WEBPCM does its own security checking. The Web Transaction Server does not check authorization for WEBPCM requests.
As in the Web Transaction Server, users can be anonymous users or authorized users.
Anonymous User
Anonymous users can access Web Transaction Server applications without identifying themselves. The usercode used in the dialog with Web Transaction Server is either one of the following:
-
A usercode configured in the WEBPCM service
-
An anonymous usercode of the Web Transaction Server provider when no usercode is defined in the WEBPCM service
Authorized User
Authorized users are required to supply a valid MCP usercode and password when the WEBPCM service is configured with attribute CHECKUSERAUTH = TRUE. When the dialog to Transaction Server is opened, the usercode validated with USERDATA is used to open the dialog.
The user who logs into a WEBPCM service is supplying authorization for the realm, which is the directory up to the last node. For example, a URL of http://localhost/comsdemo1/echo provides authorization for the realm “/comsdemo1/”.
A request to http://localhost/comsdemo1/testmerge is to the same realm and does not require reauthorization. A request to another realm, such as the request http://localhost/comsdemo2/echo with its realm “/comsdemo2/”, might require the user to reenter the usercode and password.
