434 IMS Connectivity in an On Demand Environment: A Practical Guide to IMS Connectivity
application should be protected with restricted access so that only authorized users can
access it on the distributed platform.
There is no support for passing the caller identity of the client application. At this point, the
use of SSL and IIOP requires the identity to be switched to “system identity” when
communicating between distributed and z/OS application servers.
Security on WebSphere Application Server for z/OS
Security regarding WebSphere Application Server for z/OS can be separated into two topics,
server-side EJB and between IMS.
Server-side EJB
The distributed application server propagates the run-as property of the client-side EJB, and
WebSphere Application Server for z/OS places an appropriate security identity on the thread
that will be used to access IMS. The server-side EJB defaults to the run-as identity value of
the system, which is the server region ID of WebSphere Application Server for z/OS. You can
change the run-as property in the deployment descriptor of the server-side EJB before
installing it.
Between IMS
The ODBA environment requires a previously verified Access Control Environment Element
(ACEE), which WebSphere Application Server for z/OS places on the execution thread.
ACEE is a control block that is built when a call to RACF or an equivalent security product is
issued. In the WebSphere Application Server for z/OS environment, the IMS JDBC resource
adapter uses sync-to-thread processing to ensure that a security context is placed on the
thread during execution to access an IMS database. This places an ACEE on the execution
thread, based on the run-as property of the server-side EJB.
21.5 Sample IMS RDS access
The following sections describe how to implement IMS Remote Database Services to access
an IMS system through the ODBA. We demonstrate the environment setup for IMS,
WebSphere Application Server for z/OS, and WebSphere Application Server for distributed
platforms. Then, we provide a sample Web application to query the IMS IVP database with
local transaction semantics.
We assume that there is already a WebSphere Application Server for z/OS Version 6 and
IMS Version 9 system up and running. We use Rational Application Developer Version 6 for
the Microsoft Windows platform to develop and test our Web client application.
We divide this task into the following areas:
1. Setting up ODBA for the IMS subsystem: This includes customizing the DRA startup table.
It enables WebSphere Application Server for z/OS to use ODBA for this IMS subsystem.
2. Setting up the WebSphere Application Server for z/OS subsystem: This includes
concatenating the IMS library to the WebSphere Application Server servant region,
installing the IMS JDBC resource adapter for IMS Java EJB, installing the custom service,
and installing the EAR file including the IMS Java EJB.
3. Creating and installing the metadata class for the sample application: This includes
executing DLIModel utility and adding a classpath to the IMS JDBC resource adapter.
4. Setting up the WebSphere Application Server for distributed platforms subsystem: This
includes installing the IMS distributed JDBC resource adapter and configuring the J2C
connection properties for our sample application.
Get IMS Connectivity in an On Demand Environment: A Practical Guide to IMS Connectivity now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
