEBuilt %CheckConstraints
%CheckConstraintsForExtent %ClassIsLatestVersion %ClassName %ComposeOid
%ConstructClone %Delete %DeleteExtent %DeleteId
%DispatchClassMethod %DispatchGetModified %DispatchGetProperty %DispatchMethod
%DispatchSetModified %DispatchSetMultidimProperty %DispatchSetProperty %Exists
%ExistsId %Extends %GUID %GUIDSet
%GetLock %GetParameter %GetSwizzleObject %Id
%InsertBatch %IsA %IsModified %IsNull
%KillExtent %KillExtentData %LoadFromMemory %LockExtent
%LockId %New %NormalizeObject %ObjectIsNull
%ObjectModified %Oid %OnBeforeAddToSync %OnDetermineClass
%Open %OpenId %OriginalNamespace %PackageName
%PhysicalAddress %PurgeIndices %Reload %RemoveFromSaveSet
%ResolveConcurrencyConflict %RollBack %Save %SaveDirect
%SaveIndices %SerializeObject %SetModified %SortBegin
%SortEnd %SyncObjectIn %SyncTransport %UnlockExtent
%UnlockId %ValidateIndices %ValidateObject Copy
Create Delete Exists Export
Get GetClientApplicationHash Help Import
IsPublic Modify XMLDTD XMLExport
XMLExportToStream XMLExportToString XMLNew XMLSchema
XMLSchemaNamespace XMLSchemaType


Properties

• property AutheEnabled as Security.Datatype.Authentication [ InitialExpression = 64 ];
Authentication and Session mechanisms enabled (CSP Only).
Bit 2 = AutheK5API
Bit 5 - AutheCache
Bit 6 = AutheUnauthenticated
Bit 11 = AutheLDAP
Bit 13 = AutheDelegated
Bit 14 = LoginToken
Bit 20 = TwoFactorSMS
Bit 21 = TwoFactorPW
• property AutoCompile as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
This specifies whether CSP files should automatically compile or not (CSP Only).
If this is turned on, then when a CSP file is more recent than its compiled class,
it is recompiled. This is normally something you would turn on in development environments
and turn off in production environments.
• property CSPZENEnabled as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
Indicates whether this application will process CSP/Zen Pages (CSP Only).
• property ChangePasswordPage as %String(MAXLEN=256);
A predefined change password page that can be sent out to the browser if the user account requires
that a password change is required(CSP Only).
• property ClientApplications as list of %String(MAXLEN=64);
List of time stamps and hash values for valid executables (Client Applications Only). Each element is in the form $zdatetime($h,3)^HashValue
• property CookiePath as %String(MAXLEN=256);
Scope of the session cookie (CSP Only).
This determines which urls the browser will send the session cookie back to Cache.
If your application name is 'myapp', it defaults to '/myapp/' meaning it will only send
the cookie for pages under '/myapp/'. You should restrict this to only what is required
by your application to prevent this session cookie being used by other CSP application
on this machine, or from being seen by any other application on this web server.
• property DeepSeeEnabled as Security.Datatype.BooleanYN [ InitialExpression = 0 ];
Indicates whether DeepSee access is enabled for this application
• property Description as %String(MAXLEN=256);
Application description.
• property DispatchClass as %String(MAXLEN=256);
If defined this will dispatch all requests in this CSP application to this one class. This will bypass the normal url to classname conversion so allowing the specified class complete control over this dispatch of the page. A predefined dispatch class that can be used is '%25CSP.REST' which provides REST dispatch capabilities.
• property Enabled as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
Application is enabled.
• property ErrorPage as %String(MAXLEN=256);
A CSP or CLS page that will be displayed if an error occurs when generating the page (CSP Only).
• property EventClass as %String(MAXLEN=64);
This specifies the class whose methods are invoked for CSP application events,
such as a timeout (CSP Only).
• property GroupById as %String(MAXLEN=64);
Indicates whether this application's authentication will move in sync with other applications in the same id group (CSP Only).
• property InbndWebServicesEnabled as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
Indicates whether this application will process Web Services (CSP Only).
• property IsNameSpaceDefault as Security.Datatype.BooleanYN [ InitialExpression = 0 ];
Indicates that this application is the default application for its namespace. As such it will be returned by the call $System.CSP.GetDefaultApp()
• property LockCSPName as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
Lock CSP Name (CSP Only).
If true then you can only access this CSP page if the url you enter matches the url stored in the CSPURL parameter value in the class. CSP pages have the CSPURL set to the original url requested automatically when they are compiled. If the url does not match you get a page not found error. For example if you have two CSP applications defined that both map to the same namespace and the same directory '/A' and '/B'. Then you view '/A/page.csp' this will load this page and create the class 'csp.page' with the CSPURL parameter set to '/A/page.csp'. With this flag set you may only access this page using the url '/A/page.csp'. If this flag is false you may access it via the pages '/B/page.csp', '/A/csp.page.cls', '/B/csp.page.cls'. The Cache 5.0 behavior was for this flag to be off. Note that the flag is checked on the application associated with the CSPURL parameter, so even if the '/B' application has the flag turned off, if the '/A' application has it turned on you will get a page not found error from '/B/page.csp'. If you modify the CSP class and change the CSPURL="" then this disables checking for this page.
• property LoginPage as %String(MAXLEN=256);
A predefined login page that can be sent out to the browser if the application requires
an authenticated identity and one is not available yet (CSP Only).
• property MatchRoles as list of %String(MAXLEN=32767);
Mapping of Match Roles to added Target Roles.
MatchRoles are in the format:
MatchRole:TargetRole1:TargetRole2
To specify a role to always be granted to an application, set MatchRole="", i.e. (:TargetRole1)
• property Name as %String(MAXLEN=64,MINLEN=1) [ Required ];
Short Name for Application. Must start with an alpha character and be followed by alpha, numeric, or underscore characters. Must be a legal global subscript.
CSP applications usually start with "/csp".
Client Applications are in the format AppName.EXE.
Privileged routines can be any format.
• property NameSpace as %String(MAXLEN=64);
The Cache server namespace where pages for this application are run (CSP Only).
• property Package as %String(MAXLEN=64);
Specifies the package to prefix to the class name for all CSP files in this application.
If not specified it defaults to "csp" (CSP Only).
• property Path as %String(MAXLEN=256);
This specifies the physical path (directory) for the CSP files on the Caché server (CSP Only).
• property PermittedClasses as %String(MAXLEN="");
A name pattern which is used by the CSP Server to limit the classes which may be run in this application.
This is a COS pattern, (1"B",1"A".1N) match {B.cls, A0.cls ... A9.cls}
• property Recurse as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
This specifies whether to use subdirectories (CSP Only).
If WPath is the Web Path and PPath is the Physical Path, then with recurse turned on,
WPath/xxx/yyy will look in PPath/xxx/yyy. If recurse is turned off, only files directly
contained in WPath are used.
• property Resource as %String(MAXLEN=64,MINLEN=0);
The Resource name that controls access to this application.
If no resource is defined, then it is a public application which anyone can run.
• property Routines as list of %String(MAXLEN=32767);
List of Routines that can invoke this application (Privileged routine applications only).
These are in the format Routine/Class:dbname:Flag, where dbname is the name of the database where the routine resides; Flag=0 is a routine, Flag=1 is a class name.
• property ServeFiles as %Integer(DISPLAYLIST=",No,Always,Always and cached,Use CSP security",VALUELIST=",0,1,2,3") [ InitialExpression = 1 ];
Allows the web server built into Caché to serve up static files, e.g., html or jpg files,
from this application path (CSP Only).
This also allows the stream server to serve files from this path.
0 - No - Never serve files from this application path
1 - Always - Always serve files from this application path, ignore CSP security setting for this path for static files. This is the default for new applications as it is backward compatible with serving files from the web server.
2 - Always and cached - Always serve files from this application path and allow the CSP gateway to cache these files to avoid having to request them from Cache. This is the mode we expect deployed application to use
3 - Use CSP security - If the user has permissions to view a csp/cls page in this application then allow them to view a static file, if they do not have permissions to view a csp/cls page then return a 404 page not found page.
• property ServeFilesTimeout as %Integer [ InitialExpression = 3600 ];
Time, in seconds, of how long to cache static files.
• property SuperClass as %String(MAXLEN=1024);
This specifies the default superclass (CSP Only).
If blank, it defaults to %CSP.Page.
• property Timeout as %Integer(MAXVAL=100000,MINVAL=0) [ InitialExpression = 900 ];
This specifies the default session timeout, in seconds (CSP Only).
• property Type as Security.Datatype.ApplicationType(MAXVAL=9,MINVAL=2) [ InitialExpression = 2 ];
Type - Bitmap describing the type of application
Bit 0 = System Application - Reserved
Bit 1 = CSP Application (Default)
Bit 2 = Privileged routine application
Bit 3 - Client Application
• property UseCookies as %Integer(DISPLAYLIST=",Never,AutoDetect,Always",VALUELIST=",0,1,2") [ InitialExpression = 2 ];
This specifies whether to use cookies for CSP session management or not (CSP Only).
You can set this on a per-application basis. It does NOT affect the user's use of
cookies in their application, simply how Caché manages the session. The available
options are:
'Never' use cookies - This will just use the CSPCHD parameter to persist the session
state from page to page and will not send a cookie to the browser at all.
'AutoDetect' (the default) - This will start by sending the cookie to the browser and
also including the CSPCHD parameter in all the links and forms. Then when the user clicks
on the next link if the browser accepted the cookie it will switch to the 'Always'
mode and turn off the use of the CSPCHD parameters. If the browser did not accept
the cookie it will turn into the 'Never' mode.
'Always' use cookies - Do not include the CSPCHD parameter.
0 = Never, 1 = AutoDetect, 2 = Always
• property iKnowEnabled as Security.Datatype.BooleanYN [ InitialExpression = 0 ];
Indicates whether iKnow access is enabled for this application

Methods

• classmethod Copy(Name As %String, NewName As %String, NewDescription As %String = "") as %Status
Copy an application.
Copy an existing application in the Security database to a new one.
Parameters:
Name - Name of the Application to be copied
NewName - Name of the Application to be created
NewDescription - Full name of the application
• classmethod Create(Name As %String, ByRef Properties As %String) as %Status
Create an Application.
Create an Application in the Security database.
Parameters:
Name - Name of the application to create
Properties - Array of properties to set.
Properties only need to be defined if required for that type of application. Properties are in the format defined by the property definitions for the class with the following exceptions:

"MatchRoles" - MatchRole/TargetRoles pairs to assign to the application
MatchRoles are in the format:
MatchRole1:TargetRole1:TargetRole2,MatchRole2:TargetRole3:TargetRole4
"Routines" - Routine/Database pairs
Routines are in the format:
Routine1:dbname:Flag,Routine2:dbname:Flag
"ClientApplications" - Client application identification hash
ClientApplications are in the format:
Hash,Hash1,Hash2

For CSP applications, if the path specified does not exist, it is created.
• classmethod Delete(Name As %String) as %Status
Delete an Application.
This method will delete an application from the security database.
Parameters:
Name - Name of application to delete
• classmethod Exists(Name As %String, ByRef Application As %ObjectHandle, ByRef Status As %Status) as %Boolean
Application exists.
This method checks for the existence of an application in the security database.
Parameters:
Name - Name of the application to check existence of
Return values:
If Value of the method = 0 (Application does not exist, or some error occured)
Application = Null
Status = Application "x" does not exist, or other error message

If Value of the method = 1 (Application exists)
Application = Object handle to application
Status = $$$OK
• classmethod Export(FileName As %String = "ApplicationsExport.xml", ByRef NumExported As %Integer, Applications As %String = "*", Type As %Integer = -1) as %Status
This method exports Application records to a file in xml format.
Parameters:
FileName - Output file name
NumExported (byref) - Returns number of records exported
Applications - Comma separated list of Applications to export, "*" = All
Type - Type of applications to export, -1 = all
Bit 0 = System Application - Reserved
Bit 1 = CSP Application
Bit 2 = Privileged routine application
Bit 3 - Client Application
• classmethod Get(Name As %String, ByRef Properties As %String) as %Status
Get an application's properties.
Gets an applications properties from the security database.
Parameters:
Name - Name of the application to get
Return values:
Properties - See the Create method for more information on properties returned
• classmethod GetClientApplicationHash(FileName As %String, ByRef Hash As %Integer) as %Status
Return a hash value and last modified timestamp for a visual basic cache direct executable
• classmethod Import(FileName As %String = "ApplicationsExport.xml", ByRef NumImported As %Integer, Flags As %Integer = 0) as %Status
Import Applications records from an xml file.
Parameters:
FileName - Filename to import Application records from
NumImported (byref) - Returns number of records imported
Flags - Control import
Bit 0 - Do not import records, just return count
Note: On failure, no records will be imported
• method IsPublic() as %Boolean
Application is public.
• classmethod Modify(Name As %String, ByRef Properties As %String) as %Status
Modify an aplication.
Modify an existing application's properties in the security database.
Parameters:
Name - Name of the application to modify
Properties - Array of properties to modify.
See the Create() method for a description of the Properties parameter.

Queries

• query Detail(Names As %String, Type As %Integer)
Selects Name As %String, Type As %String, Description As %String, Enabled As %String, AddedRoles As %String, MatchRoles As %String, Resource As %String, Routines As %String, ClientApplications As %String, AutheEnabled As %String, AutoCompile As %String, CookiePath As %String, CSPZENEnabled As %String, DispatchClass As %String, ErrorPage As %String, EventClass As %String, GroupById As %String, HyperEvent As %String, InbndWebServicesEnabled As %String, IsNameSpaceDefault As %String, LockCSPName As %String, LoginPage As %String, ChangePasswordPage As %String, NameSpace As %String, Package As %String, Path As %String, PermittedClasses As %String, Recurse As %String, Resource As %String, ServeFiles As %String, ServeFilesTimeout As %String, SuperClass As %String, Timeout As %String, TwoFactorEnabled As %String, UseCookies As %String, DeepSeeEnabled As %String, iKnowEnabled As %String
Detail all Application records, brief display.
Names - Comma separated list of application names, "*" = All
Type - Type of application, -1 = all
Bit 0 = System Application - Reserved
Bit 1 = CSP Application
Bit 2 = Privileged routine application
Bit 3 - Client Application
Note: This query may change in future versions
• query List(Names As %String, Type As %Integer, Filter As %String)
Selects Name As %String, Namespace As %String, Namespace Default As %String, Enabled As %String, Type As %String, Resource As %String, Authentication Methods As %String, IsSystemApp As %Boolean
List all Application records.
Names - Comma separated list of application names, "*" = All
Type - Type of application, -1 = all
Bit 0 = System Application - Reserved
Bit 1 = CSP Application
Bit 2 = Privileged routine application
Bit 3 - Client Application
Note: This query may change in future versions
• query NamespaceList(Namespaces As %String)
Selects Name As %String, Path As %String
List Application records associated with a namespace.
Namespaces - Comma separated list of namespace names, "*" = All
Note: This query may change in future versions

Indices

• index (NameIndex on NameLowerCase) [IdKey];


Copyright © 1997-2017, InterSystems Corporation