Skip to main content

Setup for Web Application Authorization Example

In the following examples, you experiment with authorization concepts and the properties of a Web Application definition.

The following steps involve code in a class named SecurityTutorial.AuthenticationExample. The instructions for creating this class are here: Code for Authentication Example. Create the class definition in the USER namespace.

Examine the Web Application definition for the Web applications in the USER namespace. To edit the definition open the Web Applications page (click [Home] > [System Administration] > [Security] > [Applications] > [Web Applications]) of the Management Portal and then click /csp/user.

Red boxes highlighting Save button, Enable Application setting, Enable setting, and Allowed Authentication Methods setting

Verify the following:

  • The Enabled box is checked.

  • No Resource required to run the application is specified.

  • Both the Unauthenticated and Password boxes are checked under Allowed Authentication Methods.

  • SecurityTutorial.AuthenticationExample is the Dispatch Class.

Click Save.

The Web Application definition specifies that the application is enabled and no resource is required to run the application.

Now, open your favorite REST client. This example uses the Postman browser plug-in.

  1. Create a GET request and specify the Basic as the authentication type and SuperUser/SYS as the Username/Password.

    Postman browser plug-in with request URL and settings

    The URL looks like this


    Note that the port number displayed here, 52773, is the default InterSystems IRIS web server port. The port for your instance may be different.

  2. Click Send. The application returns the username and the user's roles. When InterSystems IRIS is installed with minimal as the initial security setting, SuperUser has the %ALL role.

    Body of Postman response with username and roles


SuperUser is a predefined user account that InterSystems IRIS installs by default. To learn more about predefined users, see Predefined User Accounts.

There are a number of free REST clients available as stand alone applications and browser plug-ins.

FeedbackOpens in a new tab