Providing dynamic HTTP responses with Web-aware application programs

 Top  Previous  Next

You can use Web-aware application programs to provide application-generated responses to HTTP requests from a Web client.

The following task-specific components of XCICS Web support are used for this task:

TCPIPSERVICE resource definitions
URIMAP resource definitions
Web-aware application programs, using the EXEC XCICS WEB programming interface
Alias transactions for the application programs
Analyzer program
Security facilities
Web error programs

"HTTP requests and response processing (as server)" explains how the process elements work together.

1.Design and code one or more Web-aware application programs to provide a response to each request by the Web client, using the information in "Writing Web-aware application programs for XCICS as an HTTP server". Web-aware application programs can use EXEC CICS WEB and EXEC CICS DOCUMENT commands to receive and analyze an HTTP request, and to write and send a response to the request. Each program handles a single request and response.
 
Note: Web-aware application programs that use the EXEC XCICS WEB commands must run in the XCICS region where the Web client's request is received. However, they may link to application programs in other XCICS regions, for example to perform business logic.
2.Consider security issues for this XCICS Web support task. For application-generated responses, XCICS can implement HTTP basic authentication for a connection, where the user must supply an ID and password. (Basic authentication does not operate for items delivered as a static response). You can use the user ID to control access to individual resources. If you need to protect information passed over the Internet (including the user IDs and passwords used for basic authentication), consider using Secure Sockets Layer (SSL). For more information, see "Security for XCICS Web support".
3.Decide on the URL that the Web client will use for each request, including the scheme, host and path components, and any query string.
4.Decide on the port that will be used for the requests. For HTTP, the default port number is 80, and for HTTPS (with SSL), the default port number is 443. Port numbers that are not the default for a scheme need to be specified explicitly in the URL of requests. If you prefer, you can allow a request to use any port that is associated with XCICS Web support.
5.If you do not yet have a TCPIPSERVICE definition for the port on which the requests are received, follow the procedure in "Creating TCPIPSERVICE definitions" to set up a TCPIPSERVICE definition. The name of the relevant TCPIPSERVICE definition is specified in the URIMAP definition for the request. Specifying no TCPIPSERVICE definition means that requests matched by the URIMAP definition can use any port for which a TCPIPSERVICE definition exists.
6.Select an alias transaction ID for the user application programs that are involved with this task. The default alias transaction is CWBA. You can create your own alias transaction following the instructions in "Creating TRANSACTION resource definitions". You can use the URIMAP definition or an analyzer program to specify an alias transaction for each HTTP request.
7.Decide how the analyzer program associated with the TCPIPSERVICE definition should be used, and select an appropriate program. "Analyzer programs" has more information about what you can do using an analyzer program. For Web-aware applications, you can choose between the following strategies:
a.Use the XCICS-supplied sample analyzer program DFHWBAHX to provide basic support for both requests using URIMAP definitions, and requests following the same process that XCICS Web support used before XCICS TS 3.1. DFHWBADX takes no action if a matching URIMAP definition is found. If no match is found, it analyzes URLs in the format that was required before CICS TS 3.1. If the analysis  fails, DFHWBADX gives control to the  Web error program to produce an error response.
b.Use your own analyzer program to provide customized support. This might include:
- Making dynamic changes to processing for requests using URIMAP definitions.
- Providing monitoring or audit actions during processing for requests.
- Supporting requests following the same process that XCICS Web support used before IBM CICS TS 3.1.
A customized analyzer program can be specified using the analyzer=yes attribute in a URIMAP definition, and is then involved in the processing path for requests. As supplied, DFHWBAHX take no action if they are invoked from a URIMAP definition.
8.Set up a URIMAP definition to handle each request. Follow the procedures in "Starting a URIMAP resource definition for any requests for XCICS as an HTTP server" and "Completing a URIMAP definition for an application response to an HTTP request for XCICS as an HTTP server". It is possible to pass HTTP requests directly to an analyzer program without using URIMAP definitions, following the same process that XCICS Web support used before IBM CICS TS 3.1. However, using URIMAP definitions can make it easier to manage HTTP requests. Without URIMAP definitions, if you want to change the way in which XCICS responds to a particular HTTP request, you need to change the logic in the analyzer program. With URIMAP definitions, you can perform these changes dynamically as a system management task.