New post
User bio
404 bio not found
Boston, MA
Member since Dec 30, 2015
Posts:
show all 1
Replies:
show all 8
Robert Hurst · Apr 22

An observation from trying JWT on my REST endpoints that were tripping me up -- I previously had UseSession enabled and that appears to conflict with CSP and JWT handling. I understand that disabled is its default setting, but if it's enabled, well, you waste a bit of time wanting an access token.

/// web session is preserved across REST calls must be DISABLED
Parameter UseSession As Integer = 0;
Robert Hurst · Sep 13, 2023

Please consider returning the error code as shown below for when you are NOT providing a delegated set of credentials. We use this to allow for "break the glass" access by an authorized Systems Administrator using sudo irisdb without having them required to enter another password:
 

GetCredentials(ServiceName,Namespace,Username,Password,Credentials) Public {

 s $zt="Error"

 // The following example sets the processes Username/Password without prompting them
 // to _SYSTEM/SYS if a console,and Admin/SYS if a telnet user.
 // If a Bindings service, then we will go through the normal login screen.

 ; i ServiceName="%Service_Console" {
 ;      s Username="_SYSTEM"
 ;      s Password="SYS"
 ;      q $SYSTEM.Status.OK()
 ; }

    ;do ##class(%SYS.System).WriteToConsoleLog("GetCredentials("_$g(ServiceName)_","_$g(Namespace)_","_$g(Username)_","_$g(Password)_","_$g(Credentials)_")",0,0)
    if (ServiceName = "%Service_Terminal") && ($username = "root") {
        set Username = "root"
        set Password = "should match whatever is set for local user"
        quit $SYSTEM.Status.OK()
    }

 // For Bindings applications, force them to normally enter a username
 ; i ServiceName="%Service_Bindings" q $SYSTEM.Status.Error($$$GetCredentialsFailed)
 // If a CSP application, we can test for a specific application by looking at
 // the request object. If it exists, then the request is from a CSP application.

 ;If $isobject($get(%request)) {
 ;  if %request.Application="/csp/samples/" {
 ;      set Username="_SYSTEM"
 ;      set Password="SYS"
 ;      quit $System.Status.OK()
 ;  }
 ;}

 // Here is an example where I get the username and password out of a http request where the password
 // was set the following way:
 // d httpreq.InsertParam("username","TESTDEL")
 // d httpreq.InsertParam("password","SYS")
 ;If $isobject($get(%request)) {
 ;  if %request.Application="/csp/samples/" {
 ;      s Username=$get(%request.Data("username",1))
 ;      s Password=$get(%request.Data("password",1))
 ;      quit $System.Status.OK()
 ;  }
 ;}

 // For any other service, deny them access
 ;q $SYSTEM.Status.Error($$$AccessDenied)

 // By default, we allow the system to do its normal Username/Password prompting.
 q $SYSTEM.Status.Error(1419 /*$$$GetCredentialsFailed*/)

Error //Handle any COS errors here
 //Reset error trap to avoid infinite loop
 s $zt=""

 //Return the generalized COS error message #5002
 q $SYSTEM.Status.Error(5002 /*$$$CacheError*/,$ze)

}
Robert Hurst · Jan 12, 2023

I won't repeat the excellent definitions already provided, but can share some examples of class parameters where we use them:

Parameter FILES = "/files";
Parameter INSTANCE As COSEXPRESSION = "$p($SYSTEM, "":"", 2)";
Parameter RUNLEVEL As COSEXPRESSION = "$li($lb(""dev"",""Test"",""LIVE""), $lf($lb(""HCDEV"",""HCTEST"",""HCLIVE""), ..#INSTANCE))";

We use ..#FILES to prefix or normalize a directory off the top-level filesystem on the server.

We use ..#INSTANCE if we need to identify which IRIS instance, like in an email message, it came from.

We use ..#RUNLEVEL in conditionals or pass as a parameter, where we might want code only to run on "Test" or "LIVE".

Certifications & Credly badges:
Robert has no Certifications & Credly badges yet.
Global Masters badges:
show all 5
Followers:
show all 1
Scott R.
Following:
Robert has not followed anybody yet.