Method and system for server support for pluggable authorization systems
First Claim
Patent Images
1. A method for authorizing access to a protected resource within a data processing system, the method comprising:
- intercepting a remote procedure call for an authorization request directed to a first authorization service by an authorization plug-in associated with a second authorization service, wherein the authorization plug-in exports remote procedure call endpoints for the first authorization service; and
processing the authorization request in the authorization plug-in by calling application programming interfaces of the second authorization service.
3 Assignments
0 Petitions
Accused Products
Abstract
A method, system, apparatus, and computer program product is presented for plugging in a standard authorization system in a manner such that legacy applications can use the authorization APIs and backend remote interfaces of a legacy authorization system. When a legacy application makes a call intended for a routine within the legacy authorization system, the call is redirected to make the appropriate calls to the APIs of the standard authorization system.
51 Citations
40 Claims
-
1. A method for authorizing access to a protected resource within a data processing system, the method comprising:
-
intercepting a remote procedure call for an authorization request directed to a first authorization service by an authorization plug-in associated with a second authorization service, wherein the authorization plug-in exports remote procedure call endpoints for the first authorization service; and
processing the authorization request in the authorization plug-in by calling application programming interfaces of the second authorization service. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for authorizing access to a protected resource within a data processing system, the method comprising:
-
intercepting a remote procedure call for a remote routine of a Distributed Computing Environment (DCE) authorization service by an authorization plug-in associated with a second authorization service, wherein the authorization plug-in exports remote procedure call endpoints for the remote routines of the DCE authorization service, and wherein the second authorization service supports a standard-compliant authorization application programming interface; and
processing the authorization request in the authorization plug-in by calling application programming interfaces of the second authorization service. - View Dependent Claims (8, 9, 10, 11, 12, 13, 16, 17, 18, 19, 20)
-
-
14. A method for authorizing access to a protected resource within a data processing system, the method comprising:
-
receiving at a server an authorization request for a protected resource, wherein the authorization request is generated using an remote procedure call (RPC) application programming interface (API) to a first authorization service;
intercepting the remote procedure call by an authorization plug-in associated with a second authorization service; and
redirecting the authorization request to an API of the second authorization system.
-
-
15. An apparatus for authorizing access to a protected resource within a data processing system, the apparatus comprising:
-
intercepting means for intercepting a remote procedure call for an authorization request directed to a first authorization service by an authorization plug-in associated with a second authorization service, wherein the authorization plug-in exports remote procedure call endpoints for the first authorization service; and
processing means for processing the authorization request in the authorization plug-in by calling application programming interfaces of the second authorization service.
-
-
21. An apparatus for authorizing access to a protected resource within a data processing system, the apparatus comprising:
-
first intercepting means for intercepting a remote procedure call for a remote routine of a Distributed Computing Environment (DCE) authorization service by an authorization plug-in associated with a second authorization service, wherein the authorization plug-in exports remote procedure call endpoints for the remote routines of the DCE authorization service, and wherein the second authorization service supports a standard-compliant authorization application programming interface; and
processing means for processing the authorization request in the authorization plug-in by calling application programming interfaces of the second authorization service. - View Dependent Claims (22, 23, 24, 25, 26, 27, 29, 30, 31, 32, 33, 35, 36, 37, 38, 39, 40)
-
-
28. A computer program product in a computer readable medium for use in a data processing system for authorizing access to a protected resource, the computer program product comprising:
-
instructions for intercepting a remote procedure call for an authorization request directed to a first authorization service by an authorization plug-in associated with a second authorization service, wherein the authorization plug-in exports remote procedure call endpoints for the first authorization service; and
instructions for processing the authorization request in the authorization plug-in by calling application programming interfaces of the second authorization service.
-
-
34. A computer program product in a computer readable medium for use in a data processing system for authorizing access to a protected resource, the computer program product comprising:
-
instructions for intercepting a remote procedure call for a remote routine of a Distributed Computing Environment (DCE) authorization service by an authorization plug-in associated with a second authorization service, wherein the authorization plug-in exports remote procedure call endpoints for the remote routines of the DCE authorization service, and wherein the second authorization service supports a standard-compliant authorization application programming interface; and
instructions for processing the authorization request in the authorization plug-in by calling application programming interfaces of the second authorization service.
-
Specification