Start of change

HTTP client send exit XWBSNDO

XWBSNDO enables systems administrators to specify a security policy for HTTP requests by CICS® as an HTTP client. XWBSNDO is called during processing of an EXEC CICS WEB SEND or EXEC CICS WEB CONVERSE command. The host name and path information are passed to the exit, and a security policy can be applied to either or both of these components.

CICS itself does not apply any security policy for HTTP requests by CICS as an HTTP client; it is your responsibility to set up this facility if it is required by your system or organization.

The XWBOPEN exit on the WEB OPEN command can be used to bar access to a whole host, and the XWBSNDO exit can be used to do the same or to bar access to specific paths within a host. If you want to bar access to a whole host, doing this with the XWBOPEN exit saves time, because the application program is not able to open the connection and so does not waste time creating the request that should be sent. The host name is provided to the XWBSNDO exit with the primary intention of allowing you to differentiate between identical paths used by different hosts.

If chunked transfer-coding is being used for the HTTP request, XWBSNDO is only called on the first WEB SEND command for the chunked message.

The XWBSNDO user exit does not support the use of EXEC CICS commands.

The host is passed to the user exit program as the UEPHOST parameter, and the path is passed as the UEPPATH parameter. Return code UERCNORM indicates that the path is permitted, and return code UERCBARR indicates that the path is not permitted. If the path is not permitted, an INVREQ response is returned to the WEB SEND or WEB CONVERSE command, and the application programmer should handle this by closing the connection with a WEB CLOSE command.

Exit XWBSNDO

When invoked
During processing of an EXEC CICS WEB SEND or EXEC CICS WEB CONVERSE command for an HTTP request by CICS as an HTTP client. A client request is indicated by the use of the SESSTOKEN parameter on the WEB SEND command.
Exit-specific parameters
UEPHOST
The address of a field containing the host name specified in the HOST option of the WEB OPEN command for the connection.
Note: The host name is converted into lower case when it is saved in this field. Your user exit program should take this into account when matching the host name.
UEPHOSTL
The address of a field containing the halfword length of the host name.
UEPPATH
The address of a field containing the path specified in the PATH option of the WEB SEND command. The path is in mixed case, as it was specified.
UEPPATHL
The address of a field containing the halfword length of the path.
Return codes
UERCNORM
The path is permitted.
UERCBARR
The path is not permitted.
XPI calls
All XPI calls can be used.
API and SPI commands
No EXEC CICS commands can be used.
End of change