Skip to main content

Security.Applications

persistent class Security.Applications extends %Library.Persistent, %XML.Adaptor, %SYSTEM.Help

SQL Table Name: Security.Applications

This class defines the applications for a system.
There are three types of applications which can be defined:

1) Web applications: CSP/ZEN and REST
2) Privileged routine applications
3) Doc DB Applications, previously known as Client Application

Depending on the type of application defined (Type property), properties may or may not be relevant to that type of application. See each property description for its relevance for each type of application.
Application names have the following properties:
1) Application names are case insensitive.
2) Maximum length of an application name is 64 characters.
The %Admin Secure:USE permission is required to operate on an application


The table for this class should be manipulated only through object access, the published API's or through the System Management Portal. It should not be updated through direct SQL access.

Property Inventory

Method Inventory

Properties

property AutheEnabled as Security.Datatype.Authentication [ InitialExpression = 64 ];
Authentication and Session mechanisms enabled.
For CSP Web Application only.
Note that these bits correspond to the same bit numbers in the Security.System class
Bit 2 = AutheK5API
Bit 5 - AuthePassword
Bit 6 = AutheUnauthenticated
Bit 11 = AutheLDAP
Bit 13 = AutheDelegated
Bit 14 = LoginToken
Bit 20 = TwoFactorSMS
Bit 21 = TwoFactorPW
Property methods: AutheEnabledDisplayToLogical(), AutheEnabledGet(), AutheEnabledGetStored(), AutheEnabledIsValid(), AutheEnabledLogicalToDisplay(), AutheEnabledLogicalToOdbc(), AutheEnabledNormalize(), AutheEnabledSet(), AutheEnabledXSDToLogical()
property AutoCompile as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
This specifies whether CSP files should automatically compile or not.
For CSP Web Application only.
If this is turned on, then when a CSP file is more recent than its compiled class,
it is recompiled. This is normally something you would turn on in development environments
and turn off in production environments.
Property methods: AutoCompileDisplayToLogical(), AutoCompileGet(), AutoCompileGetStored(), AutoCompileIsValid(), AutoCompileLogicalToDisplay(), AutoCompileLogicalToOdbc(), AutoCompileLogicalToXSD(), AutoCompileNormalize(), AutoCompileOdbcToLogical(), AutoCompileSet(), AutoCompileXSDToLogical()
property CSPZENEnabled as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
Indicates whether this application will process CSP/Zen Pages. For CSP Web Application only.
Property methods: CSPZENEnabledDisplayToLogical(), CSPZENEnabledGet(), CSPZENEnabledGetStored(), CSPZENEnabledIsValid(), CSPZENEnabledLogicalToDisplay(), CSPZENEnabledLogicalToOdbc(), CSPZENEnabledLogicalToXSD(), CSPZENEnabledNormalize(), CSPZENEnabledOdbcToLogical(), CSPZENEnabledSet(), CSPZENEnabledXSDToLogical()
property CSRFToken as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
Prevent login CSRF attack.
For CSP Web Application only.
When enabled generate a token and cookie in the login page that is validated before accepting any username/password. Enabling this will prevent programatic access to pages in this application that just pass in the username/password on the initial request. It also prevents the use of the CSPSHARE=1 URL Parameter to pass the session token in the URL when cookies are required for the application.
Property methods: CSRFTokenDisplayToLogical(), CSRFTokenGet(), CSRFTokenGetStored(), CSRFTokenIsValid(), CSRFTokenLogicalToDisplay(), CSRFTokenLogicalToOdbc(), CSRFTokenLogicalToXSD(), CSRFTokenNormalize(), CSRFTokenOdbcToLogical(), CSRFTokenSet(), CSRFTokenXSDToLogical()
property ChangePasswordPage as %String (MAXLEN = 256);
A predefined change password page that can be sent out to the browser if the user account requires
that a password change is required.
For CSP Web Application only.
Property methods: ChangePasswordPageDisplayToLogical(), ChangePasswordPageGet(), ChangePasswordPageGetStored(), ChangePasswordPageIsValid(), ChangePasswordPageLogicalToDisplay(), ChangePasswordPageLogicalToOdbc(), ChangePasswordPageNormalize(), ChangePasswordPageSet()
property ClientApplications as list of %String (MAXLEN = 64);
List of time stamps and hash values for valid executables. Each element is in the form $zdatetime($h,3)^HashValue. For DocDB/Client Application only.
Property methods: ClientApplicationsBuildValueArray(), ClientApplicationsCollectionToDisplay(), ClientApplicationsCollectionToOdbc(), ClientApplicationsDisplayToCollection(), ClientApplicationsDisplayToLogical(), ClientApplicationsGet(), ClientApplicationsGetObject(), ClientApplicationsGetObjectId(), ClientApplicationsGetStored(), ClientApplicationsGetSwizzled(), ClientApplicationsIsValid(), ClientApplicationsLogicalToDisplay(), ClientApplicationsLogicalToOdbc(), ClientApplicationsNormalize(), ClientApplicationsOdbcToCollection(), ClientApplicationsSet(), ClientApplicationsSetObject(), ClientApplicationsSetObjectId()
property CookiePath as %String (MAXLEN = 256);
Scope of the session cookie.
For CSP Web Application only.
This determines which urls the browser will send the session cookie back to InterSystems IRIS.
If your application name is 'myapp', it defaults to '/myapp/' meaning it will only send
the cookie for pages under '/myapp/'. You should restrict this to only what is required
by your application to prevent this session cookie being used by other CSP application
on this machine, or from being seen by any other application on this web server.
Property methods: CookiePathDisplayToLogical(), CookiePathGet(), CookiePathGetStored(), CookiePathIsValid(), CookiePathLogicalToDisplay(), CookiePathLogicalToOdbc(), CookiePathNormalize(), CookiePathSet()
property CorsAllowlist as list of %String (MAXLEN = 32767);
List of Origins for CORS policies.
Set as comma-delimited string with Create() and Modify()
This is an allowlist.
Property methods: CorsAllowlistBuildValueArray(), CorsAllowlistCollectionToDisplay(), CorsAllowlistCollectionToOdbc(), CorsAllowlistDisplayToCollection(), CorsAllowlistDisplayToLogical(), CorsAllowlistGet(), CorsAllowlistGetObject(), CorsAllowlistGetObjectId(), CorsAllowlistGetStored(), CorsAllowlistGetSwizzled(), CorsAllowlistIsValid(), CorsAllowlistLogicalToDisplay(), CorsAllowlistLogicalToOdbc(), CorsAllowlistNormalize(), CorsAllowlistOdbcToCollection(), CorsAllowlistSet(), CorsAllowlistSetObject(), CorsAllowlistSetObjectId()
property CorsCredentialsAllowed as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
The tab has a check box for allowing credentials. If true, Access-Control-Allow-Credentials header will be included in CORS-enabled responses.
Property methods: CorsCredentialsAllowedDisplayToLogical(), CorsCredentialsAllowedGet(), CorsCredentialsAllowedGetStored(), CorsCredentialsAllowedIsValid(), CorsCredentialsAllowedLogicalToDisplay(), CorsCredentialsAllowedLogicalToOdbc(), CorsCredentialsAllowedLogicalToXSD(), CorsCredentialsAllowedNormalize(), CorsCredentialsAllowedOdbcToLogical(), CorsCredentialsAllowedSet(), CorsCredentialsAllowedXSDToLogical()
property CorsHeadersList as list of %String (MAXLEN = 32767);
List of custom headers to include when CORS is enabled.
Set as comma-delimited string with Create() and Modify()
Property methods: CorsHeadersListBuildValueArray(), CorsHeadersListCollectionToDisplay(), CorsHeadersListCollectionToOdbc(), CorsHeadersListDisplayToCollection(), CorsHeadersListDisplayToLogical(), CorsHeadersListGet(), CorsHeadersListGetObject(), CorsHeadersListGetObjectId(), CorsHeadersListGetStored(), CorsHeadersListGetSwizzled(), CorsHeadersListIsValid(), CorsHeadersListLogicalToDisplay(), CorsHeadersListLogicalToOdbc(), CorsHeadersListNormalize(), CorsHeadersListOdbcToCollection(), CorsHeadersListSet(), CorsHeadersListSetObject(), CorsHeadersListSetObjectId()
property DeepSeeEnabled as Security.Datatype.BooleanYN [ InitialExpression = 0 ];
Indicates whether DeepSee access is enabled for this application.
For CSP Web Application only.
Corresponds with the Analytics option shown in Management Portal
Property methods: DeepSeeEnabledDisplayToLogical(), DeepSeeEnabledGet(), DeepSeeEnabledGetStored(), DeepSeeEnabledIsValid(), DeepSeeEnabledLogicalToDisplay(), DeepSeeEnabledLogicalToOdbc(), DeepSeeEnabledLogicalToXSD(), DeepSeeEnabledNormalize(), DeepSeeEnabledOdbcToLogical(), DeepSeeEnabledSet(), DeepSeeEnabledXSDToLogical()
property Description as %String (MAXLEN = 256);
Application description.
For all application types.
Property methods: DescriptionDisplayToLogical(), DescriptionGet(), DescriptionGetStored(), DescriptionIsValid(), DescriptionLogicalToDisplay(), DescriptionLogicalToOdbc(), DescriptionNormalize(), DescriptionSet()
property DispatchClass as %String (MAXLEN = 256);
If defined this will dispatch all requests in this CSP application to this one class. This will bypass the normal url to classname conversion so allowing the specified class complete control over this dispatch of the page. A predefined dispatch class that can be used is 'CSP.REST' which provides REST dispatch capabilities. For REST Web Application only.
Property methods: DispatchClassDisplayToLogical(), DispatchClassGet(), DispatchClassGetStored(), DispatchClassIsValid(), DispatchClassLogicalToDisplay(), DispatchClassLogicalToOdbc(), DispatchClassNormalize(), DispatchClassSet()
property Enabled as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
Application is enabled.
For all application types.
Property methods: EnabledDisplayToLogical(), EnabledGet(), EnabledGetStored(), EnabledIsValid(), EnabledLogicalToDisplay(), EnabledLogicalToOdbc(), EnabledLogicalToXSD(), EnabledNormalize(), EnabledOdbcToLogical(), EnabledSet(), EnabledXSDToLogical()
property ErrorPage as %String (MAXLEN = 256);
A CSP or CLS page that will be displayed if an error occurs when generating the page.
For CSP Web Application only.
Property methods: ErrorPageDisplayToLogical(), ErrorPageGet(), ErrorPageGetStored(), ErrorPageIsValid(), ErrorPageLogicalToDisplay(), ErrorPageLogicalToOdbc(), ErrorPageNormalize(), ErrorPageSet()
property EventClass as %String (MAXLEN = 64);
This specifies the class whose methods are invoked for CSP application events,
such as a timeout. For CSP Web Application only.
Property methods: EventClassDisplayToLogical(), EventClassGet(), EventClassGetStored(), EventClassIsValid(), EventClassLogicalToDisplay(), EventClassLogicalToOdbc(), EventClassNormalize(), EventClassSet()
property GroupById as %String (MAXLEN = 64);
Indicates whether this application's authentication will move in sync with other applications in the same id group. For CSP Web Application only.
Property methods: GroupByIdDisplayToLogical(), GroupByIdGet(), GroupByIdGetStored(), GroupByIdIsValid(), GroupByIdLogicalToDisplay(), GroupByIdLogicalToOdbc(), GroupByIdNormalize(), GroupByIdSet()
property InbndWebServicesEnabled as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
Indicates whether this application will process Web Services.
For CSP Web Application only.
Corresponds with the "Inbound Web Services" option shown in Management Portal.
Property methods: InbndWebServicesEnabledDisplayToLogical(), InbndWebServicesEnabledGet(), InbndWebServicesEnabledGetStored(), InbndWebServicesEnabledIsValid(), InbndWebServicesEnabledLogicalToDisplay(), InbndWebServicesEnabledLogicalToOdbc(), InbndWebServicesEnabledLogicalToXSD(), InbndWebServicesEnabledNormalize(), InbndWebServicesEnabledOdbcToLogical(), InbndWebServicesEnabledSet(), InbndWebServicesEnabledXSDToLogical()
property IsNameSpaceDefault as Security.Datatype.BooleanYN [ InitialExpression = 0 ];
Indicates that this application is the default application for its namespace. As such it will be returned by the call $System.CSP.GetDefaultApp(). Corresponds with the "Namespace Default Application" option shown in Management Portal.
Property methods: IsNameSpaceDefaultDisplayToLogical(), IsNameSpaceDefaultGet(), IsNameSpaceDefaultGetStored(), IsNameSpaceDefaultIsValid(), IsNameSpaceDefaultLogicalToDisplay(), IsNameSpaceDefaultLogicalToOdbc(), IsNameSpaceDefaultLogicalToXSD(), IsNameSpaceDefaultNormalize(), IsNameSpaceDefaultOdbcToLogical(), IsNameSpaceDefaultSet(), IsNameSpaceDefaultXSDToLogical()
property JWTAccessTokenTimeout as %Integer (MINVAL = 1) [ InitialExpression = 60 ];
Specifies the timeout (in seconds) for JWT Access Tokens. This is only relevant for REST Web Applications where JWTAuthEnabled is true.
Property methods: JWTAccessTokenTimeoutDisplayToLogical(), JWTAccessTokenTimeoutGet(), JWTAccessTokenTimeoutGetStored(), JWTAccessTokenTimeoutIsValid(), JWTAccessTokenTimeoutLogicalToDisplay(), JWTAccessTokenTimeoutNormalize(), JWTAccessTokenTimeoutSet(), JWTAccessTokenTimeoutXSDToLogical()
property JWTAuthEnabled as Security.Datatype.BooleanYN [ InitialExpression = 0 ];
Indicates that this application uses JWT Bearer tokens for authentication. For REST Web Application only.
Property methods: JWTAuthEnabledDisplayToLogical(), JWTAuthEnabledGet(), JWTAuthEnabledGetStored(), JWTAuthEnabledIsValid(), JWTAuthEnabledLogicalToDisplay(), JWTAuthEnabledLogicalToOdbc(), JWTAuthEnabledLogicalToXSD(), JWTAuthEnabledNormalize(), JWTAuthEnabledOdbcToLogical(), JWTAuthEnabledSet(), JWTAuthEnabledXSDToLogical()
property JWTRefreshTokenTimeout as %Integer (MINVAL = 1) [ InitialExpression = 900 ];
Specifies the timeout (in seconds) for JWT Refresh Tokens. This is only relevant for REST Web Applications where JWTAuthEnabled is true.
Property methods: JWTRefreshTokenTimeoutDisplayToLogical(), JWTRefreshTokenTimeoutGet(), JWTRefreshTokenTimeoutGetStored(), JWTRefreshTokenTimeoutIsValid(), JWTRefreshTokenTimeoutLogicalToDisplay(), JWTRefreshTokenTimeoutNormalize(), JWTRefreshTokenTimeoutSet(), JWTRefreshTokenTimeoutXSDToLogical()
property LockCSPName as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
Lock CSP Name.
For CSP Web Application only.
If true, then you can only access this CSP page if the url you enter matches the url stored in the CSPURL parameter value in the class. CSP pages have the CSPURL set to the original url requested automatically when they are compiled. If the url does not match, you get a page not found error.

For example if you have two CSP applications defined that both map to the same namespace and the same directory '/A' and '/B'. Then you view '/A/page.csp' this will load this page and create the class 'csp.page' with the CSPURL parameter set to '/A/page.csp'. With this flag set you may only access this page using the url '/A/page.csp'. If this flag is false you may access it via the pages '/B/page.csp', '/A/csp.page.cls', '/B/csp.page.cls'. Note that the flag is checked on the application associated with the CSPURL parameter, so even if the '/B' application has the flag turned off, if the '/A' application has it turned on you will get a page not found error from '/B/page.csp'.

If you modify the CSP class and change the CSPURL="" then this disables checking for this page.

Property methods: LockCSPNameDisplayToLogical(), LockCSPNameGet(), LockCSPNameGetStored(), LockCSPNameIsValid(), LockCSPNameLogicalToDisplay(), LockCSPNameLogicalToOdbc(), LockCSPNameLogicalToXSD(), LockCSPNameNormalize(), LockCSPNameOdbcToLogical(), LockCSPNameSet(), LockCSPNameXSDToLogical()
property LoginPage as %String (MAXLEN = 256);
A predefined login page that can be sent out to the browser if the application requires
For CSP Web Application only.
an authenticated identity and one is not available yet.
Property methods: LoginPageDisplayToLogical(), LoginPageGet(), LoginPageGetStored(), LoginPageIsValid(), LoginPageLogicalToDisplay(), LoginPageLogicalToOdbc(), LoginPageNormalize(), LoginPageSet()
property MatchRoles as list of %String (MAXLEN = 32767);
Mapping of MatchRole/TargetRoles pairs to assign to the application
For all application types.

MatchRoles are in the format:
MatchRole1:TargetRole1:TargetRole2,MatchRole2:TargetRole3:TargetRole4
To specify a role to always be granted to an application, set MatchRole="", i.e. (:TargetRole1)

For Routine/Database pairs, Routines are in the format:
Routine1:dbname:Flag,Routine2:dbname:Flag

For Client application identification hash, ClientApplications are in the format:
Hash,Hash1,Hash2

Property methods: MatchRolesBuildValueArray(), MatchRolesCollectionToDisplay(), MatchRolesCollectionToOdbc(), MatchRolesDisplayToCollection(), MatchRolesDisplayToLogical(), MatchRolesGet(), MatchRolesGetObject(), MatchRolesGetObjectId(), MatchRolesGetStored(), MatchRolesGetSwizzled(), MatchRolesIsValid(), MatchRolesLogicalToDisplay(), MatchRolesLogicalToOdbc(), MatchRolesNormalize(), MatchRolesOdbcToCollection(), MatchRolesSet(), MatchRolesSetObject(), MatchRolesSetObjectId()
property Name as %String (MAXLEN = 64, MINLEN = 1) [ Required ];
Short Name for Application. Web applications should start with a "/".
Client Applications are in the format AppName.EXE.
Privileged routines can be any format.
Property methods: NameDisplayToLogical(), NameGet(), NameGetStored(), NameIsValid(), NameLogicalToDisplay(), NameLogicalToOdbc(), NameNormalize(), NameSet()
property NameSpace as %String (MAXLEN = 64);
The namespace where pages for this application are run.
For CSP Web Application only.
Property methods: NameSpaceDisplayToLogical(), NameSpaceGet(), NameSpaceGetStored(), NameSpaceIsValid(), NameSpaceLogicalToDisplay(), NameSpaceLogicalToOdbc(), NameSpaceNormalize()
property Package as %String (MAXLEN = 64);
Specifies the package to prefix to the class name for all CSP files in this application.
For CSP Web Application only.
If not specified it defaults to "csp".
Property methods: PackageDisplayToLogical(), PackageGet(), PackageGetStored(), PackageIsValid(), PackageLogicalToDisplay(), PackageLogicalToOdbc(), PackageNormalize(), PackageSet()
property Path as %String (MAXLEN = 256);
This specifies the physical path (directory) for the CSP files on the InterSystems IRIS server.
For CSP Web Application only.
Property methods: PathDisplayToLogical(), PathGet(), PathGetStored(), PathIsValid(), PathLogicalToDisplay(), PathLogicalToOdbc(), PathNormalize(), PathSet()
property PermittedClasses as %String);
A name pattern which is used by the CSP Server to limit the classes which may be run in this application.
For CSP Web Application only.
This is a COS pattern, (1"B",1"A".1N) match {B.cls, A0.cls ... A9.cls}
Property methods: PermittedClassesDisplayToLogical(), PermittedClassesGet(), PermittedClassesGetStored(), PermittedClassesIsValid(), PermittedClassesLogicalToDisplay(), PermittedClassesLogicalToOdbc(), PermittedClassesNormalize(), PermittedClassesSet()
property Recurse as Security.Datatype.BooleanYN [ InitialExpression = 1 ];
This specifies whether to use subdirectories.
For CSP Web Application only.
If WPath is the Web Path and PPath is the Physical Path, then with recurse turned on,
WPath/xxx/yyy will look in PPath/xxx/yyy. If recurse is turned off, only files directly
contained in WPath are used.
Property methods: RecurseDisplayToLogical(), RecurseGet(), RecurseGetStored(), RecurseIsValid(), RecurseLogicalToDisplay(), RecurseLogicalToOdbc(), RecurseLogicalToXSD(), RecurseNormalize(), RecurseOdbcToLogical(), RecurseSet(), RecurseXSDToLogical()
property RedirectEmptyPath as Security.Datatype.BooleanYN [ InitialExpression = 0 ];
This specifies whether to use FHIR-standard redirects of empty paths.
For REST Web Application only.
For example, if the request is for WPath/csp/appname and the app /csp/appname/
has this property enabled, then instead of serving the request with the next level down
(csp, if it exists), the request will be served by /csp/appname/.
Property methods: RedirectEmptyPathDisplayToLogical(), RedirectEmptyPathGet(), RedirectEmptyPathGetStored(), RedirectEmptyPathIsValid(), RedirectEmptyPathLogicalToDisplay(), RedirectEmptyPathLogicalToOdbc(), RedirectEmptyPathLogicalToXSD(), RedirectEmptyPathNormalize(), RedirectEmptyPathOdbcToLogical(), RedirectEmptyPathSet(), RedirectEmptyPathXSDToLogical()
property Resource as %String (MAXLEN = 64, MINLEN = 0);
The Resource name that controls access to this application.
For all application types.
If no resource is defined, then it is a public application which anyone can run.
Property methods: ResourceDisplayToLogical(), ResourceGet(), ResourceGetStored(), ResourceIsValid(), ResourceLogicalToDisplay(), ResourceLogicalToOdbc(), ResourceNormalize(), ResourceSet()
property Routines as list of %String (MAXLEN = 32767);
List of Routines that can invoke this application.
For Privileged Routine Applications only.
These are in the format Routine/Class:dbname:Flag, where dbname is the name of the database where the routine resides; Flag=0 is a routine, Flag=1 is a class name.
Property methods: RoutinesBuildValueArray(), RoutinesCollectionToDisplay(), RoutinesCollectionToOdbc(), RoutinesDisplayToCollection(), RoutinesDisplayToLogical(), RoutinesGet(), RoutinesGetObject(), RoutinesGetObjectId(), RoutinesGetStored(), RoutinesGetSwizzled(), RoutinesIsValid(), RoutinesLogicalToDisplay(), RoutinesLogicalToOdbc(), RoutinesNormalize(), RoutinesOdbcToCollection(), RoutinesSet(), RoutinesSetObject(), RoutinesSetObjectId()
property ServeFiles as %Integer (DISPLAYLIST = ",No,Always,Always and cached,Use CSP security", VALUELIST = ",0,1,2,3") [ InitialExpression = 1 ];
Allows the web server built into InterSystems IRIS to serve up static files, e.g., html or jpg files, from this application path.
For CSP Web Application only.
This also allows the stream server to serve files from this path.
0 - No - Never serve files from this application path
1 - Always - Always serve files from this application path, ignore CSP security setting for this path for static files. This is the default for new applications as it is backward compatible with serving files from the web server.
2 - Always and cached - Always serve files from this application path and allow the CSP gateway to cache these files to avoid having to request them from InterSystems IRIS. This is the mode we expect deployed application to use
3 - Use CSP security - If the user has permissions to view a csp/cls page in this application then allow them to view a static file, if they do not have permissions to view a csp/cls page then return a 404 page not found page.
Property methods: ServeFilesDisplayToLogical(), ServeFilesGet(), ServeFilesGetStored(), ServeFilesIsValid(), ServeFilesLogicalToDisplay(), ServeFilesNormalize(), ServeFilesSet(), ServeFilesXSDToLogical()
property ServeFilesTimeout as %Integer [ InitialExpression = 3600 ];
Time, in seconds, of how long to cache static files.
For CSP Web Application only.
Property methods: ServeFilesTimeoutDisplayToLogical(), ServeFilesTimeoutGet(), ServeFilesTimeoutGetStored(), ServeFilesTimeoutIsValid(), ServeFilesTimeoutLogicalToDisplay(), ServeFilesTimeoutNormalize(), ServeFilesTimeoutSet(), ServeFilesTimeoutXSDToLogical()
property SessionScope as %Integer (DISPLAYLIST = ",None,Lax,Strict", VALUELIST = ",0,1,2") [ InitialExpression = 2 ];
SameSite value that is used for CSP Session cookies.
For REST and CSP Web Application only.
This setting affects whether session cookies are sent for cross-site requests.
The default setting for a new application is Strict.
0 - None - Send cookie with cross-site requests .
1 - Lax - Send cookie with top-level cross-site navigation.
2 - Strict - Do not send cookie with cross-site requests. Default.
Property methods: SessionScopeDisplayToLogical(), SessionScopeGet(), SessionScopeGetStored(), SessionScopeIsValid(), SessionScopeLogicalToDisplay(), SessionScopeNormalize(), SessionScopeSet(), SessionScopeXSDToLogical()
property SuperClass as %String (MAXLEN = 1024);
This specifies the default superclass.
For CSP Web Application only.
If blank, it defaults to %CSP.Page.
Property methods: SuperClassDisplayToLogical(), SuperClassGet(), SuperClassGetStored(), SuperClassIsValid(), SuperClassLogicalToDisplay(), SuperClassLogicalToOdbc(), SuperClassNormalize(), SuperClassSet()
property Timeout as %Integer (MAXVAL = 100000, MINVAL = 0) [ InitialExpression = 900 ];
This specifies the default session timeout, in seconds.
For CSP Web Application only.
Property methods: TimeoutDisplayToLogical(), TimeoutGet(), TimeoutGetStored(), TimeoutIsValid(), TimeoutLogicalToDisplay(), TimeoutNormalize(), TimeoutSet(), TimeoutXSDToLogical()
property Type as Security.Datatype.ApplicationType (MAXVAL = 9, MINVAL = 2) [ InitialExpression = 2 ];
Type - Bitmap describing the type of application
Bit 0 = System Application - Reserved
Bit 1 = CSP/REST Web Application (Default)
Bit 2 = Privileged routine application
Bit 3 = DocDB/Client Application
Property methods: TypeDisplayToLogical(), TypeGet(), TypeGetStored(), TypeIsValid(), TypeLogicalToDisplay(), TypeLogicalToOdbc(), TypeNormalize(), TypeSet(), TypeXSDToLogical()
property UseCookies as %Integer (DISPLAYLIST = ",Never,AutoDetect,Always", VALUELIST = ",0,1,2") [ InitialExpression = 2 ];
This specifies whether to use cookies for CSP session management or not.
For REST and CSP Web Application only.
You can set this on a per-application basis. It does NOT affect the user's use of
cookies in their application, simply how the session is managed. The available
options are:
'Never' use cookies - This will just use the CSPCHD parameter to persist the session
state from page to page and will not send a cookie to the browser at all.
'AutoDetect' (the default) - This will start by sending the cookie to the browser and
also including the CSPCHD parameter in all the links and forms. Then when the user clicks
on the next link if the browser accepted the cookie it will switch to the 'Always'
mode and turn off the use of the CSPCHD parameters. If the browser did not accept
the cookie it will turn into the 'Never' mode.
'Always' use cookies - Do not include the CSPCHD parameter. Default.
0 = Never, 1 = AutoDetect, 2 = Always
Property methods: UseCookiesDisplayToLogical(), UseCookiesGet(), UseCookiesGetStored(), UseCookiesIsValid(), UseCookiesLogicalToDisplay(), UseCookiesNormalize(), UseCookiesSet(), UseCookiesXSDToLogical()
property UserCookieScope as %Integer (DISPLAYLIST = ",None,Lax,Strict", VALUELIST = ",0,1,2") [ InitialExpression = 2 ];
Default SameSite value for cookies created by users' calls to %CSP.Response.SetCookie().
For REST and CSP Web Application only.
This setting affects whether session cookies are sent for cross-site requests.
Users can override the default by specifying the SameSite value in their SetCookie call.
0 - None - Send cookie with cross-site requests .
1 - Lax - Send same-site cookies with top-level cross-site navigation.
2 - Strict - Do not send same-site cookies with cross-site requests. Default.
Property methods: UserCookieScopeDisplayToLogical(), UserCookieScopeGet(), UserCookieScopeGetStored(), UserCookieScopeIsValid(), UserCookieScopeLogicalToDisplay(), UserCookieScopeNormalize(), UserCookieScopeSet(), UserCookieScopeXSDToLogical()
property WSGIAppLocation as %String (MAXLEN = 256);
This is the path of the directory containing the python application
Property methods: WSGIAppLocationDisplayToLogical(), WSGIAppLocationGet(), WSGIAppLocationGetStored(), WSGIAppLocationIsValid(), WSGIAppLocationLogicalToDisplay(), WSGIAppLocationLogicalToOdbc(), WSGIAppLocationNormalize(), WSGIAppLocationSet()
property WSGIAppName as %String (MAXLEN = 256);
This is the name of the WSGI-compliant python application (e.g flask_app)
Property methods: WSGIAppNameDisplayToLogical(), WSGIAppNameGet(), WSGIAppNameGetStored(), WSGIAppNameIsValid(), WSGIAppNameLogicalToDisplay(), WSGIAppNameLogicalToOdbc(), WSGIAppNameNormalize(), WSGIAppNameSet()
property WSGICallable as %String (MAXLEN = 256) [ InitialExpression = "app" ];
This is the name of the WSGI application callable.
Property methods: WSGICallableDisplayToLogical(), WSGICallableGet(), WSGICallableGetStored(), WSGICallableIsValid(), WSGICallableLogicalToDisplay(), WSGICallableLogicalToOdbc(), WSGICallableNormalize(), WSGICallableSet()
property WSGIDebug as Security.Datatype.BooleanYN [ InitialExpression = 0 ];
This describes if the WSGI application is in Debug Mode
Property methods: WSGIDebugDisplayToLogical(), WSGIDebugGet(), WSGIDebugGetStored(), WSGIDebugIsValid(), WSGIDebugLogicalToDisplay(), WSGIDebugLogicalToOdbc(), WSGIDebugLogicalToXSD(), WSGIDebugNormalize(), WSGIDebugOdbcToLogical(), WSGIDebugSet(), WSGIDebugXSDToLogical()
property WSGIType as %Integer (DISPLAYLIST = ",WSGI,ASGI", VALUELIST = ",1,2") [ InitialExpression = 1 ];
This determines if the application is WSGI or ASGI compliant.
Property methods: WSGITypeDisplayToLogical(), WSGITypeGet(), WSGITypeGetStored(), WSGITypeIsValid(), WSGITypeLogicalToDisplay(), WSGITypeNormalize(), WSGITypeSet(), WSGITypeXSDToLogical()
property iKnowEnabled as Security.Datatype.BooleanYN [ InitialExpression = 0 ];
Indicates whether iKnow access is enabled for this application. Like the DeepSeeEnabled property , this corresponds with the Analytics option shown in Management Portal.
Property methods: iKnowEnabledDisplayToLogical(), iKnowEnabledGet(), iKnowEnabledGetStored(), iKnowEnabledIsValid(), iKnowEnabledLogicalToDisplay(), iKnowEnabledLogicalToOdbc(), iKnowEnabledLogicalToXSD(), iKnowEnabledNormalize(), iKnowEnabledOdbcToLogical(), iKnowEnabledSet(), iKnowEnabledXSDToLogical()

Methods

classmethod Copy(Name As %String, NewName As %String, NewDescription As %String = "") as %Status
Copy an application.
Copy an existing application in the Security database to a new one.
Parameters:
Name - Name of the Application to be copied
NewName - Name of the Application to be created
NewDescription - Full name of the application
classmethod Create(Name As %String, ByRef Properties As %String) as %Status
Create an Application.
Create an Application in the Security database.
For all application types.
Parameters:
Name - Name of the application to create
Properties - Array of properties to set.
Properties only need to be defined if required for that type of application. Properties are in the format defined by the property definitions for the class with the following exceptions:

"MatchRoles" - MatchRole/TargetRoles pairs to assign to the application
MatchRoles are in the format:
MatchRole1:TargetRole1:TargetRole2,MatchRole2:TargetRole3:TargetRole4
"Routines" - Routine/Database pairs
Routines are in the format:
Routine1:dbname:Flag,Routine2:dbname:Flag
"ClientApplications" - Client application identification hash
ClientApplications are in the format:
Hash,Hash1,Hash2
kill prop
  Set prop("AutheEnabled")=authenticationType
  Set prop("DispatchClass")=dispatch
  Set prop("NameSpace")=namespace
  set name=xxx
  set sc=##class(Security.Applications).Create(name,.prop)
For CSP applications, if the path specified does not exist, it is created.
classmethod Delete(Name As %String) as %Status
Delete an Application.
This method will delete an application from the security database.
For all application types.
Parameters:
Name - Name of application to delete
classmethod Exists(Name As %String, ByRef Application As %ObjectHandle, ByRef Status As %Status) as %Boolean
Application exists.
This method checks for the existence of an application in the security database.
For all application types.
Parameters:
Name - Name of the application to check existence of
Return values:
If Value of the method = 0 (Application does not exist, or some error occured)
Application = Null
Status = Application "x" does not exist, or other error message

If Value of the method = 1 (Application exists)
Application = Object handle to application
Status = $$$OK
classmethod Export(FileName As %String = "ApplicationsExport.xml", ByRef NumExported As %Integer, Applications As %String = "*", Type As %Integer = -1) as %Status
This method exports Application records to a file in xml format.
For all application types.
Parameters:
FileName - Output file name
NumExported (byref) - Returns number of records exported
Applications - Comma separated list of Applications to export, "*" = All
Type - Bitmap describing the type of applications to export, -1 = all
Bit 0 = System Application - Reserved
Bit 1 = CSP/REST Web Application
Bit 2 = Privileged routine application
Bit 3 - Client/DocDB Application
classmethod Get(Name As %String, ByRef Properties As %String) as %Status
Get an application's properties.
Gets an applications properties from the security database.
For all application types.
Parameters:
Name - Name of the application to get
Return values:
Properties - See the Create method for more information on properties returned
classmethod GetClientApplicationHash(FileName As %String, ByRef Hash As %Integer) as %Status
Return a hash value and last modified timestamp for a visual basic cache direct executable For Client/DocDB application.
classmethod Import(FileName As %String = "ApplicationsExport.xml", ByRef NumImported As %Integer, Flags As %Integer = 0) as %Status
Import Applications records from an xml file.
Parameters:
FileName - Filename to import Application records from
NumImported (byref) - Returns number of records imported
Flags - Control import
Bit 0 - Do not import records, just return count
Note: On failure, no records will be imported
classmethod IsDefault(appName) as %Boolean
Check whether app appName is created by IRIS by default or is something created by the user
method IsPublic() as %Boolean
Application is public.
classmethod Modify(Name As %String, ByRef Properties As %String) as %Status
Modify an aplication.
Modify an existing application's properties in the security database.
Parameters:
Name - Name of the application to modify
Properties - Array of properties to modify.
See the Create() method for a description of the Properties parameter.

Queries

query Detail(Names As %String, Type As %Integer)
Selects Name As %String, Type As %String, Description As %String, Enabled As %String, AddedRoles As %String, MatchRoles As %String, Resource As %String, Routines As %String, ClientApplications As %String, AutheEnabled As %String, AutoCompile As %String, CookiePath As %String, CSPZENEnabled As %String, DispatchClass As %String, ErrorPage As %String, EventClass As %String, GroupById As %String, HyperEvent As %String, InbndWebServicesEnabled As %String, IsNameSpaceDefault As %String, LockCSPName As %String, LoginPage As %String, ChangePasswordPage As %String, NameSpace As %String, Package As %String, Path As %String, PermittedClasses As %String, Recurse As %String, Resource As %String, ServeFiles As %String, ServeFilesTimeout As %String, SuperClass As %String, Timeout As %String, TwoFactorEnabled As %String, UseCookies As %String, DeepSeeEnabled As %String, iKnowEnabled As %String, CSRFToken As %String, SessionScope As %String, UserCookieScope As %String, RedirectEmptyPath As %String, JWTAuthEnabled As %String, JWTAccessTokenTimeout As %String, JWTRefreshTokenTimeout As %String, WSGIAppLocation As %String, WSGIAppName As %String, WSGICallable As %String, WSGIDebug As %String, WSGIType As %Integer, CorsAllowlist As %String, CorsCredentialsAllowed As %String, CorsHeadersList As %String
Detail all Application records, brief display.
Names - Comma separated list of application names, "*" = All
Type - Bitmap describing the type of application, -1 = all
Bit 0 = System Application - Reserved
Bit 1 = CSP Application
Bit 2 = Privileged routine application
Bit 3 - Client Application
Note: This query may change in future versions
query List(Names As %String, Type As %Integer, Filter As %String)
Selects Name As %String, Namespace As %String, Namespace Default As %String, Enabled As %String, Type As %String, Resource As %String, Authentication Methods As %String, IsSystemApp As %Boolean, Dispatch Class As %String
List all Application records.
Names - Comma separated list of application names, "*" = All
Type - Bitmap describing the type of application, -1 = all
Bit 0 = System Application - Reserved
Bit 1 = CSP Application
Bit 2 = Privileged routine application
Bit 3 - Client Application
Note: This query may change in future versions
query NamespaceList(Namespaces As %String)
Selects Name As %String, Path As %String
List Application records associated with a namespace.
Namespaces - Comma separated list of namespace names, "*" = All
Note: This query may change in future versions

Indexes

index (NameIndex on NameLowerCase) [IdKey, Type = key];
Index methods: NameIndexCheck(), NameIndexDelete(), NameIndexExists(), NameIndexOpen(), NameIndexSQLCheckUnique(), NameIndexSQLExists(), NameIndexSQLFindPKeyByConstraint(), NameIndexSQLFindRowIDByConstraint()

Inherited Members

Inherited Methods

Storage

Storage Model: Storage (Security.Applications)

^|$$$SecurityMapApplications|SYS("Security","ApplicationsD")(ID)
=
%%CLASSNAME
AutheEnabled
AutoCompile
ClientApplications
CookiePath
Description
Enabled
ErrorPage
EventClass
HyperEvent
LockCSPName
LoginPage
MatchRoles
Name
NameSpace
Package
Path
Recurse
Resource
Routines
ServeFiles
SuperClass
Timeout
Type
UseCookies
ChangePasswordPage
ServeFilesTimeout
TwoFactorEnabled
CSPZENEnabled
InbndWebServicesEnabled
GroupById
IsNameSpaceDefault
PermittedClasses
DispatchClass
DeepSeeEnabled
iKnowEnabled
CSRFToken
SessionScope
UserCookieScope
Version
RedirectEmptyPath
JWTAuthEnabled
JWTAccessTokenTimeout
JWTRefreshTokenTimeout
WSGIAppName
WSGIAppLocation
WSGICallable
WSGIDebug
WSGIType
CorsAllowlist
CorsCredentialsAllowed
CorsHeadersList
FeedbackOpens in a new tab