CONTROLLING ACCESS OF A CLIENT SYSTEM TO ACCESS PROTECTED REMOTE RESOURCES SUPPORTING RELATIVE URLS
First Claim
1. A method for controlling access of a client system to access protected remote resources comprising:
- receiving a response from an access protected remote resource in response to a client request to said access protected remote resource, wherein said access protected remote resource is configured in such a way that a client system is not allowed to directly access said access protected remote resource but all client requests are rerouted via a web application which is authorized to access said access protected remote resource;
identifying in said response all references that are defined by absolute URLS and point to access protected remote resources;
generating a rewritten URL for each original URL of said identified reference to an access protected remote resource by;
splitting the original URL into a base part and a resource part;
generating an authentication identifier by applying an authentication method to at least said base part; and
concatenating the URL of said web application, the base part, authentication identifier, and resource part;
replacing the original URL of said references contained in said response by said rewritten URL including said authentication identifier; and
sending said response including rewritten URL and authentication identifier to said client system.
1 Assignment
0 Petitions
Accused Products
Abstract
A response can be received from an access protected remote resource in response to a client request to the access protected remote resource. The access protected remote resource is configured in such a way that the client system is not allowed to directly access the access protected remote resource but all client requests are rerouted via the web application which is authorized to access the access protected remote resource. All references that are defined by absolute URLS and point to access protected remote resources can be identified within responses. A rewritten URL replaces each original URL of the identified reference to an access protected remote resource. Generation of the rewritten URL can occur by splitting the original URL into a base part and a resource part, by generating an authentication identifier by applying an authentication method to at least the base part, and by concatenating the URL of the web application, the base part, authentication identifier, and resource part. The original URL of the references contained in the response can be replaced by the rewritten URL including the authentication identifier. The response including rewritten URL and authentication identifier can be sent to the client system. When the client system triggers said rewritten URL, the web application extracts the base part and authentication identifier from the URL and verifies the authentication identifier by applying the same authentication method on the base part in order to ensure that the base part has not been changed. Only if the authentication identifier is verified correctly, the web application builds the full resource URL from the rewritten URL and returns the respective resource to the client system.
56 Citations
20 Claims
-
1. A method for controlling access of a client system to access protected remote resources comprising:
-
receiving a response from an access protected remote resource in response to a client request to said access protected remote resource, wherein said access protected remote resource is configured in such a way that a client system is not allowed to directly access said access protected remote resource but all client requests are rerouted via a web application which is authorized to access said access protected remote resource; identifying in said response all references that are defined by absolute URLS and point to access protected remote resources; generating a rewritten URL for each original URL of said identified reference to an access protected remote resource by; splitting the original URL into a base part and a resource part; generating an authentication identifier by applying an authentication method to at least said base part; and concatenating the URL of said web application, the base part, authentication identifier, and resource part; replacing the original URL of said references contained in said response by said rewritten URL including said authentication identifier; and sending said response including rewritten URL and authentication identifier to said client system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A server system in a client-server environment comprising:
-
a Web application running on said server system in a client-server environment; a communication link to a client system; a communication link to an access protected remote resource allowing communication of said Web application with said access protected remote resource; a rewriter proxy for identifying references to absolute URLs in said response from said access protected remote resource pointing to access protected remote resources, generating a rewritten URL for each such reference including the URL of said rewriter proxy and replacing the original URL of said reference in said response by said rewritten URL; a URL utility module for splitting the original URL into a base part and a resource part and concatenating the base part, an authentication identifier, and the resource part to the rewritten URL before the original URL is replaced by said rewritten URL, and for splitting each URL of each client request into the base part, the authentication identifier, and the resource part to validate the authentication identifier for at least the base part and create the URL of the remote resource from the base part and the resource part; and a security module for generating an authentication identifier by applying an authentication method to at least said base part and returning said authentication identifier to said URL utility module, and for validating the authentication identifier for at least the base part, returning the validation result to the URL utility module, wherein said Web application provides said response including said rewritten URLs to said client system. - View Dependent Claims (17, 18, 19)
-
-
20. A computer program product stored on a computer usable medium comprising computer readable program which when executed on a computer cause said computer to:
-
receive response from an access protected remote resource in response to a client request to said access protected remote resource, wherein said access protected remote resource is configured in such a way that a client system is not allowed to directly access said access protected remote resource but all client requests are rerouted via a web application which is authorized to access said access protected remote resource; identify in said response all references that are defined by absolute URLS and point to access protected remote resources; generate a rewritten URL for each original URL of said identified reference to an access protected remote resource by; splitting the original URL into a base part and a resource part; generating an authentication identifier by applying an authentication method to at least said base part; and concatenating the URL of said web application, the base part, authentication identifier, and resource part; replace the original URL of said references contained in said response by said rewritten URL including said authentication identifier; and send said response including rewritten URL and authentication identifier to said client system.
-
Specification