|
TCPIPSERVICE resource definitions are used to define the association between ports and XCICS services, including XCICS Web support. Define and
install a TCPIPSERVICE resource definition for each port that you use for XCICS Web support.
Each TCPIPSERVICE definition that is active in a XCICS system must specify a unique port number. XCICS uses the TCPIPSERVICE definition for a port to determine what XCICS service should be invoked when it receives an inbound TCP/IP connection request on that port. The PROTOCOL attribute is used to identify the service. HTTP is specified for standard XCICS Web support, and USER is specified for non-HTTP requests that are handled using XCICS Web support.
For XCICS Web support, you normally need to create TCPIPSERVICE definitions for the default, or well-known, port numbers that are used for Internet services. For HTTP, the default port number is 80, and for HTTPS, the default port number is 443. You can also use non-standard port numbers.
Each TCPIPSERVICE definition can only specify one analyzer program, and one transaction definition for the Web attach task. If you need to use more than one of these items, you will need to use different TCPIPSERVICE definitions, and therefore different ports.
Note: The TCPIPSERVICE resource definition is the place where you specify the security measures that are applied for each port. You can choose whether or not to use SSL, and if you do use SSL, you need to choose the exact security measures that are applied (for example, the authentication method, the sending of certificates by client and server, and encryption of messages). Read "Security for XCICS Web support" in topic 2.9 for more information about the security features that you can use to keep your XCICS Web support facility safe.
The XCICS System Management Guide contains information about TCPIPSERVICE resource definition attributes that you will use during this process.
| 1. | Identify a TCP/IP port that you want to use for XCICS Web support. You are recommended to reserve the port number for use by XCICS Web support. |
| 2. | Begin TCPIPSERVICE definition with the statement "add tcpipservice" in xcics.conf |
| 3. | Specify the "port" attribute as the number of the TCP/IP port that is covered by this definition. |
| 4. | Use the "protocol" attribute to specify that XCICS Web support handles requests on this port. |
| • | Specify "http" for normal HTTP requests. This option covers both HTTP with SSL and HTTP without SSL. The "ssl" attribute specifies whether or not SSL is involved. |
| • | Specify "user" for non-HTTP requests that are handled using XCICS Web support. When "user" is specified, XCICS Web support facilities are used for handling the request, but no acceptance checks are carried out for messages sent and received using this protocol. The requests are flagged as non-HTTP and passed straight to the analyzer program. URIMAP definitions are not used for these requests. |
| 5. | Specify the "urm" attribute as the name of the analyzer program that is associated with this TCPIPSERVICE definition. For a non-HTTP (USER protocol) request, the analyzer program is always used. For an HTTP request, the analyzer program is used to interpret the request if a URIMAP definition specifies the use of an analyzer program, or if no URIMAP definition is present. An analyzer program must be specified. Only one analyzer program can be selected for each TCPIPSERVICE definition, but you can code it to handle any requests. |
| 6. | Use the "close_socket" and the "close_timeout" attributes to specify if and how long XCICS should wait before closing the socket, after issuing a receive for incoming data on that socket. The "close_socket" attribute set to "no" means that persistent connection will be used. Persistent connection are closed when the timeout specified with the "close_timeout" attribute is reached, or when the Web client closes it. |
| 7. | Use the "ssl" attribute to specify whether or not the secure sockets layer (SSL) is used for this port. YES means that SSL is used, and
XCICS sends a server certificate to the Web client. |
| 8. | If you have specified ssl=yes, make sure that the general settings server_ssl_certificate and server_ssl_key are correctly defined for the region. |
| 9. | Use the "auth" attribute to specify the level of authentication that is used for Web clients making requests on this port. |
| • | Specify "none if the Web client is not required to send authentication or identification information. |
| • | Specify "basic" to make XCICS attempt HTTP basic authentication, where XCICS requests a user ID and password from the Web client. |
| • | Specify "certificate" to use SSL client certificate authentication. The Web client must send a valid certificate which is already registered to the security manager, and associated with a user ID. If a valid certificate is not received, or the certificate is not associated with a user ID, the connection is rejected. |
| • | Specify "automatic" to either use SSL client certificate authentication, or if no certificate is sent, to use HTTP basic authentication (as for the "basic" option). |
|
