Use this task when you want to set up security for your optimized local adapters that perform outbound calls.
It is recommended that you run the WebSphere Application Server for z/OS servers with global security and activate the Sync-to-OS Thread option if you intend to use the optimized local adapter APIs with those servers. To read about global security, see the topic, Enabling security. To read more about activating the Sync-to-OS Thread option, see the topic, z/OS security options.
Local access to WebSphere Application Server for z/OS servers is protected by the System Authorization Facility (SAF) CBIND class. This class is defined during profile creation and is used to protect WebSphere Application Server for z/OS servers when Internet Inter-ORB Protocol (IIOP) local client connection requests are made, as well as optimized local adapters requests. Before running any application that uses the Register API, be sure to grant READ access for the user ID for the job, UNIX® System Services (USS) process, or Customer Information Control System (CICS®) region to the CBIND class for the target server. this is setup with the BBOCBRAK job. For more information about the CBIND class, read the topic, Using CBIND to control access to clusters.
For calling from WebSphere Application Server to an application using either the optimized local adapters Host Service and Receive Request APIs, the identity on the thread that the API was called on is used. For environments other than CICS, there is no attempt by the optimized local adapters to assert the WebSphere Application Server application identity. This includes Information Management System (IMS) dependent regions. For these, transactions execute under the ID of the user that started the transaction. This includes IMS dependent regions. For these regions, transactions execute under the ID of the user that started the transaction.
For receiving requests in CICS and processing them with the optimized local adapter CICS Link server (BBO$ task), you can indicate when you start the Link server that you wish to have Link server assert the propagated WebSphere Application Server thread-level identity to the CICS thread where the target program will execute. This is done with a parameter on the optimized local adapters BBOC CICS transaction.
In this information ...Related concepts
Related tasks
Related reference
Related information
| IBM Redbooks, demos, education, and more(Index) |