APPSRV Procedure

PROC APPSRV Statement

Invokes the Application Server

Syntax

PROC APPSRV PORT=n <options>;

Summary of Optional Arguments

specifies the server administration password.
specifies a quoted string of parameters that are passed when invoking SAS/AF to run SCL programs.
enables the Application Server to go into background mode.
specifies the authentication scheme.
appends the specified character set name to the HTTP content-type header for any text output.
specifies the default character-set encoding for all data sent to and received from the Application Broker.
specifies the password to use for guest access.
specifies the user name to use for guest access.
specifies a manual override for GETSOCKNAME.
specifies the logical record length for _WEBOUT and _GRPHOUT filerefs.
specifies the buffer size in kilobytes (KB) for _WEBOUT and _GRPHOUT output buffering.
disables any special content-type processing and revert to existing SBCS behavior.
disables polling of the SAS/SHARE server librefs.
specifies the maximum number of requests that can execute concurrently.
controls the period of SAS/SHARE server libref polling.
specifies an optional list of characters that when used, enhances security by compressing name/value pairs.

Required Argument

PORT=n
specifies the request socket for the Application Server. There is no default setting.
  • If a numeric value other than zero is supplied, the value is used as the TCP/IP port number on which the server listens for requests.
  • If an alphanumeric value is supplied, it is assumed to be a network service name. The name is searched in the system services file (for example, /etc/services) and translated to a port number.
  • If zero is supplied, PROC APPSRV chooses an available port. This feature is used only for launch or pool services.

Optional Arguments

ADMINPW=password
enables the user to restrict access to specific administrator programs. The server has several built-in programs, such as STATUS and STOP. If ADMINPW is specified, the user must supply the password in the request (using the _ADMINPW variable) in order to run the STOP program. When the request is received, the server performs the following tasks:
  • verifies that the request is one of the administrator programs
  • searches the request data for the variable _ADMINPW
  • determines whether the variable value matches the ADMINPW password that is specified in the PROC APPSRV statement
  • if it is a match, the request is returned. If it is not a match, the request is rejected.
In addition to built-in programs, the ADMINLIBS statement can be used to declare various librefs and filerefs as containing administrator-only programs. Programs in these libraries are not executed unless _ADMINPW is passed and is verified.
Note that if a libref or fileref has been defined in both a PROGLIBS statement and an ADMINLIBS statement, then the ADMINPW is not required for programs in that libref or fileref. General users would have access to programs that might have been intended only for administrators.
AFPARMS='string'
specifies a quoted string that is appended to the SAS/AF command when users invoke user programs that are written in SCL. It can be used to pass a variety of parameters to the SAS/AF environment, but the primary use in the Application Server is to enable the SCL debugger. To invoke the SCL debugger, compile your SCL program with debug on and then start the server with
AFPARMS='debug=yes'
ALLOW_BACKGROUND
enables the Application Server to go into background mode. Background tasks must be run via a pool service. No sessions or other jobs can be active when you are requesting to execute a long-running job in the background. See Running Jobs in the Background for more information.
The request time-out is still governed by the MAXTIMEOUT limit, which defaults to 15 minutes. If background requests are expected to take longer than that then the MAXTIMEOUT must be increased. For example,
proc appsrv port=0 allow_background;
   request maxtimeout=3600;
AUTH=scheme
specifies the authentication scheme. The default scheme (AUTH=NONE without GUESTUSER being specified) causes all requests to be run with the credentials of the user name under which PROC APPSRV was started. Specifying GUESTUSER (and the corresponding GUESTPASS) with the default AUTH=NONE scheme causes all requests to be run with the credentials of the GUESTUSER user name. All access to catalogs, data sets, and external files are checked against this user name. Note that the AUTH=HOST special requirements listed below also apply to AUTH=NONE when GUESTUSER and GUESTPASS are specified.
The AUTH=HOST scheme requires a user name and password with each request, which runs using the credentials of the authenticated user name. All access to catalogs, data sets, and external files are checked against this user name. The user name and password can be specified with the reserved variables _USERNAME and _PASSWORD (and _PASSWORD2). The GUESTUSER and GUESTPASS options can be used to specify default values if they are not specified with the request. If the user name is not specified by either the _USERNAME variable or by the GUESTUSER option, the request is rejected (unless the LOGIN option is used.) User names and passwords are saved with sessions, so requests that connect to an existing session do not need to and cannot specify a new user name and password.
The AUTH=META option enables the PROC APPSRV statement to use a metadata server. The credentials passed in _USERNAME and _PASSWORD are validated against the metadata server instead of the host operating environment. META* SAS options must be set to valid values for AUTH=META to function. The GUESTUSER and GUESTPASS options are supported for AUTH=META. For more information about system options for metadata, see SAS Language Interfaces to Metadata.
The AUTH schemes do not apply to administration programs. Unprotected administration programs such as PING and STATUS can be run by any client without specifying a user name or password. Protected administration programs such as STOP require only the _ADMINPW parameter (for more details, see the ADMINPW option). ADMINPW is required if AUTH=HOST is specified.
See Special Requirements for AUTH=HOST for more information about the AUTH=HOST option.
CHARSET=character-set-name
appends the specified character set name to the HTTP content-type header for any text output unless the content-type was explicitly set by APPSRV_HEADER() or explicitly written to _WEBOUT by the SAS program. If CHARSET= is not specified, then the content-type header character set name is determined from the _WEBOUT output encoding.
ENCODING=encoding-name
specifies the default character-set encoding for all data sent to and received from the Application Broker. This option is not normally required unless the Web server uses a different encoding from the one used by the Application Server. PROC APPSRV ENCODING defaults to the appropriate Windows encoding regardless of the platform. The default output encoding is automatically set based on the SAS session encoding. The SAS session encoding is normally determined by the locale setting of your SAS installation, but can be set directly using the SAS ENCODING option. The following are the default Windows SAS encodings based on the Application Server's locale.
SAS Locale
Default PROC APPSRV ENCODING
Western Europe and the Americas
wlatin1
Eastern Europe
wlatin2
Cyrillic
wcyrillic
Japanese
ms-932
Encodings whose names include a hyphen (-) must be enclosed in quotation marks (').
GUESTPASS='password'
specifies the password to use for guest access. See AUTH.
GUESTUSER='username'
specifies the user name to use for guest access. See AUTH.
LOCALIP=IP-address
enables you to manually override the local IP address used by the Application Server. In rare cases, the local IP address returned by the operating environment is not usable, and a manual override is necessary.
LRECL=n
specifies the logical record length for _WEBOUT and _GRPHOUT filerefs. The default is 65535.
NETBUFFK=n
specifies the buffer size in kilobytes (KB) for _WEBOUT and _GRPHOUT output buffering. The buffer size must be a value between 4 and 128. Output buffering is disabled by default. Use of this option is not recommended without consulting SAS Technical Support.
NOCHARSET
disables any special content-type processing and reverts to existing SBCS behavior. You cannot use this option with the CHARSET= option.
NOSHAREPOLL
disables polling of the SAS/SHARE server librefs. You cannot use this option with the SHAREPOLL= option.
PROGRAMS=n
specifies the maximum number of requests that can execute concurrently. The default setting is 1.
Note that this option should not be used if PROC APPSRV is run in the SAS windowing environment.
SHAREPOLL=n
controls the period of SAS/SHARE server libref polling. The period is equal to n, which is a positive integer representing seconds. The default setting is 300 seconds (5 minutes). The SHAREPOLL setting should be interpreted as the minimum amount of time between polls of the SAS/SHARE server. SHARE polling has a lower priority than the servicing of client requests so in periods of high client activity the SHARE polling is delayed beyond the period specified by n. The SHAREPOLL= option cannot be used at the same time as the NOSHAREPOLL option.
UNSAFE='string'
specifies a quoted string listing characters that should be stripped from values in the request data (the name/value pairs). This option is normally used to strip characters from input values that could cause unwanted SAS macro language processing. The characters that users most often want to mark as unsafe are the following:
  • single quotation mark
  • double quotation mark
  • ampersand
  • percent
  • semicolon.
Because this list is enclosed by single quotation marks, you can represent a single quotation mark by placing two single quotation marks within the quoted string in the following manner:
UNSAFE='&"%;'''
There are times, such as processing free-format text input, when you might want to use the original, complete value for an input name/value pair. The APPSRV_UNSAFE function can be used for this purpose. For example, the complete text of an input variable named MYTEXT can be accessed in a DATA step or SCL program with APPSRV_UNSAFE, as in the following:
fulltext = appsrv_unsafe('MYTEXT');
The APPSRV_UNSAFE function can be called from macro with the %sysfunc function:
%let fulltext = %sysfunc(appsrv_unsafe(MYTEXT));
Note that if you are using programs developed before Version 8 of SAS, you might need to omit the UNSAFE option for proper operation of your application. If the UNSAFE option is not specified, no unsafe processing is performed and all name/value pairs are passed unmodified to the request program.

Details

Special Requirements for AUTH=HOST

Using AUTH=HOST on z/OS Systems

The AUTH=HOST option requires that the SAS SVC routine be installed on z/OS systems. The SAS SVC control program routine is an interface between the z/OS operating environment and a specific request, such as third-party checking. This facility provides verification in the form of calls for authentication of both the user ID and password and of library authority. Perform the following steps before using the AUTH=HOST option.
  1. Install the SAS SVC routine, if necessary. If you have already installed the SAS SVC routine for SAS 9.3, do not repeat the step here. If you need to perform the installation, see the installation instructions for SAS under z/OS at support.sas.com/documentation/installcenter for details.
    Because SAS SVC 9.3 is backward compatible, it replaces the SAS SVC routines from previous releases. You can continue using previous releases of Base SAS and SAS/IntrNet or SAS/SHARE with SAS SVC 9.3.
  2. Verify the SAS options for the SVC routine. You must verify that the SAS options for the SVC routine accurately reflect the way that the SAS SVC is installed. The SAS option SVC0SVC should be set to the number at which the SAS SVC is installed (for example, 251 or 109). If the SAS SVC is installed at 109 as an ESR SVC, set the SAS option SVC0R15 to the ESR code (for example, 4).
  3. Verify installation on all CPUs, as needed. If you have more than one CPU, verify that the SAS SVC routine is installed on the systems that are running the Application Server at your site.

Using AUTH=HOST on UNIX Systems

The AUTH=HOST option requires that the SAS User Authorization utilities (sasauth and sasperm) be configured properly. See the section on configuring user authorization in the SAS 9.3 post-installation instructions for UNIX at support.sas.com/documentation/installcenter for more information about these utilities.

Using AUTH=HOST on Windows Systems

The AUTH=HOST option requires special user rights on Windows systems. Review the following requirements carefully before enabling the AUTH=HOST option.
  • Any user name specified by a client (including the default GUESTUSER) must have Log on as a batch job advanced user right enabled. If this permission is not enabled, the client request is rejected as an invalid login.
  • On Windows NT and Windows 2000 only, the account that is running PROC APPSRV must have Act as part of the operating system advanced user right enabled to allow the server to verify login information. Note that all client requests are rejected as invalid if the server account does not have this permission.