IBM SC34-6814-04 User Manual

Chapter 21. Writing a security exit program for IIOP

Considerations common to all user-replaceable programs

Note that the comments contained in Chapter 5, “General notes about
user-replaceable programs,” on page 435 apply to this chapter.

Incoming requests using the Internet Inter-ORB Protocol (IIOP) are processed by
CICS under a default user ID, unless you provide an IIOP security exit program to
assign a new user ID. The security exit program can use CICS services, such as a
task-related user exit program to access DB2, and application parameters encoded
within the body of the request.

You can define the name of the security program on the URM option of the
TCPIPSERVICE resource definition for the IIOP port. If no name is specified, or if
the AUTHENTICATE option is defined as CERTIFICATE, the security exit program
will not be called. Two sample security exit programs, DFHXOPUS and
DFHEBURM, are supplied.

The IIOP security program is passed a COMMAREA with the following format. If a
field does not exist, its pointer and length are zeroes:

Offset

Hex

Type

Len Name

(0) STRUCTURE

80 sXOPUS

(0) CHARACTER

4 standard_header

(4) FULLWORD

4 pIIOPData

(8) FULLWORD

4 lIIOPData

(C) FULLWORD

4 pRequestBody

(10) FULLWORD

4 lRequestBody

(14) CHARACTER

4 corbaserver

(18) FULLWORD

4 pBeanName

(1C) FULLWORD

4 lBeanName

(20) FULLWORD

4 BeanInterfaceType

(24) FULLWORD

4 pModule

(28) FULLWORD

4 lModule

(2C) FULLWORD

4 pInterface

(30) FULLWORD

4 lInterface

(34) FULLWORD

4 pOperation

(38) FULLWORD

4 lOperation

(3C) CHARACTER

8 userid

(44) FULLWORD

4 transid

(48) FULLWORD

4 flag_bytes

(4C) FULLWORD

4 return_code

(50) FULLWORD

4 reason_code

Where:

standard_header

contains a standard header with the following format:

function

1–character function code

domain

2–character field containing “II”

© Copyright IBM Corp. 1977, 2011

663