SCOPE (for service)
This SCOPE element allows you to secure a web service protected by the
GIP’s GeneroAccessService by setting required scopes.
Syntax
<SCOPE>names</SCOPE>- names is a space-separated list of scopes that the service will need.
Child elements
There are no child elements.
Usage
You use this element to declare scopes (permissions) that are required to access the web service.
Typically, you define scopes in your Genero REST web service files (4gl) via
the WSScope attribute. The SCOPE element allows you to configure
scopes at the application configuration file level, which you may need to secure REST services that
do not define any WSScope attributes or that are written with the REST low-level
API.
Scopes defined in the service configuration file, apply globally to the whole service. Unlike
WSScope, which provides access granularity at the function level as well.
This SCOPE element
exclusively applies to web services protected by the GeneroAccessService and is not
intended to work for client applications protected by
OpenIDConnectServiceProvider.
Usage example in web service configuration file
In this configuration, the GIP GeneroAccessService service will verify if the
access token provided by the client application provides all necessary scopes securing the
CalculatorServer.
profile" and
"profile.me" scopes will be
rejected.<?xml version="1.0" encoding="UTF-8" ?>
<APPLICATION Parent="ws.default"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="https://4js.com/ns/gas/5.00/cfextws.xsd">
<EXECUTION>
<PATH>$(res.deployment.path)</PATH>
<MODULE>CalculatorServer</MODULE>
<DELEGATE service="services/GeneroAccessService">
<IDP>http://localhost:6394/ws/r/services/GeneroIdentityProvider</IDP>
<SCOPE>profile profile.me</SCOPE>
</DELEGATE>
</EXECUTION>
</APPLICATION>Parent elements
This element is a child of the DELEGATE element.