Please download the dossier by clicking on the dossier button x
×

System and method for supporting security in a multitenant application server environment

  • US 10,097,589 B2
  • Filed: 01/11/2017
  • Issued: 10/09/2018
  • Est. Priority Date: 06/23/2014
  • Status: Active Grant
First Claim
Patent Images

1. A method for providing security in a multitenant application server environment comprising a plurality of partitions, a plurality of partition resources and a plurality of global resources, the method comprising:

  • providing, during runtime of the multitenant application server environment, a domain object that provides a domain configuration for the multitenant application server environment;

    providing, as a child of the domain object, a security configuration object, wherein domain-wide services are configured on the security configuration object, and wherein the security configuration object includes a parent container for a plurality of realm objects;

    providing a plurality of security realm objects including an admin security realm object, a first security realm object, and a second security realm object, wherein the first and second security realm objects are included in the parent container, and wherein each security realm object defines a configuration of security services;

    configuring a first partition of the plurality of partitions to have a first plurality of partition resources of the plurality of partition resources;

    configuring a second partition of the plurality of partitions to have a second plurality of partition resources of the plurality of partition resources;

    providing a first partition security configuration including a realm attribute, wherein the value of the realm attribute of the first partition security configuration associates the first partition with the first security realm object;

    providing a second partition security configuration including a realm attribute, wherein the value of the realm attribute of the second partition security configuration associates the second partition with the second security realm object;

    associating a first primary identity domain with the first partition, wherein the first primary identity domain represents a first plurality of users associated with a first tenant;

    associating a second primary identity domain with the second partition wherein the second primary identity domain represents a second plurality of users associated with a second tenant;

    operating each of said admin security realm object, first security realm object, and second security realm object simultaneously at runtime of the multitenant application server environment to control authentication and authorization for access to said plurality of partition resources and said plurality of global resources;

    whereby the first plurality of users associated with the first tenant are provided access to the first plurality of partition resources of the first partition via a service of the configuration of security services defined by the first security realm object, but not to the second plurality of partition resources of the second partition; and

    whereby the second plurality of users associated with the second tenant are provided access to the second plurality of partition resources of the second partition via a service of the configuration of security services defined by the second security realm object, but not to the first plurality of partition resources of the first partition.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×