Editing an Application’s General Attributes
Editing an Application’s General Attributes
You can create or modify settings for how you want Caché to process a specific CSP application on the Edit Web Application page of the Management Portal as follows:
In the Management Portal menu, select System Administration > Security > Applications > Web Applications.
This lists configured web applications. The Type column identifies an application as a user application (CSP) or a system application (CSP,System; a CSP-based utility included with Caché).
Select an application, click Edit, and enter or change the information.
When finished with edits, restart Caché for the new settings to take effect.
The General tab displays the following options:
|Name||Enter a name for the application. The name must include a leading slash (/), such as in the /csp/acme application.|
|Description||Enter a description.|
|Namespace||The Caché namespace in which pages for this application are run.|
|Namespace Default Application||Sets this application as the default application for this namespace. A call to %System.CSP.GetDefaultApp returns this application as the default for the namespace. Caché import functions use this to deal with cases such as importing a CSP page from an XML file where the current namespace does not have the CSP application that the CSP file was exported from. CSP imports the CSP file into the default CSP application for the namespace.|
|Application||Controls whether an application is available. When selected, an application is available, subject to user authentication and authorization; when unchecked, it is not available.|
|CSP/Zen||Enables CSP to serve CSP and Zen pages. Uncheck to disable. For more information on Zen, see the book Using Zen.|
|DeepSee||Enables the %-class required for DeepSee. Uncheck to disable.|
|iKnow||Enables the %-class required for iKnow. Uncheck to disable.|
|Prevent login CSRF attack||Whether or not the application enables functionality to prevent Cross-Site Request Forgery (CSRF) attacks. InterSystems recommends that you enable this feature for all new applications; it is recommended for all existing applications except if there is code that programmatically requests pages from the application.|
|Inbound Web Services||Enables CSP to serve SOAP requests. Uncheck to disable. For more information on SOAP and Caché web services, see the book Creating Web Services and Web Clients in Caché.|
|Permitted Classes||Specify classes that may be run in this application in three ways: 1) ObjectScript match pattern. Example: 1"myclass".3N allows myclass123.cls to run in this application, but not myclassxy.cls. 2) ObjectScript expression that evaluates to a boolean, prefixed with @. The requested class name is passed as a variable named class. Example: @class = “PermittedClasses.PermittedPage” 3) Call to a class method (can also use @syntax). Example: ##class(MyPackage).CheckClassIsPermitted(class) See also “Enabling Application Access to %CSP Pages”.|
|Resource Required||Specifies a resource for which users must have the Use permission (enabled as part of a privilege in a role) in order to run the application. For information on resources and permissions, see the “About Resources” section in the Caché Security Administration Guide.|
|Group by ID||
Enter a group name for this application to share authentication privileges with all other applications with this group name. All applications with this group name stay in authentication sync. If you log out of any of these applications, you are logged out of all of them. If you then try to return to a page of any of these applications, you need to log in again. Once logged in, however, you can go from one application to another without logging in again. (The only exception is that if any of these applications are unauthenticated, they are not treated as part of the authentication cluster.) Note that Group by ID is attached to an application, not a namespace. So applications with the same Group by ID share authentication regardless of namespace. For more specifics, see the section “By-ID Groups”.
|Allowed Authentication Methods||
Specifies the available authentication mechanisms for connecting to the application. The options displayed here are determined by what is checked on the Authentication Options page (Management Portal >System Administration > Security > System Security > Authentication/CSP Session Options). If an application supports multiple authentication mechanisms, authentication occurs as follows:
For more information on authorization, see the chapter Authentication in the Caché Security Administration Guide.
|Session Timeout||The default session timeout in seconds. You can override this value using the AppTimeout property of the %CSP.Session object.
Note that if a session changes CSP applications during its life span, its timeout value will not be updated according to the default timeout defined in the application that the session moved into. For example, if a session starts out in CSP Application A, with a default timeout of 900 seconds, and then moves into CSP Application B, which has a default timeout of 1800 seconds, the session will still timeout after 900 seconds.
If you want an application change to result in the session timeout being updated to that of the new application, use a session event class, override the OnApplicationChange callback method, and add code to handle the update of the AppTimeout property of the %session object.
If you disable automatic logouts for Ensemble pages, the session timeout does not apply to those pages. That is, the Ensemble pages will not time out. Disabling automatic logouts is not recommended. For more information, see Automatic Logout Behavior in the Management Portal.
|Event Class||Specifies the default name of the CSP class (a subclass of %CSP.SessionEvents) whose methods are invoked for CSP application events, such as a timeout or session termination. You can override this value using the EventClass property of the %CSP.Session object. Note: Use only a class name without an extension (such as .cls or .zen) as a value of this setting, for example MyApplication.SessionEvents.|
|Session Cookie Path||Scope of the session cookie. This determines which URLs the browser uses to send the session cookie back to Caché. If your application name is myapp, it defaults to /myapp/ meaning it only sends the cookie for pages under /myapp/. If you restrict this to only what is required by your application, it prevents this session cookie being used by other CSP applications on this machine, or from being seen by any other application on this web server. On the other hand, browsers and cookies are case-sensitive. Setting the session cookie to '/' can prevent license or session problems if, for example, an application name changes from capital to lowercase letters.|
|Dispatch Class||Identifies the corresponding custom subclass of %CSP.REST for implementing a REST service. See Creating Rest Services for more information.|
No — Never serve files from this application path.
Always — Default. Always serve files from this application path and ignore the CSP security setting for this path for static files. This is the default for new applications; it is backward compatible with applications that previously had static files served from the web server.
Always and cached — Always serve files from this application path and allow the CSP gateway to cache these files to avoid having to request them from Cache. This is the mode that deployed applications are expected to use.
Use CSP Security — If you have permission to view a csp/cls page in this application, then you can also view static files. If you do not have permission to view a csp/cls page, then you see a 404 page not found page.
|Serve Files Timeout||Length of time static files should be cached by the browser in seconds. Default is 3600.|
|CSP Files Physical Path||The directory on the Caché server in which CSP source files are stored. The path is relative to the install-dir/csp/ directory on the Caché server system.|
|Package Name||The name of an optional package prefix used by the CSP compiler. This name is prepended to the package names used for classes created from CSP files. If this field is not specified, the default value of csp is used.|
|Default SuperClass||The name of the default superclass used by the CSP compiler for classes created from CSP files. The default is %CSP.Page.|
|Recurse||Specifies whether to include subdirectories within this application or not. If UPath is the URL Path and PPath is the Physical Path, then with Recurse set to Yes, UPath/xxx/yyy looks for CSP files in PPath/xxx/yyy. If Recurse is set to No, only files directly contained in UPath are used.|
|Auto Compile||Auto Compile works with Lock CSP Name to determine when an application is compiled.|
|Lock CSP Name||
If two Web applications both point to the same namespace and Lock CSP Name is set to Yes (true) for both Web applications, then any CSP page in that namespace is displayed only through the Web application where it was last compiled. You can determine which Web application applies to a CSP page by looking at the page class’s CSPURL parameter. For example:Parameter CSPURL = "/csp/samples/zipcode.csp";
If you set Lock CSP Name to Yes, set Auto Compile to No. If Auto Compile is also set to Yes, then a change to any CSP page in the namespace triggers a recompilation of that page (including the CSPURL parameter) when it’s next requested. A change to either Web application definition also triggers recompilation of any pages in the namespace when next requested. In these cases, this allows the next request for a page to use either of the Web applications, and from then on, the page is displayed only through the last Web application used to request it.
For Zen pages in this scenario, if you set Lock CSP Name to Yes, set the CSPURL parameter of each ZEN page. See %CSP.Page for details. The AutoCompile setting doesn’t affect ZEN pages.
|Login Page||The name can be the name of a CSP page, a Zen page, or a CSP-enabled class which may be prefixed with the full CSP application path. All of the following are acceptable: mylogin.csp, /csp/user/mylogin.csp, MyApp.LoginPage.zen, /csp/user/MyApp.LoginPage.cls. In most cases, the login page is loaded before the user has logged in to Cache, so the requesting process runs under the CSPSystem user (or whatever user connects the CSP Gateway to Caché). As a result, the CSPSystem user must have sufficient privileges to load and run the code in the login page, which generally requires READ permissions on the resource protecting the database in which the login page is located.|
|Change password page||Name of page to use when changing password.|
|Custom Error Page||The name of a .csp or .cls page that is displayed if an error occurs when generating a page within this application.|
To perform general editing on a privileged routine application or a client application, the procedure is:
In the Management Portal menu, select System Administration > Security > Applications, which displays the different application types.
Choose Web Applications, Privileged Routine Applications, or Client Applications. This displays the page for the selected application type.
On the applications page, select the application to edit by clicking on its name. This displays the Edit page for the application.
By default, the General tab appears. For privileged routine applications and client applications, the page’s fields are:
Privileged routine application name or Application path and name — An identifier for the application
Description — A description of the application
Enabled — Whether or not the application is available. When enabled, an application is available, subject to user authentication and authorization; when disabled, it is not available.
Resource required to run the application — A resource for which users must have the Use permission (enabled as part of a privilege in a role) in order to perform certain actions. For web and client applications, this resource is required in order to simply operate the application; for privileged routine applications, this resource is required to invoke the AddRoles method, which gives the application its ability to escalate roles.