This document covers the following topics:
RPC Authentication Using Short RPC User ID/RPC Password (all Interface Types)
RPC Authentication Using Long RPC User ID/RPC Password (z/OS with Call Interface)
This section explains how clients built with the COBOL Wrapper can communicate with the following:
Natural RPC Servers running under Natural Security
RPC servers running with impersonation. See Impersonation under z/OS (CICS, Batch, IMS).
EntireX Adapter Listener with enabled Execute Service with Client Credentials, see Configuring Listeners in the EntireX Adapter documentation.
For this you will need the following components:
the Delivered Modules which are provided to create and get a security token
the copybook ERXCOMM if an 8-byte RPC user ID, an 8-byte RPC password and an 8 byte RPC library are sufficient. See ERXCOMM.
the copybook ERXVSTR to use a long RPC user ID, a long RPC password and, if required, to override the IDL library with a long RPC library. See
ERXVSTR.
We strongly recommend using SSL/TLS if you send an authentication as described here with the COBOL Wrapper to a secure partner. See Using SSL/TLS in this section and also SSL/TLS Parameters for SSL Clients under SSL/TLS, HTTP(S), and Certificates with EntireX in the platform-independent Administration documentation.
This approach allows a maximum of 8 bytes for each of RPC user ID, RPC password and RPC library. The code you write depends on the interface type:
This interface type applies to the scenarios CICS | Batch | IMS.
To use RPC authentication using short RPC user ID, RPC password and RPC library
ERXCOMM is Used under Step 1: Declare and Initialize the RPC Communication Area in section Writing Standard Call Interface Clients.
Create a security token with the function Create Security Token CT provided by the generic RPC services module.
* Set function to create security token
MOVE "CT" TO COMM-FUNCTION.
* Set RPC userid and RPC password in RPC Communication Area
MOVE "RPC-USER" TO COMM-USERID.
MOVE "RPC-PSWD" TO COMM-PASSWORD.
* Optional set RPC library e.g. for Natural Security
MOVE "RPC-LIB" TO COMM-LIBRARY.
* Call generic RPC service module to create security token (see Note 1)
CALL "COBSRVI" USING ERX-COMMUNICATION-AREA
ON EXCEPTION
* Perform error-handling
NOT ON EXCEPTION
IF (COMM-RETURN-CODE = 0) THEN
* Perform success-handling
ELSE
* Perform error-handling (See Note 2)
END-IF
END-CALL.
. . .
After successful return from creating the security token, the authentication fields in the RPC communication area are properly set, so they can be used in subsequent RPC requests.
This interface type applies to the scenario Using the COBOL Wrapper for CICS with DFHCOMMAREA Calling Convention (z/OS and z/VSE).
To use RPC authentication using short RPC user ID, RPC password and RPC library
Declare the RPC communication area as described under Step 1: Declare IDL Structures and RPC Communication Area in section Writing EXEC CICS LINK Clients.
Initialize the RPC communication area as described under Step 2: Initialize the RPC Communication Area under Writing EXEC CICS LINK Clients.
Create a security token with the function Create Security Token CT provided by the generic RPC services module.
MOVE "CT" TO COMM-FUNCTION.
* Set RPC userid and RPC password in RPC Communication Area
MOVE "RPC-USER" TO COMM-USERID.
MOVE "RPC-PSWD" TO COMM-PASSWORD.
* Optional set RPC library e.g. for Natural Security
MOVE "RPC-LIB" TO COMM-LIBRARY.
* Call generic RPC service module to create security token
EXEC CICS LINK PROGRAM ("COBSRVI")
RESP (CICS-RESP1)
RESP2 (CICS-RESP2)
COMMAREA (ERX-COMMUNICATION-AREA)
LENGTH (LENGTH OF ERX-COMMUNICATION-AREA)
END-EXEC.
IF WORKRESP = DFHRESP(NORMAL)
IF (COMM-RETURN-CODE = 0) THEN
* Perform success-handling
ELSE
* Perform error-handling (See Note 2)
END-IF
ELSE
* Perform error-handling
END-IF.
After successful return from creating the security token, the authentication fields in the RPC communication area are properly set, so they can be used in subsequent RPC requests.
Notes:
ERXCOMM only, pass only the address of ERXCOMM to the generic RPC service module.
COMM-RETURN-CODE in the RPC communication area contains the error provided by the COBOL Wrapper.
For the error messages returned, see Error Messages and Codes.
This section applies to the scenarios
CICS,
Batch and
IMS with the CALL interface.
With this approach you can use a long RPC user ID, RPC password and RPC library. It requires the ERXVSTR copybook.
The RPC communication area extension copybook ERXVSTR is generated for
Target Operating System z/OS and RPC clients using a call interface to its client interface object,
meaning one of the following Client Interface Types is selected:
To use RPC authentication with long RPC user ID, RPC password and RPC library
ERXCOMM and ERXVSTR are Used under Step 1: Declare and Initialize the RPC Communication Area in section Writing Standard Call Interface Clients.
Create a security token with the function Create Security Token CT provided by the generic RPC services module.
* Set function to create security token
MOVE "CT" TO COMM-FUNCTION.
* Set long RPC userid in RPC Variable String Area
INSPECT RPCUID TALLYING STR-LENGTH FOR CHARACTERS BEFORE SPACE.
MOVE 1 TO STR-OFFSET.
MOVE STR-OFFSET TO COMM-RPC-USERID-OFFSET.
MOVE STR-LENGTH TO COMM-RPC-USERID-LENGTH.
STRING RPCUID DELIMITED BY SPACE INTO
COMM-STRING-AREA WITH POINTER STR-OFFSET.
* Set long RPC password in RPC Variable String Area
INSPECT RPCPWD TALLYING STR-LENGTH FOR CHARACTERS BEFORE SPACE.
MOVE STR-OFFSET TO COMM-RPC-PASSWORD-OFFSET.
MOVE STR-LENGTH TO COMM-RPC-PASSWORD-LENGTH.
STRING RPCPWD DELIMITED BY SPACE INTO
COMM-STRING-AREA WITH POINTER STR-OFFSET.
* Optional set long RPC library e.g. for Natural Security
INSPECT RPCLIB TALLYING STR-LENGTH FOR CHARACTERS BEFORE SPACE.
MOVE STR-OFFSET TO COMM-RPC-LIBRARY-OFFSET.
MOVE STR-LENGTH TO COMM-RPC-LIBRARY-LENGTH.
STRING RPCLIB DELIMITED BY SPACE INTO
COMM-STRING-AREA WITH POINTER STR-OFFSET.
* Set CCSID for encoding of RPC userid/password and application data (Note 3)
MOVE "37" TO COMM-CCSID.
* Call generic RPC service module to create security token (Note 1)
CALL "COBSRVI" USING ERX-COMMUNICATION-AREA
ERX-COMMUNICATION-VSTR.
ON EXCEPTION
* Perform error-handling
NOT ON EXCEPTION
IF (COMM-RETURN-CODE = 0) THEN
* Perform success-handling
ELSE
* Perform error-handling (See Note 2)
END-IF
END-CALL.
. . .
After successful return from creating the security token with a long RPC user ID/RPC password:
The authentication fields in the RPC communication area are properly set, so they can be used in subsequent RPC requests.
The RPC protocol is forced to 2050 as a minium. You need an RPC server supporting this protocol level, see Supported RPC Protocols.
Notes:
ERXCOMM,
then the address of ERXVSTR to the generic RPC service module.
COMM-RETURN-CODE in the RPC communication area contains the error provided by the COBOL Wrapper.
For the error messages returned, see Error Messages and Codes.
CCSID is provided:
It is used for conversion of the long RPC password and RPC user ID. If no CCSID is provided,
the codepage active during compilation applies. Refer to your compiler documentation.
It is used as the codepage name to tell the broker the encoding of your application data. See Using Internationalization with the COBOL Wrapper.