Web Services changes
There are changes in support of web services in Genero 3.20.
Changes to how GWS handles cookies
- WSHelper.WSServerCookiesType has a new member
(
sameSite
) added to the record to specify how cookies are sent to other sites. Three values are possibles for sending cookies: "Strict", "Lax", or "None". The default is "Lax". IfNULL
, the default "Lax" is used. - The com.HTTPServiceRequest.setResponseCookies method taking
WSHelper.WSServerCookiesType
as parameter may raise a runtime error if thesameSite
attribute is not set correctly. For instance, you can not set it to "None" if secure is not set toTRUE
. This raises the errorSameSite None value requires Secure to be set
.
SameSite="Strict"
on the
secure cookie ensures that only the exact URL the cookie has been set with will return the cookie to
the server. If not set, the GWS sets each cookie's sameSite attribute as "Lax".To have SameSite available, you must recompile your sources with fglcomp 3.20.13 or greater.
Single sign-on (OpenID Connect, SAML, and GIP) sameSite security
Single sign-on (SSO) services delivered in the Genero Web Services package under $FGLDIR/web_utilities/services have enhancements in FGLGWS 3.20.13 to set "Strict" on the sameSite attribute of security cookies.
If you have previously used these protocols to authenticate users launching applications, ensure you use the services delivered in FGLGWS 3.20.13 and higher to take advantage of the SameSite security feature.
For more information about SSO, see the Genero Application Server User Guide.
sameSite security cookie set to lax for OpenID Connect and SAML
From FGLGWS 3.20.14 onwards, the sameSite attribute of security cookies used in OpenID Connect and SAML Single sign-on (SSO) services delivered in the Genero Web Services package is set to "Lax" instead of "Strict". As the security cookie is used to perform URL redirection to the Identity Provider, it is used only once to authenticate the user log in; therefore, there is no need to restrict its use.
SSO functionality is applied differently in the Genero Identity Provider (GIP). The GIP retains the cookie. If the authenticated user selects the option to "stay connected" at log in, any further authentication requests coming from the same browser are silently authorized by the GIP without requesting the user to log in again. The cookie forwarded must identify the user to the GIP, so its sameSite attribute is set to "Strict" to ensure it comes from the same domain, and is not sent via a third-party site.
No action needs to be taken on your part, but if you have previously used these protocols to authenticate users launching applications, ensure you use the services delivered in the Genero Web Services package under $FGLDIR/web_utilities/services of FGLGWS 3.20.14 and higher.
For more information about SSO, see the Genero Application Server User Guide.
XML serializer is case sensitive
From FGLGWS 3.20 on, the XML serializer is case sensitive, same as the JSON serializer. This means that the serializer uses the case of the variable name as defined in the 4GL file.
What impact has this on my existing Web services? It is recommended to:
- Generate a new client and server stub via the fglwsdl tool.
- The tool has an enhancement which does not generate
XMLName
attributes, unless they are really needed. - If you do not generate the stub, the
XMLName
attribute is still taken into account, so it should not have any impact.
- The tool has an enhancement which does not generate
- Check on server sides that all published SOAP web services input and output records are in lower case. This ensures compatibility with older versions. If backward compatibility is not an issue, then you must query the server WSDL file and generate the client stub from it.
For more details, see Customizing XML serialization.
Control HTTP Date header for GET, HEAD and DELETE requests
Starting with GWS 3.20.00, the FGLPROFILE entry http.global.request.date
can be
used to control whether GWS HTTP GET, HEAD and DELETE requests must send the HTTP Date header.
For more details, see HTTP configuration.
Support for empty HTTP POST or PUT requests
DEFINE req com.HttpRequest
LET req = com.HttpRequest.Create("http://tempuri.org")
CALL req.setMethod("POST") # or PUT
CALL req.doRequest()
Prior to GWS 3.20.01, the doRequest()
call returned error code -15555 and the
error message "Unsupported request-response feature".
readTextRequest()
will be
NULL
:DEFINE ser com.HttpServiceRequest
DEFINE txt STRING
LET ser = com.WebServiceEngine.getHttpServiceRequest(-1)
IF ser.getMethod() == "POST" THEN
LET txt = ser.readTextRequest()
IF txt IS NULL THEN
DISPLAY "No body"
END IF
END IF
Notice that the Content-Type is still checked and may raise an error, if it doesn't
match. So using readXmlRequest()
must have a Content-Type of XML format,
even if the body is empty. In practice, it is recommended to check the Content-Type before
doing any read operation.
For more details, see com.HTTPRequest.doRequest.
New high-level RESTful framework
Genero BDL 3.20 provides a new framework for RESTful Web services programming.
Changes to security.global.protocol in FGLPROFILE
Starting with FGLGWS 3.20.07 GWS secured communication is based on the OpenSSL 1.1 engine. This version of OpenSSL always selects the security protocol. It no longer allows you to specify a specific Transport Layer Security (TLS) or Secure Sockets Layer (SSL).
The security.global.protocol
entry in the fglprofile file
is therefore no longer supported.
security.global.protocol = "TLSv1.2"
to configure
OpenSSL to use TLSv1.2 for HTTPS for earlier versions, you may encounter the following error message
in your Web service:OpenSSL 1.1 doesn't support specific protocol anymoreIt is therefore recommended to remove the
security.global.protocol
entry from your
fglprofile file. For more information on Web service security configuration see
Web Services FGLPROFILE configuration.XMLChoice attribute nested option
The fglwsdl tool now supports the attribute
XMLChoice="nested"
option to produce an XML representation supporting a
substitutionGroup
. A substitutionGroup in an XML schema is where one XML element
can be replaced by another element that has a substitutionGroup with the same name.
simple-name
) or as a more complex type
(full-name
).
<xs:element name="name" />
<xs:element name="simple-name" type="xs:string" substitutionGroup="name" />
<xs:element name="full-name" substitutionGroup="name">
<xs:complexType>
<xs:all>
<xs:element name="first" type="xs:string" minOccurs="0"/>
<xs:element name="middle" type="xs:string" minOccurs="0"/>
<xs:element name="last" type="xs:string"/>
</xs:all>
</xs:complexType>
</xs:element>
<xs:element name="Identity"/>
<xs:sequence>
<xs:element ref="name"/>
</xs:sequence>
</xs:element>
Previous versions using XMLChoice
In previous versions, the generated stub for a record withXMLChoice
generated only one value for all available choices. DEFINE Identity RECORD ATTRIBUTE(XMLSequence,XMLName="Identity")
name RECORD ATTRIBUTE(XMLChoice)
_SELECTOR_ SMALLINT ATTRIBUTE(XMLSelector),
name STRING,
simple_name STRING,
full_name RECORD ATTRIBUTE(XMLAll)
first STRING ATTRIBUTE(XMLOptional),
middle STRING ATTRIBUTE(XMLOptional),
last STRING
END RECORD
END RECORD
END RECORD
New version, using XMLChoice="nested"
XMLChoice="nested"
on the variable, you can
choose at runtime one of the available options; name
, simple-name
,
or full-name
. name
(the
substitutionGroup tag), is not serialized in XML. RECORD
defined to specify the XML representation for the schema as in the
example:DEFINE Identity RECORD ATTRIBUTE(XMLSequence,XMLName="Identity")
name RECORD ATTRIBUTE(XMLChoice="nested")
_SELECTOR_ SMALLINT ATTRIBUTE(XMLSelector),
name STRING,
simple_name STRING ATTRIBUTE(XMLName="simple-name"),
full_name RECORD ATTRIBUTE(XMLAll,XMLName="full-name")
first STRING ATTRIBUTE(XMLOptional),
middle STRING ATTRIBUTE(XMLOptional),
last STRING
END RECORD
END RECORD
END RECORD
This
is an example of the XML representation when the _SELECTOR_
value is
3:<Identity> <full-name> <first>John</first> <last>Smith</last> </full-name> </Identity>
_SELECTOR_
value is 2:<Identity> <simple-name>John Smith</simple-name> </Identity>
XMLChoice
value, you can set XMLChoice="nested"
attribute on that variable to improve the serialization options and to avoid serializer
errors.- Recompile the Genero Web Service server to create a new WSDL that supports the XML
XMLChoice="nested"
feature. - Regenerate all Genero Web Service client stubs from the newly-generated WSDL to get the support
of
XMLChoice="nested"
. Regenerate client stubs using the fglwsdl tool.
fglwsdl -xmlname option
Starting with GWS 3.20.14, the fglwsdl -xmlname
option is
added to generate variables named with XMLName attributes in
stubs. The option may be used if you need to serialize sub records when generating stubs.
For more details, see fglwsdl.
Changes to default IP version used by a GWS client
Starting with FGLGWS 3.20.15, the default IP protocol version used by a GWS client is now IPv4.
The ip.global.version
entry in the fglprofile can be used
to set the IP version. For instance, if you want to use IPv6, set
ip.global.version="IPv6"
.
The previous default was to use IPv6 if available, and fall back on IPv4 if not. In some cases,
the fallback led to performance issues. To use this previous behavior, set
ip.global.version="undefined"
.
For more information on Web service IP configuration see IPv6 configuration.
Support for validating file names in WSAttachments
WSAttachment
attribute supports
validating file names in received files. There is an option to specify that the file name must match
a regular expression pattern on the server side.
WSAttachment = "[a-zA-Z0-9_]*\.[a-zA-Z0-9_]*"
Prior to GWS 3.20.15, file names in file attachments were not validated. It is recommended to use a regexp pattern to limit file names to a set of allowed characters, to avoid the risk of code injection. For more information, see WSAttachment.