CWS Security

CICS Web services does not provide its own security; however, you can implement some measure of security using one or more of the following options:

TCPIPSERVICE
For server-side security, you can configure the TCPIPSERVICE with transport security (TLS/SSL). To use it effectively, a client might be required to perform authentication via a certificate, via HTTP Basic Authentication, or both. See SSL Support for CICS Web Interface Servers and the IBM TCPIPSERVICE attributes Help page for details.
Authorization header
A CICS Web Service requester can send an Authorization header using the technique described for the IBM SupportPac CA8J in their SupportPac CA8J: Generate Basic Authentication headers for a CICS HTTP client document. Generally, this includes these three steps:
  1. Specify a transport handler program in the pipeline configuration file for the requester.
  2. Code the transport handler program to call the HTTPAUTH program, providing the required user name and password.
    Note: HTTPAUTH encodes the credentials in Base64.
  3. Using the encoded data returned from HTTPAUTH, append the transport handler program with an Authorization header to the SOAPAction header container.