PROC APPSRV Statement

PROC APPSRV PORT=n <options>;

Option Definition

ADMINPW='password' The optional server administration password. This option does not have a default setting.

AFPARMS='string' An optional quoted string of parameters that are passed when invoking SAS/AF to run SCL programs. Users will pass AFPARMS='debug=yes' to invoke the SCL debugger.

AUTH=scheme The authentication scheme. The two values that can be used with this option are HOST (denotes a secure Application Server) or NONE. The default is NONE.

ENCODING=encoding-name The default character-set encoding for all data sent to and received from the Application Broker.

GUESTPASS='password' The password to use for guest access.

GUESTP2='password' An optional second password to use for guest access.

GUESTUSER='username' The username to use for guest access.

LOCALIP=IP-address A manual override for GETSOCKNAME.

LRECL=n The logical record length for _WEBOUT and _GRPHOUT filerefs.

NETBUFFK=n The buffer size (in kilobytes) for _WEBOUT and _GRPHOUT output buffering.

PORT=n The only required option. The port number or name. Zero is used for dynamic ports. PORT=n does not have a default setting.

PROGRAMS=n The maximum number of requests that can run concurrently. The default setting is 1.

UNSAFE='string' An optional list of characters that when used, enhances security by compressing name/value pairs.

Option	Definition
ADMINPW='password'	The optional server administration password. This option does not have a default setting.
AFPARMS='string'	An optional quoted string of parameters that are passed when invoking SAS/AF to run SCL programs. Users will pass AFPARMS='debug=yes' to invoke the SCL debugger.
AUTH=scheme	The authentication scheme. The two values that can be used with this option are HOST (denotes a secure Application Server) or NONE. The default is NONE.
ENCODING=encoding-name	The default character-set encoding for all data sent to and received from the Application Broker.
GUESTPASS='password'	The password to use for guest access.
GUESTP2='password'	An optional second password to use for guest access.
GUESTUSER='username'	The username to use for guest access.
LOCALIP=IP-address	A manual override for GETSOCKNAME.
LRECL=n	The logical record length for _WEBOUT and _GRPHOUT filerefs.
NETBUFFK=n	The buffer size (in kilobytes) for _WEBOUT and _GRPHOUT output buffering.
PORT=n	The only required option. The port number or name. Zero is used for dynamic ports. PORT=n does not have a default setting.
PROGRAMS=n	The maximum number of requests that can run concurrently. The default setting is 1.
UNSAFE='string'	An optional list of characters that when used, enhances security by compressing name/value pairs.

PROC APPSRV Arguments

ADMINPW=password

allows the user to restrict access to specific administrator programs. The server has several built-in programs, such as STATUS and STOP. If ADMINPW is specified, the user must supply the password in the request (using the _ADMINPW variable) in order to run the STOP program. When the request is received, the server performs the following tasks:

verifies that the request is one of the administrator programs
searches the request data for the variable _ADMINPW
determines if the variable value matches the ADMINPW password that is specified in the PROC APPSRV statement
if it is a match, the request is returned; if it is not a match, the request is rejected.

In addition to built-in programs, the ADMINLIBS statement can be used to declare various librefs and filerefs as containing administrator-only programs. Programs in these libraries are not executed unless _ADMINPW is passed and is verified.

AFPARMS='string'

is a quoted string that is appended to the SAS/AF command when users invoke user programs that are written in SCL. It can be used to pass a variety of parameters to the SAS/AF environment, but the primary use in the Application Server is to enable the SCL debugger. To invoke the SCL debugger, compile your SCL program with debug on and then start the server with

   AFPARMS='debug=yes'

AUTH=scheme

specifies the authentication scheme. The default scheme (AUTH=NONE without GUESTUSER being specified) causes all requests to be run with the credentials of the username under which PROC APPSRV was started. Specifying GUESTUSER (and the corresponding GUESTPASS) with the default AUTH=NONE scheme causes all requests to be run with the credentials of the GUESTUSER username. All access to catalogs, datasets, and external files are checked against this username. Note that the AUTH=HOST special requirements listed below also apply to AUTH=NONE when GUESTUSER and GUESTPASS are specified.

The AUTH=HOST scheme requires a username and password with each request, which will run using the credentials of the authenticated username. All access to catalogs, datasets, and external files are checked against this username. The username and password can be specified with the reserved variables _USERNAME and _PASSWORD (and optionally _PASSWORD2). The GUESTUSER and GUESTPASS (and optionally GUESTP2) options can be used to specify default values if they are not specified with the request. If the username is not specified by either the _USERNAME variable or by the GUESTUSER option, the request is rejected (unless the LOGIN option is used.) Usernames and passwords are saved with sessions, so requests that connect to an existing session do not need to and cannot specify a new username and password.

The AUTH schemes do not apply to administration programs. Unprotected administration programs such as PING and STATUS can be run by any client without specifying a username or password. Protected administration programs such as STOP require only the _ADMINPW parameter (for more details, see the ADMINPW option). ADMINPW is required if AUTH=HOST is specified.

See the Special Requirements section for more information about the AUTH=HOST option.

ENCODING=encoding-name

specifies the default character-set encoding for all data sent to and received from the Application Broker. This option is not normally required unless the Web server uses a different encoding from the one used by the Application Server. The ENCODING option can also be useful if the Application Server is in the OS/390 environment and the SAS session encoding includes characters that are not represented in the default latin1 (ISO 8859-1) encoding. Encodings whose names include a dash (-) must be enclosed in quotation marks (').

GUESTPASS='password'

See AUTH.

GUESTP2='password'

See AUTH. This option is used only in OpenVMS environments because OpenVMS can accept two passwords.

GUESTUSER='username'

See AUTH.

LOCALIP=IP-address

allows you to manually override the local IP address used by the Application Server. In rare cases, the local IP address returned by the operating system is not usable, and a manual override is necessary.

LRECL=n

is the logical record length for _WEBOUT and _GRPHOUT filerefs. The default is 65535.

NETBUFFK=n

is the buffer size in kilobytes (KB) for _WEBOUT and _GRPHOUT output buffering. The buffer size must be a value between 4 and 128. Output buffering is disabled by default. Use of this option is not recommended without consulting SAS Technical Support.

PORT=n

specifies the request socket for the Application Server.

If a numeric value other than zero is supplied, the value is used as the TCP/IP port number on which the server listens for requests.
If an alphanumeric value is supplied, it is assumed to be a network service name. The name is searched in the system services file (for example, /etc/services) and translated to a port number.
If zero is supplied, PROC APPSRV chooses an available port. This feature is used only for launch or pool services.

PROGRAMS=n

specifies the maximum number of requests that can execute concurrently. The default setting is 1.

Note: This option should not be used if PROC APPSRV is run in an interactive SAS session. This option is experimental in all releases prior to Release 8.1 of SAS/IntrNet software.

UNSAFE='string'

specifies a quoted string listing characters that should be stripped from values in the request data (the name/value pairs). This option is normally used to strip characters from input values that could cause unwanted SAS macro language processing.

The characters that users most often want to mark as unsafe are the following:

single quotation mark
double quotation mark
ampersand
percent
semicolon.

Because this list is enclosed by single quotation marks, you can represent a single quotation mark by placing two single quotation marks within the quoted string in the following manner:

   UNSAFE='&"%;'''

There are times, such as processing free-format text input, when you might want to use the original, complete value for an input name/value pair. The APPSRV_UNSAFE function can be used for this purpose. For example, the complete text of an input variable named MYTEXT can be accessed in a DATA step or SCL program with APPSRV_UNSAFE, as in the following:

   fulltext = appsrv_unsafe('MYTEXT');

The APPSRV_UNSAFE function can be called from macro with the %sysfunc function:

   %let fulltext = %sysfunc(appsrv_unsafe(MYTEXT));

Note: If you are using programs developed before Version 8 of the SAS System, you may need to omit the UNSAFE option for proper operation of your application. If the UNSAFE option is not specified, no unsafe processing is performed and all name/value pairs are passed unmodified to the request program.

Special Requirements for AUTH=HOST

Using AUTH=HOST on OpenVMS systems

The AUTH=HOST option requires that the account that is running PROC APPSRV must have SYSPRV privilege enabled to allow the server to verify login information. Note that all client requests will be rejected as invalid if the server account does not have this privilege.

Using AUTH=HOST on OS/390 systems

The AUTH=HOST option requires that the SAS SVC routine be installed on OS/390 systems. The SAS SVC control program routine is an interface between the OS/390 operating system and a specific request, such as third-party checking. This facility provides verification in the form of calls for authentication of both the userid and password and of library authority. Perform the following steps before using the AUTH=HOST option.

Install the SAS SVC routine, if necessary.
- If you have already installed the SAS SVC routine for Release 8.2 of SAS software, do not repeat the step here. If you need to perform the installation, see the Installation Instructions and System Manager's Guide, The SAS System under OS/390 for details.
- Because SAS SVC in Release 8.2 is backward compatible, it replaces the SAS SVC routines from previous releases. You can continue using previous releases of Base SAS and SAS/IntrNet or SAS/SHARE with the Release 8.2 SAS SVC that is installed on your system.
Verify the SAS options for the SVC routine.
- You must verify that the SAS options for the SVC routine accurately reflect the way that the SAS SVC is installed. The SAS option SVC0SVC should be set to the number at which the SAS SVC is installed (for example, 251 or 109). If the SAS SVC is installed at 109 as an ESR SVC, set the SAS option SVC0R15 to the ESR code (for example, 4).
Verify installation on all CPUs, as needed.
- If you have more than one CPU, verify that the SAS SVC routine is installed on the systems that will be running the Application Server at your site.

Using AUTH=HOST on UNIX systems

The AUTH=HOST option requires that the SAS User Authorization utilities (sasauth and sasperm) be configured properly. See the Configuring User Authorization section of the Post-Installation Instructions chapter of the SAS System Installation Instructions for more information on these utilities.

Using AUTH=HOST on Windows systems

The AUTH=HOST option requires special user rights on Windows NT or Windows 2000 systems. Review the following requirements carefully before enabling the AUTH=HOST option.

Any username specified by a client (including the default GUESTUSER) must have Log on as a batch job advanced user right enabled. If this permission is not enabled, the client request is rejected as an invalid login.
The account that is running PROC APPSRV must have Act as part of the operating system advanced user right enabled to allow the server to verify login information. Note that all client requests are rejected as invalid if the server account does not have this permission.

The AUTH=HOST option is not supported on Windows 95/98 systems.