Download Security Exit Program (PUIDNLEXIT)



The PUI Download Exit (PUIDNLEXIT) program provides security and optionally some server-side logic for downloads sent through the pui.download() API.  This code is called twice during each download, once before the download begins, and once after the download is complete. The parameters to this exit program are as follows:

1

timing flag

input

10i 0

2

input data

input

data structure

3

IFS directory from which to download stream file

i/o

640A varying

4

IFS stream file to download

i/o

256A varying

5

attachment file name

i/o

256A varying

6

content type

i/o

255A varying

7

allow flag

output

5i 0

  • Timing Flag -  The exit program will be called twice, once before the download (for authority checking) and once after the download (for cleanup).  This flag will contain a 0 during the "before" call, and a 1 during the "after" call.

  • Input Data - this is a data structure that provides input-only information that the exit program can use to check if it should allow the user access to the download.  The data structure is laid out as follows:

    D InputData ds qualified D fileid 640a varying D userid 10a D ipAddr 15a D inline 1n

    fileid - original id value supplied on pui.download() API
    userid - the user profile name of the signed-in user who initiated the download
    ipAddr - the IP address that the download was initiated by
    inline - set to *ON if download is sent to be opened in the browser, or *OFF if intended to be saved to disk.

  • IFS Directory from which to download stream file - the IFS directory from which to download the file, as supplied in the "id" parameter.  The exit program can change this in order to force the download to come from a different IFS directory, or it can simply validate that this directory is allowed.

  • IFS stream file to download - the name of the disk object to download, as interpreted from the "id" parameter.  This file will be served from the directory given in the preceding parameter.  The exit program can change this to a different file name, as needed.  For example, the exit program may wish to generate a temporary file for download, and if so, it should set this to the name of the temporary file.

  • Attachment filename - this is the name of the filename that will be sent to the browser.

  • content type - when a browser opens a file inline, the content-type is often used to signal how the file is opened.  The content-type may be sent from the call to the pui.download() API, or if not, it'll default to application/octet-stream.  The exit program can change the content type as appropriate, for example, if it generates a PDF file, it should set the content-type to application/pdf.

  • allow flag - the exit program must set this to 1 to authorize the download. By default, this is set to 0, and access to perform the download is defined.

Profound Logic ships a source member named PUIDNLEXIT in the QRPGLESRC file that comes with the product.  Inside, you'll find an exit program that has all of the parameter definitions already defined.  You can use this as a starting point for developing your exit program.  If compiled without changes, the sample exit program will set the "allow" flag to 1, and therefore will allow all downloads. (But is still restricted by the user's authority.)

PUIDNLEXIT must be compiled into the Profound UI instance library. On a standard install this would be the library called PROFOUNDUI.

The customer exit program object will not be modified or replaced during a product update installation however the PUIDNLEXIT source member will be overwritten with an update. We recommend saving your source member into a different library.