SYSTEM AND METHOD FOR SUPPORTING SECURITY IN A MULTITENANT APPLICATION SERVER ENVIRONMENT
First Claim
1. A method for providing security in a multitenant application server environment comprising a plurality of partitions, a plurality of partition resources and a plurality of global resources, the method comprising:
- defining a plurality of security realms including an admin security realm, a first security realm, and a second security realm;
configuring a first partition of the plurality of partitions to have a first plurality of partition resources of the plurality of partition resources;
configuring a second partition of the plurality of partitions to have a second plurality of partition resources of the plurality of partition resources;
providing a first security configuration associating the first partition with the first security realm;
providing a second security configuration associating the second partition with the second security realm;
associating a first primary identity domain with the first partition, wherein the first primary identity domain represents a first plurality of users associated with a first tenant;
associating a second primary identity domain with the second partition wherein the second primary identity domain represents a second plurality of users associated with a second tenant;
operating each of said admin security realm, first security realm, and second security realm simultaneously at runtime to control authentication and authorization for access to said plurality of partition resources and said plurality of global resources;
whereby the first plurality of users associated with the first tenant have access to the first plurality of partition resources of the first partition but not the second plurality of partition resources of the second partition; and
whereby the second plurality of users associated with the second tenant have access to the second plurality of partition resources of the second partition but not the first plurality of partition resources of the first partition.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with an embodiment, described herein is a system and method for providing security in a multitenant application server environment. In accordance with an embodiment, per-partition security configuration includes: per-partition security realm (including configuration for authentication, authorization, credential mapping, auditing, password validation, certificate validation, and user lockout); SSL configuration, including keys, certificates, and other configuration attributes; and access control for partition and global resources. An administrator can designate one or more partition users as partition administrators, via grant of roles.
-
Citations
20 Claims
-
1. A method for providing security in a multitenant application server environment comprising a plurality of partitions, a plurality of partition resources and a plurality of global resources, the method comprising:
-
defining a plurality of security realms including an admin security realm, a first security realm, and a second security realm; configuring a first partition of the plurality of partitions to have a first plurality of partition resources of the plurality of partition resources; configuring a second partition of the plurality of partitions to have a second plurality of partition resources of the plurality of partition resources; providing a first security configuration associating the first partition with the first security realm; providing a second security configuration associating the second partition with the second security realm; associating a first primary identity domain with the first partition, wherein the first primary identity domain represents a first plurality of users associated with a first tenant; associating a second primary identity domain with the second partition wherein the second primary identity domain represents a second plurality of users associated with a second tenant; operating each of said admin security realm, first security realm, and second security realm simultaneously at runtime to control authentication and authorization for access to said plurality of partition resources and said plurality of global resources; whereby the first plurality of users associated with the first tenant have access to the first plurality of partition resources of the first partition but not the second plurality of partition resources of the second partition; and whereby the second plurality of users associated with the second tenant have access to the second plurality of partition resources of the second partition but not the first plurality of partition resources of the first partition. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable medium including instructions stored thereon for providing security in a multitenant application server environment comprising a plurality of partitions having a plurality of partition resources and a plurality of global resources, which instructions, when executed, cause a system to perform steps comprising:
-
defining a plurality of security realms including an admin security realm, a first security realm, and a second security realm; configuring a first partition of the plurality of partitions to have a first plurality of partition resources of the plurality of partition resources; configuring a second partition of the plurality of partitions to have a second plurality of partition resources of the plurality of partition resources; providing a first security configuration associating the first partition with the first security realm; providing a second security configuration associating the second partition with the second security realm; associating a first primary identity domain with the first partition, wherein the first primary identity domain represents a first plurality of users associated with a first tenant; associating a second primary identity domain with the second partition wherein the second primary identity domain represents a second plurality of users associated with a second tenant; operating each of said admin security realm, first security realm, and second security realm simultaneously at runtime to control authentication and authorization for access to said plurality of partition resources and said plurality of global resources; whereby the first plurality of users associated with the first tenant have access to the first plurality of partition resources of the first partition but not the second plurality of partition resources of the second partition; and whereby the second plurality of users associated with the second tenant have access to the second plurality of partition resources of the second partition but not the first plurality of partition resources of the first partition. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A multitenant application server environment system comprising:
-
an application server environment comprising a plurality of microprocessors and memory; a plurality of partitions configured on said application server environment; a plurality of partition resources and a plurality of global resources provided in said application server environment; a plurality of security realms including an admin security realm, a first security realm, and a second security realm configured in said application server environment; a first partition of the plurality of partitions configured to have a first plurality of partition resources of the plurality of partition resources; a second partition of the plurality of partitions configured to have a second plurality of partition resources of the plurality of partition resources; a first security configuration associating the first partition with the first security realm; a second security configuration associating the second partition with the second security realm; a first primary identity domain associated with the first partition, wherein the first primary identity domain represents a first plurality of users associated with a first tenant; a second primary identity domain associated with the second partition wherein the second primary identity domain represents a second plurality of users associated with a second tenant; wherein said admin security realm, first security realm, and second security realm are configured to operate simultaneously at runtime to control authentication and authorization for access to said plurality of partition resources and said plurality of global resources; whereby the first plurality of users associated with the first tenant have access to the first plurality of partition resources of the first partition but not the second plurality of partition resources of the second partition; and whereby the second plurality of users associated with the second tenant have access to the second plurality of partition resources of the second partition but not the first plurality of partition resources of the first partition. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification