Applications wishing to support REST should subclass this class, implement the methods to be called,
and define a UrlMap XDATA block which maps Urls and request Method (DELETE/GET/POST/PUT) to those methods.
Users define a csp web application which will be serviced by their custom subclass. To achieve this, in the
management portal set the 'Dispatch Class' to the name of the custom subclass of %CSP.REST.
Note: %CSP.REST extends %CSP.Login instead of just %CSP.Page because %CSP.Login contains the
default CORS support as well as being a subclass of %CSP.Page.
parameter HTTP500INTERNALSERVERERROR = 500 Internal Server Error;
This parameter influences the CORS support. The default is an empty string meaning 'not specified'.
If set to true (1) then CORS processing is ON. If set to false (0) then CORS processing is OFF.
If left unset ("") then the decision to process CORS is delegated to the setting on the URL map route.
parameter TokenLoginEndpoint = login;
If the REST application is using token authentication, then this parameter gives the path to use for the "login" endpoint. The default is "/login".
parameter TokenLogoutEndpoint = logout;
If the REST application is using token authentication, then this parameter gives the path to use for the "logout" endpoint. The default is "/logout".
parameter TokenRefreshEndpoint = refresh;
If the REST application is using token authentication, then this parameter gives the path to use for the "refresh" endpoint. The default is "/refresh".
parameter TokenRevokeEndpoint = revoke;
If the REST application is using token authentication, then this parameter gives the path to use for the token revocation endpoint. The default is "/revoke".
parameter UseSession = 0;
This parameter controls the CSP session support. By default the CSP session will be
ended after each request in accordance with the spirit of REST. However this CAN be
overridden by the user. To use a session, it's necessary to manage the CSPSESSION cookie.
Browsers do this automatically but command line tools such as CURL require the setting of
Note that if you choose to use a session then this will use a CSP license until the session
is ended or expires and the grace period has been satisfied. If you use the default of no
session then this will be the same behavior as SOAP requests of holding a license for ten
This method determines what challenge will be sent with a 401 (Unauthorized) response.
The default is the type of the Authorization header used in the request.
For unauthenticated requests, the default is 'Basic'.
Note most browsers will display a native login prompt in response to a 'Basic' challenge.
deprecated final classmethod Http403(pSC As %Status = $$$OK) as %Status
Issue a '403' error (Deprecated, use ..ReportHttpStatusCode)
deprecated final classmethod Http404(pSC As %Status = $$$OK) as %Status
Issue a '404' error (Deprecated, use ..ReportHttpStatusCode)
This method gets called prior to dispatch of the request. Put any common code here
that you want to be executed for EVERY request. If pContinue is set to 0, the
request will NOT be dispatched according to the UrlMap. In this case it's the
responsibility of the user to return a response.