The security content contained within a CFB is influenced by a client side security user exit. The name of the client side user exit depends on the type of client. The following is a list of clients and their respective client side security user exits:
WRSECTOKEN (wrexitn.c)
WRSECTOKEN (proxyxit.c)
CFBDynamicMessageSecurityExit
(CFBDynamicMessageSecurityExit.java)
CFBDynamicMessageSecurityExit
(CFBDynamicMessageSecurityExit.cs)
The client side security exit directs the client runtime to construct a CFB formatted as either a Standard security CFB or an Enhanced security CFB. The user exit returns a value signifying the desired security mode of either Standard or Enhanced.
Indicates that a client's cooperative flow request CFB "does not" contain the optional security offset section. The CLIENT_USERID and CLIENT_PASSWORD attribute values are included in the CFB header area. Standard security is enabled using the client side security user exit. The CFB header area is not part of the CFB that is eligible to be encrypted.
Indicates that a client's cooperative flow request CFB contains the optional security offset section. The security offset section will contain the CA Gen CLIENT_USERID and CLIENT_PASSWORD values as defined by the client application. Additionally, the security offset can contain an optional security token. Enhanced security is enabled using the client side security user exit. The data added to the security offset section of the CFB is eligible to be encrypted by the client runtime by an encryption user exit.
The client side security user exit also indicates from where within the CFB the Comm. Bridge should extract the UserID and Password data. The user exit is passed a pointer to an integer field that can be set to a value of either TRUE or FALSE. The input parameter bClntMgrSecurity points to the integer field. The content of the integer field only has meaning if the CFB is directed to contain Enhanced Security data. Setting the integer field to TRUE causes the client runtime to set a flag byte within the CFB header. A setting of FALSE causes the flag byte in the CFB to remaining unset. FALSE is the default value.
If it is desired that the Comm. Bridge use the Enhanced Security data when it processes an inbound cooperative request buffer, the CFB containing the request must have the flag byte set accordingly. This is accomplished by making sure that the client side security exit set the integer field, pointed to by the bClntMgrSecurity parameter, to TRUE.
When the Comm. Bridge processes a CFB that contains Enhanced Security data, the content of the flag byte is used to direct the Comm. Bridge as to which security data it should use when processing the associated cooperative flow request. If the CFB header flag byte is set, the Comm. Bridge will use the Enhanced Security data. If the flag byte is not set, the Comm. Bridge will use the security data that is provided in the CFB header.
Copyright © 2013 CA.
All rights reserved.
|
|