(RPG) Some IBM i User Profile recommendations
Posted: Fri Jul 20, 2012 4:13 pm
LongRange recommends you create new independent IBM i user profiles for mobile user access.
This allows the classic 5250 user and the new mobile device user communities to be independently managed - even though the users involved may overlap.
It is also recommended that the template examples shipped in LRNG_PROJ are used as basic application building blocks and that users should sign on again after some period of inactivity.
This approach also (optionally) allows for mobile device users to gain initial IBM i system access by using a generic (or virtual) user profile such as QUSER (or LRNGUSER) and then you use software you define to control their actual system access – including validating their supplied user profile details against their i5 OS credentials and altering the 5250 job to use those credentials.
The LRNG_PROJ shipped project templates have examples of this, including how to validate user and password details against i5 OS - exactly as in a 5250 sign on.
If neither of the preceding approaches is thought to be appropriate - and you wish to reuse (or ‘dual purpose’) existing user profiles you will need to alter the user’s INLPGM program so they can log on via a 5250 interface or via a mobile interface by using the same user i5 OS user profile and password.
You need to create a program (probably in CL) to act as the user’s initial program (INLPGM) that does this:
If ( coming in from mobile device )
CALL LRNGLOGON – typically in library LRNG_SOFT
Else
CALL <CLASSIC LOGON> - typically their previous INLPGM
What you do in this program, how it is structured and where you actually place the CALL to LRNGLOGON is largely moot.
What matters is that LRNGLOGON presents the very first 5250 screen that appears after the logon screen and that only Form View RPG, COBOL or CL programs present all following screens.
ie: LongRange is not a 5250 terminal emulator – we have another product named aXes-TS2 that can do that – and you can use it in conjunction with and alongside new LongRange Form Views.
The crux of the logon process is how If ( coming in from mobile device ) is determined.
Following is a CL program that you can call from any program. It returns the current interactive job name, the IP address of the client, the server IP address, the device class, type and model. This information provides a number of techniques that you may use to determine whether the user is logging on to a classic 5250 device or coming in from a mobile device:
By the interactive job/device name assigned. aXes-LongRange can be configured so that all 5250 sessions are named in such a way as to distinguishable from classic 5250 sessions. For example adding =1,AXES$* into your /<axes root folder, typically axes>/configs/aXesTSUsers.conf configuration file will cause all 5250 devices created by aXes-LongRange to be named with the prefix “AXES”. BTW – if you look into this configuration file it offers several other options for gatekeeping who accesses your system from a mobile device.
By the assigned 5250 device characteristics: aXes-LongRange sessions typically create devices with class *VRT, device type 5555 and model C01. These characteristics are usually distinguishably different to those created by CA/400, TN5250, etc.
By IP address or IP address range : This will of course vary by site. It also offers another access checking gate that you can apply to you software.
Here is the sample program:
PGM PARM(&RMSGS &DEVDJOB &IPADDR &SRVIPADDR &CLASS +
&TYPE &MODEL)
/* --------------------------------------------------------- */
/* Program Parameters */
/* --------------------------------------------------------- */
/* Passed - pass as 'N' unless testing to command entry */
DCL VAR(&rmsgs) TYPE(*CHAR) LEN(10)
/* Returned - This job and the assigned 5250 device name */
DCL VAR(&DEVDJOB) TYPE(*CHAR) LEN(10)
/* Returned - The client IP address */
DCL VAR(&IPADDR) TYPE(*CHAR) LEN(15)
/* Returned - The server IP address (if available) */
DCL VAR(&SRVIPADDR) TYPE(*CHAR) LEN(15)
/* Returned - 5250 device class - typically "*VRT" for aXes */
DCL VAR(&CLASS) TYPE(*CHAR) LEN(10)
/* Returned - 5250 device type - typically "5555" for aXes */
DCL VAR(&TYPE) TYPE(*CHAR) LEN(10)
/* Returned - 5250 device model - typically "C01" for aXes */
DCL VAR(&MODEL) TYPE(*CHAR) LEN(10)
/* --------------------------------------------------------- */
/* Other Variables */
/* --------------------------------------------------------- */
DCL VAR(&DEVINFO) TYPE(*CHAR) LEN(999)
DCL VAR(&LENVAR) TYPE(*DEC) LEN(3 0) VALUE(999)
DCL VAR(&LENVARBIN) TYPE(*CHAR) LEN(4) +
VALUE(X'00000000')
DCL VAR(&FRMT) TYPE(*CHAR) LEN(8) VALUE('DEVD0600')
DCL VAR(&ERRCDE) TYPE(*CHAR) LEN(32)
/* --------------------------------------------------------- */
/* Program Logic */
/* --------------------------------------------------------- */
/* Retreive the job and device name */
RTVJOBA JOB(&DEVDJOB)
/* Initialize the returned device details to ERROR states */
CHGVAR VAR(%BIN(&LENVARBIN)) VALUE(&LENVAR)
CHGVAR VAR(&IPADDR) VALUE('ERROR')
CHGVAR VAR(&CLASS) VALUE('ERROR')
CHGVAR VAR(&TYPE) VALUE('ERROR')
CHGVAR VAR(&MODEL) VALUE('ERROR')
CHGVAR VAR(&SRVIPADDR) VALUE('ERROR')
/* Get the device details via API QDCRDEVD */
/* See http://publib.boulder.ibm.com/infocenter/iseries/v5r4/ */
/* index.jsp?topic=%2Fapis%2FQDCRDEVD.htm */
CALL PGM(QDCRDEVD) PARM(&DEVINFO &LENVARBIN &FRMT +
&DEVDJOB &ERRCDE)
MONMSG MSGID(MCH0000 CPF0000) EXEC(GOTO END)
/* Extract the details from the returned structure */
CHGVAR VAR(&IPADDR) VALUE(%SST(&DEVINFO 878 15))
CHGVAR VAR(&CLASS) VALUE(%SST(&DEVINFO 165 10))
CHGVAR VAR(&TYPE) VALUE(%SST(&DEVINFO 175 10))
CHGVAR VAR(&MODEL) VALUE(%SST(&DEVINFO 185 10))
CHGVAR VAR(&SRVIPADDR) VALUE(%SST(&DEVINFO 958 15))
/* If requested send details extracted as a message to caller */
END: IF COND(&RMSGS = 'Y') THEN(DO)
SNDPGMMSG MSG(&DEVDJOB || &IPADDR || &SRVIPADDR || &CLASS +
|| &TYPE || &MODEL)
ENDDO
/* Finished */
ENDPGM
This allows the classic 5250 user and the new mobile device user communities to be independently managed - even though the users involved may overlap.
It is also recommended that the template examples shipped in LRNG_PROJ are used as basic application building blocks and that users should sign on again after some period of inactivity.
This approach also (optionally) allows for mobile device users to gain initial IBM i system access by using a generic (or virtual) user profile such as QUSER (or LRNGUSER) and then you use software you define to control their actual system access – including validating their supplied user profile details against their i5 OS credentials and altering the 5250 job to use those credentials.
The LRNG_PROJ shipped project templates have examples of this, including how to validate user and password details against i5 OS - exactly as in a 5250 sign on.
If neither of the preceding approaches is thought to be appropriate - and you wish to reuse (or ‘dual purpose’) existing user profiles you will need to alter the user’s INLPGM program so they can log on via a 5250 interface or via a mobile interface by using the same user i5 OS user profile and password.
You need to create a program (probably in CL) to act as the user’s initial program (INLPGM) that does this:
If ( coming in from mobile device )
CALL LRNGLOGON – typically in library LRNG_SOFT
Else
CALL <CLASSIC LOGON> - typically their previous INLPGM
What you do in this program, how it is structured and where you actually place the CALL to LRNGLOGON is largely moot.
What matters is that LRNGLOGON presents the very first 5250 screen that appears after the logon screen and that only Form View RPG, COBOL or CL programs present all following screens.
ie: LongRange is not a 5250 terminal emulator – we have another product named aXes-TS2 that can do that – and you can use it in conjunction with and alongside new LongRange Form Views.
The crux of the logon process is how If ( coming in from mobile device ) is determined.
Following is a CL program that you can call from any program. It returns the current interactive job name, the IP address of the client, the server IP address, the device class, type and model. This information provides a number of techniques that you may use to determine whether the user is logging on to a classic 5250 device or coming in from a mobile device:
By the interactive job/device name assigned. aXes-LongRange can be configured so that all 5250 sessions are named in such a way as to distinguishable from classic 5250 sessions. For example adding =1,AXES$* into your /<axes root folder, typically axes>/configs/aXesTSUsers.conf configuration file will cause all 5250 devices created by aXes-LongRange to be named with the prefix “AXES”. BTW – if you look into this configuration file it offers several other options for gatekeeping who accesses your system from a mobile device.
By the assigned 5250 device characteristics: aXes-LongRange sessions typically create devices with class *VRT, device type 5555 and model C01. These characteristics are usually distinguishably different to those created by CA/400, TN5250, etc.
By IP address or IP address range : This will of course vary by site. It also offers another access checking gate that you can apply to you software.
Here is the sample program:
PGM PARM(&RMSGS &DEVDJOB &IPADDR &SRVIPADDR &CLASS +
&TYPE &MODEL)
/* --------------------------------------------------------- */
/* Program Parameters */
/* --------------------------------------------------------- */
/* Passed - pass as 'N' unless testing to command entry */
DCL VAR(&rmsgs) TYPE(*CHAR) LEN(10)
/* Returned - This job and the assigned 5250 device name */
DCL VAR(&DEVDJOB) TYPE(*CHAR) LEN(10)
/* Returned - The client IP address */
DCL VAR(&IPADDR) TYPE(*CHAR) LEN(15)
/* Returned - The server IP address (if available) */
DCL VAR(&SRVIPADDR) TYPE(*CHAR) LEN(15)
/* Returned - 5250 device class - typically "*VRT" for aXes */
DCL VAR(&CLASS) TYPE(*CHAR) LEN(10)
/* Returned - 5250 device type - typically "5555" for aXes */
DCL VAR(&TYPE) TYPE(*CHAR) LEN(10)
/* Returned - 5250 device model - typically "C01" for aXes */
DCL VAR(&MODEL) TYPE(*CHAR) LEN(10)
/* --------------------------------------------------------- */
/* Other Variables */
/* --------------------------------------------------------- */
DCL VAR(&DEVINFO) TYPE(*CHAR) LEN(999)
DCL VAR(&LENVAR) TYPE(*DEC) LEN(3 0) VALUE(999)
DCL VAR(&LENVARBIN) TYPE(*CHAR) LEN(4) +
VALUE(X'00000000')
DCL VAR(&FRMT) TYPE(*CHAR) LEN(8) VALUE('DEVD0600')
DCL VAR(&ERRCDE) TYPE(*CHAR) LEN(32)
/* --------------------------------------------------------- */
/* Program Logic */
/* --------------------------------------------------------- */
/* Retreive the job and device name */
RTVJOBA JOB(&DEVDJOB)
/* Initialize the returned device details to ERROR states */
CHGVAR VAR(%BIN(&LENVARBIN)) VALUE(&LENVAR)
CHGVAR VAR(&IPADDR) VALUE('ERROR')
CHGVAR VAR(&CLASS) VALUE('ERROR')
CHGVAR VAR(&TYPE) VALUE('ERROR')
CHGVAR VAR(&MODEL) VALUE('ERROR')
CHGVAR VAR(&SRVIPADDR) VALUE('ERROR')
/* Get the device details via API QDCRDEVD */
/* See http://publib.boulder.ibm.com/infocenter/iseries/v5r4/ */
/* index.jsp?topic=%2Fapis%2FQDCRDEVD.htm */
CALL PGM(QDCRDEVD) PARM(&DEVINFO &LENVARBIN &FRMT +
&DEVDJOB &ERRCDE)
MONMSG MSGID(MCH0000 CPF0000) EXEC(GOTO END)
/* Extract the details from the returned structure */
CHGVAR VAR(&IPADDR) VALUE(%SST(&DEVINFO 878 15))
CHGVAR VAR(&CLASS) VALUE(%SST(&DEVINFO 165 10))
CHGVAR VAR(&TYPE) VALUE(%SST(&DEVINFO 175 10))
CHGVAR VAR(&MODEL) VALUE(%SST(&DEVINFO 185 10))
CHGVAR VAR(&SRVIPADDR) VALUE(%SST(&DEVINFO 958 15))
/* If requested send details extracted as a message to caller */
END: IF COND(&RMSGS = 'Y') THEN(DO)
SNDPGMMSG MSG(&DEVDJOB || &IPADDR || &SRVIPADDR || &CLASS +
|| &TYPE || &MODEL)
ENDDO
/* Finished */
ENDPGM