MODULAR ENTERPRISE AUTHORIZATION SOLUTION
First Claim
1. A method for authorizing a request, comprising:
- receiving an authorization request by an external authorization system from supplemental authorization code inside an application, the supplemental authorization code associated with an application component and added to an application code associated with the application component, the external authorization system located external to the application;
determining whether a role is authorized to perform a requested operation on the application component by the external authorization system;
configuring a token in response to said step of determining, the token indicating the authorization for the application component; and
providing the token to said application.
2 Assignments
0 Petitions
Accused Products
Abstract
An authorization framework located external to an application may be invoked to determine user authorization for a requested application component. Small amounts of supplemental authentication code are added to application code to invoke provider modules within the authentication framework. The provider modules perform authorization functions outside of the application and return authorization results to the application. The functions include determining a user role, determining the permissions associated with the user role, comparing the role permissions to the security defined on the requested application component by a rule, and returning an authorization state to the authentication framework. The supplemental authentication code may invoke one or more providers through provider interfaces that translate requests to a particular provider. Using the provider based authorization framework, authorization for an application component is achieved externally without hard-coding authorization code within the application itself.
29 Citations
20 Claims
-
1. A method for authorizing a request, comprising:
-
receiving an authorization request by an external authorization system from supplemental authorization code inside an application, the supplemental authorization code associated with an application component and added to an application code associated with the application component, the external authorization system located external to the application; determining whether a role is authorized to perform a requested operation on the application component by the external authorization system; configuring a token in response to said step of determining, the token indicating the authorization for the application component; and providing the token to said application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising:
-
adding supplemental authorization code to application code, the supplemental authorization code associated with an application component; receiving a request for the application component associated with the supplemental authorization code; invoking an external authorization system by the supplemental authorization code to determine whether the request for the application component is authorized, the external authorization system located external to the application; and receiving authorization results from the external authorization system by the supplemental authorization code of the application. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method for providing authorization, comprising:
-
storing role data and rule data within a set of one or more providers, the role data associated with a user of an application and the rule data associated with an application component, the set of one or more providers included in an external authorization system external to the application; accessing the role data by the set of providers in response to a first request received through a set of provider interfaces from the application, the set of provider interfaces included in the external authorization system; accessing the rule data in response to a second request received through the set of provider interfaces from the application; determining an authorization state from the accessed role data and rule data; and providing the authorization state to the application. - View Dependent Claims (18, 19, 20)
-
Specification