Chapter 21. Writing a security exit program for IIOP
Considerations common to all user-replaceable programs
Note that the comments contained in Chapter 5, “General notes about
user-replaceable programs,” on page 435 apply to this chapter.
Incoming requests using the Internet Inter-ORB Protocol (IIOP) are processed by
CICS under a default user ID, unless you provide an IIOP security exit program to
assign a new user ID. The security exit program can use CICS services, such as a
task-related user exit program to access DB2, and application parameters encoded
within the body of the request.
You can define the name of the security program on the URM option of the
TCPIPSERVICE resource definition for the IIOP port. If no name is specified, or if
the AUTHENTICATE option is defined as CERTIFICATE, the security exit program
will not be called. Two sample security exit programs, DFHXOPUS and
DFHEBURM, are supplied.
The IIOP security program is passed a COMMAREA with the following format. If a
field does not exist, its pointer and length are zeroes:
Offset
Hex
Type Len Name
(0) STRUCTURE 80 sXOPUS
(0) CHARACTER 4 standard_header
(4) FULLWORD 4 pIIOPData
(8) FULLWORD 4 lIIOPData
(C) FULLWORD 4 pRequestBody
(10) FULLWORD 4 lRequestBody
(14) CHARACTER 4 corbaserver
(18) FULLWORD 4 pBeanName
(1C) FULLWORD 4 lBeanName
(20) FULLWORD 4 BeanInterfaceType
(24) FULLWORD 4 pModule
(28) FULLWORD 4 lModule
(2C) FULLWORD 4 pInterface
(30) FULLWORD 4 lInterface
(34) FULLWORD 4 pOperation
(38) FULLWORD 4 lOperation
(3C) CHARACTER 8 userid
(44) FULLWORD 4 transid
(48) FULLWORD 4 flag_bytes
(4C) FULLWORD 4 return_code
(50) FULLWORD 4 reason_code
Where:
standard_header
contains a standard header with the following format:
function
1–character function code
domain
2–character field containing “II”
© Copyright IBM Corp. 1977, 2011 663