One useful feature of our REST framework is the ability for a dispatch class to identify request prefixes and forward them to another dispatch class. This approach of modularizing your URL map will improve code readability, enable you to easily maintain separate versions of an interface, and provide a means to protect API calls that only certain users will be allowed to access.

In our last lesson, we implemented a linkage to our WidgetAccessory class, and debugged some errors we encountered along the way. We now have our data being returned by REST, but what if we want to update or add new data to our application?

In the WRC, we frequently see customers contact us because their Web Gateway is unable to serve web pages. This article will explain a frequent reason why these errors can occur, and explain some tools which can be used to debug the problem. This explanation is focused on the Web Gateway serving InterSystems IRIS instances, but the same explanation should apply to the CSP Gateway serving Caché instances as well.

Question

I am configuring IIS to work with the CSP Gateway but I'm running into this error:

"The Module DLL 'C:\Inetpub\CSPGateway\CSPms.dll' could not be loaded due to a configuration problem. The current configuration only supports loading images built for a x86 processor architecture."

Answer

We finished our last lesson with our Widgets Direct page iterating over a list of widgets, displaying an ID and a Name value. While we have been able to achieve this with only a small amount of coding, the page itself is not the most visually appealing place to be. The AngularJS framework is providing a powerful Model-View-Controller framework for our structure and logic, but it does not implement anything that will provide a nice UI experience.

or "Didn't you say you would cover Persistent Objects in Part 5, Chris?"

Yes, that was the plan. This is a pretty important topic, so it get's its own Article

Up until now, we've display widget JSON that has been created by a basic loop. Clearly this isn't of much value. Now we have our stack connected together, and we can see that the data is flowing to the Welcome page, it's time to complete the stack and start feeding our service from "real" data.

Suppose you have developed your own web app with InterSystems technologies stack and now want to perform a captcha validation on the client side in order to determine whether or not the user is human and make it safer. There are some modern frameworks to address the captcha issue, however most part of them needs internet access to generate codes and sometimes are complex to implement. Take this as basic example considering that image recognition has gotten too good. That's why you nowadays you tend to see more pattern recognition captchas than mere reading ones. (I.e.

Here is an ObjectScript snippet which lets to create database, namespace and a web application for InterSystems IRIS:

    set currentNS = $namespace

    zn "%SYS"

    write "Create DB ...",!
    set dbName="testDB"
    set dbProperties("Directory") = "/InterSystems/IRIS/mgr/testDB"
    set status=##Class(Config.Databases).Create(dbName,.dbProperties)
    write:'status $system.Status.DisplayError(status)
    write "DB """_dbName_""" was created!",!!


    write "Create namespace ...",!
    set nsName="testNS"
    //DB for globals
    set nsProperties("Globals") = dbName
    //DB for routines
    set nsProperties("Routines") = dbName
    set status=##Class(Config.Namespaces).Create(nsName,.nsProperties)
    write:'status $system.Status.DisplayError(status)
    write "Namespace """_nsName_""" was created!",!!


    write "Create web application ...",!
    set webName = "/csp/testApplication"
    set webProperties("NameSpace") = nsName
    set webProperties("Enabled") = $$$YES
    set webProperties("IsNameSpaceDefault") = $$$YES
    set webProperties("CSPZENEnabled") = $$$YES
    set webProperties("DeepSeeEnabled") = $$$YES
    set webProperties("AutheEnabled") = $$$AutheCache
    set status = ##class(Security.Applications).Create(webName, .webProperties)
    write:'status $system.Status.DisplayError(status)
    write "Web application """webName""" was created!",!

    zn currentNS

At the end of our last lesson, we ended with our page displaying a nice (but garish) Angular Material Toolbar, and our Widget data displaying in a list of Material cards. Our page feels a bit static, and we already know that the large number of Widgets that we will be dealing with will not be especially usable on a static list. What can we do to help?

or "Bonus Breakage"

In our last lesson, we added a relationship between 2 persistent classes. We are clearly going to need to start creating REST Services to expose CRUD operations for each of these classes, but before we do that, we should really finish defining our linkages. We added code to our Widget toJSON to spool off related Accessory data, so we should really do the reciprocal and allow Accessories to return all Widgets that are compatible.

This series of articles aims to address the following topics:

• Creation of a web application based on REST pages;
• Overview of some tools for tracing (debugging) HTTP requests;
• Switching from hyperevents to... hyperevents;
• Integration with jQuery File Upload;
• Conversion of JSON from the {id:1,parentId:1} format to the {id:1,children:[{}]} format for tree visualization;
• Integration with jQuery EasyUI (using datagrid and tree as examples);
• Other topics.

In the WRC, we often see customers who have encountered a problem viewing their SOAP Catalog pages in a browser. This article will explain why the error is being encountered, as well as suggest a fix. This explanation is focused on the symptoms seen in InterSystems IRIS, but similar behavior can be seen in more recent versions of Caché.

If you are developing applications that use CSP or Zen, or potentially any of the other InterSystems web-related stuff that's built on top of CSP, then it's important to know how to keep one particular secret.

A central part of the CSP security architecture is a server-side session key. "Server-side" because its value should never be revealed to the client that is issuing the web requests. If it is revealed, a malicious client might be able to use it to bypass your security and make your server do things you don't want it to.

IRIS provides us with anti login CSRF attack mitigation, however this is not the same as a CSRF attack, as login attacks only occur on the login form. There are currently no built-in tools to mitigate CSRF attacks on api calls and other forms, so this is a step in mitigating these attacks.

See the following link from OWASP for the definition of a CSRF attack:

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)