During API connect processing, the security exit parameter block identifies
the connection type. You can use the type field to identify the origin of
the API connection. The following fields are also provided for all connection
types:
- The thread token for the API connection, which is unique within the MVS™ image
where the CMAS is running
- The USER value from the API CONNECT command
- The SIGNONPARM value from the API CONNECT command
- The default CICS® user ID for the CMAS.
Note: The REXX API program passes the USER and SIGNONPARM values
to the security exit as 8-byte fields. If either of the values is less
than 8 characters, the field is padded with blank spaces (X'40').
For connections that originate from a MAS (that is, the API program
is running in a CICS system), the following data fields are set:
- CICS SYSID
- CICS task number of the task that issued the connect
- CICS terminal ID of the task, if any.
For connections that originate from somewhere other than a MAS, the
jobname of the Job, started task, or TSO address space is provided.
Using this input, your security routine can accept or reject the connection.
If the connection is accepted, you must provide one of the following:
- The address of an accessor environment element (ACEE)
- A user ID for the connecting application.
If you provide both an ACEE address and a user ID, security information
for the user is extracted from the ACEE and the user ID is ignored.
Your security routine can also provide a four-byte user token that
will be maintained by CICSPlex® SM for the life of the API program. This token
is returned to the exit during API disconnect processing.
Your security routine should set the RESPONSE and REASON values from the
CONNECT command prior to exiting.