Providing dynamic HTTP responses with web-aware application programs

You can use web-aware application programs to provide application-generated responses to HTTP requests from a web client.

About this task

This task involves the following components of CICS web support and includes a number of subtasks.

• TCPIPSERVICE resource definitions
• URIMAP resource definitions
• Web-aware application programs, that use the EXEC CICS WEB programming interface
• Alias transactions for the application programs
• Analyzer program
• Security facilities
• Web error programs

Figure 1 shows the architecture elements for this CICS web support task. HTTP request and response processing for CICS as an HTTP server explains how the process elements work together.

1. Design and code one or more web-aware application programs to provide a response to each request by the web client, by using the information in Developing HTTP applications.
   Web-aware application programs can use EXEC CICS WEB and EXEC CICS DOCUMENT commands to receive and analyze an HTTP request, and to write and send a response to the request. Each program handles a single request and response.

   Note: Web-aware application programs that use the EXEC CICS WEB commands must run in the CICS region where the web client request is received. However, they can link to application programs in other CICS regions.
2. Consider security issues for this CICS web support task.
   CICS can implement HTTP basic authentication for a connection, where the user must supply an ID and password. You can use the user ID to control access to individual resources used for application-generated responses or static responses. If you need to protect information that is passed over the Internet (including the user IDs and passwords that are used for basic authentication), consider using Secure Sockets Layer (SSL). For more information, see Security for CICS web support.
3. Decide on the URL that the web client uses for each request, including the scheme, host and path components, and any query string.
   See The components of a URL. URLs for CICS web support explains the factors and limitations to consider in choosing a URL.
4. Decide on the port that is used for the requests, referring to
   Reserving ports for CICS web support.
   For HTTP, the default port number is 80, and, for HTTPS (with SSL), the default port number is 443. Port numbers that are not the default for a scheme are specified explicitly in the URL of requests.
   If you prefer, you can allow a request to use any port that is associated with CICS web support.
5. If you do not yet have a TCPIPSERVICE definition for the port on which the requests are received, follow the procedure in Creating TCPIPSERVICE resource definitions for CICS web support.
   Use this definition to specify the security measures that you have selected for the port (such as the use of SSL and basic authentication).
   The name of the relevant TCPIPSERVICE definition is specified in the URIMAP definition for the request. Specifying no TCPIPSERVICE definition means that requests matched by the URIMAP definition can use any port for which a TCPIPSERVICE definition exists.
6. Select an alias transaction ID for the relevant user application programs. The default alias transaction is CWBA. To create your own alias transaction, see Creating TRANSACTION resource definitions for CICS web support.
   You can use the URIMAP definition or an analyzer program to specify an alias transaction for each HTTP request.
   If you are implementing resource level security using the user IDs of web clients, the user IDs are applied to this transaction and need permission to access protected CICS resources and commands that are used by the transaction.
7. Decide whether to use the analyzer program because using this program can disqualify your HTTP requests being processed by a directly attached user transaction. For more information, see Processing HTTP requests by using directly attached user transactions. Otherwise, decide how the analyzer program, described in Analyzer programs, associated with the TCPIPSERVICE definition is used, and select an appropriate program.
   For web-aware applications, you can choose between the following strategies:
   1. Use the CICS supplied default analyzer program DFHWBAAX to provide error handling. DFHWBAAX is suitable where all of the requests that use this port are handled by using URIMAP definitions.
      DFHWBAAX takes no action if a matching URIMAP definition is found. If no match is found, it gives control to the user-replaceable web error program DFHWBERX to produce an error response.
   2. Use the CICS supplied sample analyzer program DFHWBADX to provide basic support for requests that use URIMAP definitions and for requests following the same process that CICS web support used before CICS TS 3.1.
      DFHWBADX takes no action if a matching URIMAP definition is found. If no match is found, it analyzes URLs in the format that was required before CICS TS 3.1. If the analysis fails, DFHWBADX gives control to the user-replaceable web error program DFHWBEP to produce an error response. (If the URLs specified in your URIMAP definitions do not fit the format that was required before CICS TS 3.1, customize DFHWBADX or DFHWBEP to provide a meaningful response.)
   3. Use your own analyzer program to provide customized support:
      • Make dynamic changes to processing for requests that use URIMAP definitions.
      • Provide monitoring or audit actions during processing for requests.
      • Support requests following the same process that CICS web support used before CICS TS 3.1.
      • Provide error responses that use the user-replaceable web error programs, DFHWBEP and DFHWBERX.
      You can specify a customized analyzer program that uses the ANALYZER(YES) attribute in a URIMAP definition. It is then involved in the processing path for requests. As supplied, DFHWBAAX and DFHWBADX take no action if they are called from a URIMAP definition.
8. Decide how you want code page conversion to take place, for the HTTP requests, and for the responses that the user application programs provide to them.
   Code page conversion, described in Code page conversion for CICS Web support, typically consists of converting the web client request, made by using an ASCII character set, into an EBCDIC code page for use by the application program; and then reversing this process to return the application program output to the web client. You can specify code page conversion settings in the EXEC CICS WEB API commands that are issued by a web-aware application program.
9. Set up a URIMAP definition to handle each request. Follow the procedures in Creating a URIMAP resource for CICS as an HTTP server.
   You can pass HTTP requests directly to an analyzer program without using URIMAP definitions, following the same process that CICS web support used before CICS TS 3.1. However, using URIMAP definitions can make it easier to manage HTTP requests. Without URIMAP definitions, if you want to change how CICS responds to a particular HTTP request, you need to change the logic in the analyzer program. With URIMAP definitions, you can perform these changes dynamically as a system management task.
   Using URIMAP definitions (without an analyzer program) the listener task can directly attach user transactions for fast arriving HTTP requests. The web attach task is bypassed, and performance enhancement is gained by saving the CPU time needed for processing requests. For more information, see Processing HTTP requests by using directly attached user transactions.
10. Ensure that the user-replaceable web error programs, described in Web error programs, provide appropriate responses to the web client.
    The web error programs are used if an error in initial processing, an abend, or failure occurs in the CICS web support process. They are not used in all error situations.