Security › Security Overview › Server Security Processing › Layer 3: Application Security
Layer 3: Application Security
As part of the processing that prepares to pass control to the target DPS, the generated Server Manager code invokes a second security user exit, TIRSECV.
For the non-EJB and non-.NET Server DPS applications:
- The TIRSECV user exit is invoked shortly after TIRSECR (see Layer 2: Server Manager Security).
- TIRSECV is invoked to process data contained in a cooperative request's enhanced security data area (see the Common Format Buffer (CFB) discussion occurring earlier in this chapter).
- TIRSECV provides the following:
- The security data that is passed in the enhanced security data area contains both the CLIENT_USER_ID and CLIENT_PASSWORD values. The DPC sets the CLIENT_USER_ID and CLIENT_PASSWORD values.These values can be used in TIRSECV to determine if the user is valid and is authorized to execute the transcode that is associated with the cooperative flow request.
- The enhanced security is located in an area of the CFB that is encrypted before the request buffer being transmitted to the DPS. TIRSECV is invoked after the Server Manager decrypts the buffer area containing the enhanced security data. See the Encryption and Decryption section for more details.
- In addition to CLIENT_USER_ID and CLIENT_PASSWORD, the optional security token field is passed to the TIRSECV user exit. The client security user exit (for example, WRSECTOKEN) specifies the security token.
- The security token can be used when the DP application incorporates an external authenticating process (for example, Kerberos).
For the EJB and .NET Server DPS applications, the CLIENT_USER_ID, CLIENT_PASSWORD, and optional security object are passed to the TIRSECV user exit.
Copyright © 2014 CA.
All rights reserved.
|
|