CICS® supplies two sample security exit programs for IIOP--DFHXOPUS and DFHEBURM. Both are in the SDFHSAMP library.
DFHXOPUS attempts to derive a user ID by examining the Secure Sockets Layer (SSL) options defined for the TCPIPSERVICE.
DFHXOPUS accepts the RACF® user ID associated with the SSL client certificate, if there is one associated with the TCPIPSERVICE. If there is no RACF user ID associated with a certificate:
If a user ID has not been found using these procedures, DFHXOPUS returns the default user ID defined by the CICS system initialization DFLTUSER parameter.
The security exit program returns the user ID in the userid field of the communications area. If the user ID is less than 8 characters long, the exit program pads the field with blanks. Because a user ID is being returned, the return_code field is set to RCUSRID (X'01') .
If you write your own security exit program, it should return all fields other than userid and return_code unchanged, or unpredictable results will occur.
DFHEBURM is for use with the EJB Bank Account sample program. It alters the user ID under which the sample runs from the default CICS user ID to "SAMPLE". For more information about DFHEBURM, see Java™ Applications in CICS.
For further information about the use of the Secure Sockets Layer (SSL), see the CICS RACF Security Guide.