Security

The Client Manager does not perform any security validation of its own. Rather the Client Manager provides various mechanisms for providing the security data that will be used by the underlying transport mechanisms or by the target server execution environment to validate a given user request.

After the selection of a target server is determined, the Security Level associated with the target server is determined. The Security Level indicates whether the target server expects to receive cooperative flow requests that contain security data. A target server that has a derived Security Level of "Remote" causes the Client Manager to provide security data in the form of a UserID and Password to the transport processing the cooperative flow request.

If the Client Manager needs to provide security data, the Client Manager retrieves the security data in the following manner:

If the CFB received from the DPC contains a security offset and the WRSECTOKEN Client Security user exit indicated that the Client Manager should use the data (bClntMgrSecurity flag set to TRUE), then the UserID and Password are obtained from the CFB Security Offset area.
Note: If the CFB has been encrypted by the GUI runtime, the CFB must be decrypted by the Client Manager prior to obtaining the security data from the Security Offset area. (Decryption is performed by the Client Manager DECREXIT user exit.)
If the CFB does not contain a security offset area, or the CFB does not contain an indication that the security data in the security offset area should be used (bClntMgrSecurity flag set to FALSE), then the UserID and Password are obtained from the Client Manager configuration data.

Note: For more information about user exits, see the User Exit Reference Guide.

More information:

Server Access Security Using User ID and Password