Configuring z/OS Connect for CICS 1.0

z/OS Connect for CICS 1.0 is distributed as part of CICS® Transaction Server. you can use it to host services deployed using the DFHLS2JS and DFHJS2LS JCL procedures, and it is compatible with older JSON web services technology in CICS.

Before you begin

Do you already have a WebSphere® Liberty JVM server that is configured in CICS? Although it is possible to host z/OS® Connect and other unrelated services in the same WebSphere Liberty environment, it is good practice to configure a separate JVM server for the sole use of z/OS Connect. It is also good practice to have only a single WebSphere Liberty JVM server that is configured in any single CICS region.

You can host z/OS Connect for CICS 1.0 in its own CICS region, or group of CICS regions, and use the Distributed Program Link mechanism to call CICS programs in the application-owning CICS regions.

About this task

z/OS Connect for CICS 1.0 provides a basic z/OS Connect environment with an improved experience compared to the older JSON web services technology in CICS, but lacks many of the features of z/OS Connect Enterprise Edition.

You must configure a JVMSERVER and PIPELINE resource before you can deploy JSON services. This initial configuration is required only once. Services deployed to z/OS Connect for CICS 1.0 can subsequently be redeployed to z/OS Connect Enterprise Edition.

Procedure

  1. Create a JVMSERVER and configure it to support the WebSphere Liberty. For more information about creating a WebSphere Liberty JVMSERVER, see Configuring a Liberty JVM server for web applications.
  2. Configure WebSphere Liberty for your security requirements. By default, it expects the use of client-certified SSL certificates. You can add the following configuration option to the server.xml file to enable the use of HTTP Basic Authentication: 
        <!-- Allow fail-over to HTTP Basic Authentication --> 
    <webAppSecurity allowFailOverToBasicAuth="true"/>
    You must also give users z/OS Connect the zosConnectAccess security role. For more information about WebSphere Liberty security, see Configuring security for a Liberty JVM server, or for z/OS Connect security, see Security for z/OS Connect.
  3. Update the <featureManager> list in the server.xml file for the WebSphere Liberty to include a <feature>cicsts:zosConnect-1.0</feature> feature as shown in the following example: 
        <featureManager>
         <feature>cicsts:core-1.0</feature>
         <feature>ssl-1.0</feature>
         <feature>cicsts:zosConnect-1.0</feature>
     </featureManager>
  4. Define the z/OS Connect for CICS 1.0 Service Controller by adding the following statement to the server.xml file: 
     <com.ibm.cics.wlp.zosconnect.CICSEndpoint 
        id="com.ibm.cics.wlp.zosconnect.CICSEndpointService"/>
  5. Install the JVMSERVER. Check the generated messages.log file for error or warning messages. This log contains the messages that are generated by WebSphere Liberty Server, including messages that are issued by z/OS Connect for CICS 1.0 such as: 
    SRVE0169I: Loading Web Module: z/OS Connect.
SRVE0250I: Web Module z/OS Connect has been bound to default_host.
  6. Create an XML pipeline configuration file. Sample pipeline configuration file jsonzosconnectprovider.xml is provided in the directory /usr/lpp/cicsts/cicsts53/samples/pipelines/ (where /usr/lpp/cicsts/cicsts53 is the default install directory for CICS files on z/OS UNIX). You must also decide whether you want to parse the JSON by using Java™ in the Liberty JVM server (the default), or to use the non-Java JSON parser:
    • To parse the JSON by using Java in the Liberty JVM server, you can use the sample pipeline configuration file, but replace DFHWLP in the <jvmserver> element with the name of your JVMSERVER from step 1.
    • To parse the JSON by using the non-Java parser, modify the sample configuration file to append the java_parser="no" attribute to the <provider_pipeline_json> element as in the following example:
      <?xml version="1.0" encoding="EBCDIC-CP-US"?>
<provider_pipeline_json java_parser="no"
  xmlns="https://www.ibm.com/software/htp/cics/pipeline">
   <jvmserver>DFHWLP</jvmserver>
</provider_pipeline_json>
    Replace DFHWLP with the name of the JVMSERVER that you created at the start of this procedure.
  7. Copy the pipeline configuration file to a suitable directory in zFS and ensure that the file permissions allow the CICS region to read the file.
    For information, see Pipeline configuration files.
  8. Create a PIPELINE resource.
    The PIPELINE resource defines the location of the pipeline configuration file. You should not attempt to use the SCAN mechanism to install WEBSERVICEs into this PIPELINE.
  9. Create a default URIMAP resource for z/OS Connect.
    URIMAP resources are used to associate a TRANSACTION and default user ID with z/OS Connect work. One or more URIMAP resources can be used to configure a default policy for z/OS Connect.
    For an example URIMAP configuration and more information on configuration options see Configuring permissions for Services and APIs

Results

Your z/OS Connect for CICS 1.0 instance is configured. You can test the basic configuration by typing this URL into a web browser: https://hostname:portnumber/zosConnect/apim/services, where hostname is the IP address or host name of the system on which the CICS region that is hosting z/OS Connect for CICS 1.0 is running, and portnumber is the httpsPort that is specified in the <httpEndpoint> element of the server.xml file. The web browser displays a list of installed services; because no services are yet installed, the list is empty.

If you receive an HTTP 403 AuthorizationFailed response rather than the expected Service list, review the Security configuration from Step 2. It is likely that the authenticated user is not authorized to use z/OS Connect.

What to do next

You are now ready to deploy JSON web services into z/OS Connect for CICS 1.0.