Security for Node.js applications
Node.js applications typically handle user authentication themselves, and do not often pass on user credentials to the back-end systems they interact with. Therefore, in most cases securing a Node.js application is handled in the same way when it is running in CICS® as when it is running in any other environment.
Node.js applications in CICS always run under the CICS region user ID. This is important for Node.js applications that interact with the file system. The CICS region user ID must have the correct permissions for any files that are accessed by the Node.js application.
Security for invoke requests to CICS
- Run (by default) under the CNJW transaction ID
- Run (by default) under the CICS region's default user ID (typically CICSUSER)
Both the default transaction ID and the default user ID can be modified, on a per URI basis, by using a URIMAP resource. The URI is passed to the invoke function by the Node.js application. For example, if a URIMAP is installed which indicates that requests for path /examples/updateAccount are to be mapped to transaction ID TEST and user ID WORKER then any work that is started for that URI path will override the default values as requested. In this example, the Node.js application must supply a URI with path /examples/updateAccount as a parameter to the invoke function. Therefore, the complete URI passed to the invoke function might be http://example.org:12345/examples/updateAccount.
If the URIMAP indicates that the target transaction ID is CPIH (which is the default value when USAGE(PIPELINE) is specified on a URIMAP), then any tasks for that URI invoked from Node.js will run under the CNJW transaction ID.
There is no mechanism for specifying an alternative user ID for each individual request to the same URI.
For more information on using the invoke function, see Calling CICS services.