Inter-application management of user credential data

US 10,033,740 B2
Filed: 06/29/2016
Issued: 07/24/2018
Est. Priority Date: 04/12/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for providing a software development kit (SDK) for a client web application that performs user authorizations, wherein the SDK has an enhanced set of authorization application program interfaces (APIs), the method comprising:

providing a resource, with one or more computing devices, to utilize the developer-defined user information for at least authorization, wherein the developer-defined user information comprises at least a user identifier for an on-demand database service; and

providing, with the one or more computing devices, access to the resource that can either use a cookie, or server-side storage for storing the developer-defined user information, wherein when the cookie is to be used perform user authorizations, the cookie is sent for authentication purposes to provide re-authentication with each request each time a user makes a request, and wherein when using the server-side storage, the hardware computing device is caused to be configured to not write locally to an application memory, but instead to access a shared session cache memory; and

providing, with the one or more computing devices, the resource to choose between two of security framework configurations, wherein a first configuration utilizes a cookie and a second configuration utilizes server-side storage.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and apparatus for enhancing the functionality and utility of an authentication process for web applications is disclosed.

Citations

19 Claims

1. A computer-implemented method for providing a software development kit (SDK) for a client web application that performs user authorizations, wherein the SDK has an enhanced set of authorization application program interfaces (APIs), the method comprising:
- providing a resource, with one or more computing devices, to utilize the developer-defined user information for at least authorization, wherein the developer-defined user information comprises at least a user identifier for an on-demand database service; and
  
  providing, with the one or more computing devices, access to the resource that can either use a cookie, or server-side storage for storing the developer-defined user information, wherein when the cookie is to be used perform user authorizations, the cookie is sent for authentication purposes to provide re-authentication with each request each time a user makes a request, and wherein when using the server-side storage, the hardware computing device is caused to be configured to not write locally to an application memory, but instead to access a shared session cache memory; and
  
  providing, with the one or more computing devices, the resource to choose between two of security framework configurations, wherein a first configuration utilizes a cookie and a second configuration utilizes server-side storage.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the security framework comprises a plurality of generic servlet filters and spring security filters.
  - 3. The method of claim 1, wherein the generic servlet filter performs OAuth flow and routes the user to the login page.
  - 4. The method of claim 1, wherein the generic servlet filter is used within servlet-based web applications that operate without using any specific security framework.
  - 5. The method of claim 1, further comprising:
    - the generic servlet filter resulting in exactly one of the following outcomes,finding a cookie or session containing that user'"'"'s SecurityContext, so that the user is recognized;
      
      not finding a cookie or session containing that user'"'"'s SecurityContext, and sending that user to an authorization resource locator to begin an OAuth handshake;
      
      orsending a token request to obtain a Session ID, API endpoint, and authentication (refresh) token.
  - 6. The method of claim 1, further comprising:
    - facilitating a choice between storing user data in browser cookies or server side sessions, thereby resulting in application instances being completely stateless.
  - 7. The method of claim 1, further comprising:
    - during a server side session, not writing locally to an application memory, but instead using a shared session cache, where each of a plurality of servers writes to a specific session cache.
  - 8. The method of claim 1, wherein one of a plurality of guidelines for the developer-defined user information is including data that is needed often, thereby precluding the client application from continually querying for this data.
  - 9. The method of claim 1, further comprising:
    - including only frequently looked-up data within the developer-defined user information.
  - 10. The method of claim 1 wherein the developer-defined user information comprises a custom database object to store authorization tokens from one or more social media platforms.
  - 11. The method of claim 1 wherein the developer-defined user information comprises frequently used information from a customer relationship management (CRM) platform.

12. A multi-tenant database system having one or more hardware processors coupled with one or more memory devices, the system comprising:
- a database system to store data in the one or more memory devices for each of multiple tenants;
  
  an application server communicably coupled to the database system and to a network, the application server to provide network access to the database system for each of the multiple tenants, the application server utilizing a software development kit (SDK) for building client applications that are to be accessible on the application server, the SDK having authorization application program interfaces (APIs); and
  
  wherein the authorization APIs include at least developer-defined user information comprising at least a user identifier for the multi-tenant database system and providing access to at least two security framework configurations using cookies or using server-side storage, wherein when the cookie is to be used perform user authorizations, the cookie is sent for authentication purposes to provide re-authentication with each request each time a user makes a request, and wherein when using the server-side storage, a hardware computing device is caused to be configured to not write locally to an application memory, but instead to access a shared session cache memory.

13. A non-transitory machine-readable medium carrying one or more sequences of instructions for implementing a method for providing an interface for object relationships having at least a software development kit (SDK) for a client web application that performs user authorizations, wherein the SDK has an enhanced set of authorization application program interfaces (APIs), comprising:
- wherein that enhanced set of APIs including the following;
  
  providing access to a resource that can either use a cookie, or server-side storage for storing the developer-defined user information, wherein when the cookie is to be used perform user authorizations, the cookie is sent for authentication purposes to provide re-authentication with each request each time a user makes a request, and wherein when using the server-side storage, the hardware computing device is caused to be configured to not write locally to an application memory, but instead to access a shared session cache memory; and
  
  providing the resource to choose between two of security framework configurations, wherein a first configuration utilizes the cookie and a second configuration utilizes server-side storage.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The non-transitory machine-readable medium of claim 13, wherein the security framework comprises a plurality of generic servlet filters and spring security filters.
  - 15. The non-transitory machine-readable medium of claim 13, wherein the generic servlet filter performs OAuth flow and routes the user to the login page.
  - 16. The non-transitory machine-readable medium of claim 13, wherein the generic servlet filter is used within servlet-based web applications that operate without using any specific security framework.
  - 17. The non-transitory machine-readable medium of claim 13, further comprising:
    - during a server side session, not writing locally to an application memory, but instead using a shared session cache, where each of a plurality of servers writes to a specific session cache.
  - 18. The non-transitory machine-readable medium of claim 13, wherein one of a plurality of guidelines for the developer-defined user information is including data that is needed often, thereby precluding the client application from continually querying for this data.
  - 19. The non-transitory machine-readable medium of claim 13, further comprising:
    - including only frequently looked-up data within the developer-defined user information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Simone, John, Hossain, Fiaz
Primary Examiner(s)
Vaughan, Michael R

Application Number

US15/197,728
Publication Number

US 20170006037A1
Time in Patent Office

755 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/41   where a single sign-on prov...

G06F 8/20   Software design

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 67/01   Protocols

Inter-application management of user credential data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Inter-application management of user credential data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links