Writing a security exit program for IIOP

Considerations common to all user-replaceable programs

Note that the comments contained in General notes about user-replaceable programs apply to this section.

Incoming requests using the Internet Inter-ORB Protocol (IIOP) are processed by CICS® under a default user ID, unless you provide an IIOP security exit program to assign a new user ID. The security exit program can use CICS services, such as a task-related user exit program to access DB2®, and application parameters encoded within the body of the request.

You can define the name of the security program on the URM option of the TCPIPSERVICE resource definition for the IIOP port. If no name is specified, or if the AUTHENTICATE option is defined as CERTIFICATE, the security exit program will not be called. Two sample security exit programs, DFHXOPUS and DFHEBURM, are supplied.

The IIOP security program is passed a COMMAREA with the following format. If a field does not exist, its pointer and length are zeroes:

Offset
Hex
Type
Len
Name
(0)
STRUCTURE
80
sXOPUS
(0)
CHARACTER
4
standard_header
(4)
FULLWORD
4
pIIOPData
(8)
FULLWORD
4
lIIOPData
(C)
FULLWORD
4
pRequestBody
(10)
FULLWORD
4
lRequestBody
(14)
CHARACTER
4
corbaserver
(18)
FULLWORD
4
pBeanName
(1C)
FULLWORD
4
lBeanName
(20)
FULLWORD
4
BeanInterfaceType
(24)
FULLWORD
4
pModule
(28)
FULLWORD
4
lModule
(2C)
FULLWORD
4
pInterface
(30)
FULLWORD
4
lInterface
(34)
FULLWORD
4
pOperation
(38)
FULLWORD
4
lOperation
(3C)
CHARACTER
8
userid
(44)
FULLWORD
4
transid
(48)
FULLWORD
4
flag_bytes
(4C)
FULLWORD
4
return_code
(50)
FULLWORD
4
reason_code

Where:

standard_header
contains a standard header with the following format:
function
1-character function code
domain
2-character field containing "II"
*
1-character reserved field
pIIOPData
contains the address of the first megabyte of the unconverted IIOP buffer. If the incoming request is fragmented, this field contains a pointer to:
lIIOPData
contains the length of the unconverted IIOP buffer.
pRequestbody
contains the address of the incoming IIOP request.
lRequestbody
contains the length of the incoming IIOP request.
corbaserver
contains the name of the CorbaServer associated with this request.
pBeanName
contains a pointer to the EBCDIC bean name.
lBeanName
contains the length of the bean name.
BeanInterfaceType
contains an enumerated value. X'00' indicates home; X'01' indicates remote.
pModule
contains a pointer to the EBCDIC Module name.
lModule
contains the length of the Module name.
pInterface
contains a pointer to the EBCDIC Interface name.
lInterface
contains the length of the Interface name.
pOperation
contains a pointer to the EBCDIC Operation name.
lOperation
contains the length of the Operation.
userid
contains the input and output user ID. The output user ID must be exactly 8 characters long. If it is shorter than 8 characters it must be padded with blanks.
transid
contains the input TRANSID.
Flag_bytes
contains the following indicators:
littleEndian
1-byte field showing byte-order, where 1 indicates TRUE and 0 indicates FALSE.
sslClientUserid
1-byte field showing the derivation of the user ID if SSLTYPE CLIENTAUTH is specified in the TCPIPSERVICE definition, where:
0
user ID set from DFLTUSER
1
user ID set from SSL CERTIFICATE
*
2-byte reserved field
return_code
contains the return code.
reason_code
contains the reason code.

A user ID can be returned, but other fields are provided for information only.

For further information about the use of the IIOP security user-replaceable program, see Java™ Applications in CICS.

Related concepts
Java Applications in CICS
Related tasks
Rewriting user-replaceable programs
Assembling and link-editing user-replaceable programs
Related reference
The sample programs
[[ Contents Previous Page | Next Page Index ]]