Distributed file system web server user authentication with cookies
First Claim
1. A method of authenticating a client to a Web server connectable to a distributed file system of a distributed computing environment, the distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising the steps of:
- (a) responsive to receipt by the Web server of a user id and password from the client, executing a login protocol with the security service and storing a credential resulting therefrom;
(b) returning to the client a persistent client state object having an identifier therein; and
(c) having the client use the persistent client state object including the identifier in lieu of a user id and password to obtain subsequent access to Web documents in the distributed file system.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment. The distributed computing environment includes a security service for returning a credential to a user authenticated to access the distributed file system. In response to receipt by the Web server of a user id and password from the Web client, a login protocol is executed with the security service. If the user can be authenticated, a credential is stored in a database of credentials associated with authenticated users. The Web server then returns to the Web client a persistent client state object having a unique identifier therein. This object, sometimes referred to as a cookie, is then used to enable the Web client to browse Web documents in the distributed file system. In particular, when the Web client desires to make a subsequest request to the distributed file system, the persistent client state object including the identifier is used in lieu of the user'"'"'s id and password, which makes the session much more secure. In this operation, the cookie identifier is used as a pointer into the credential storage table, and the credential is then retrieved and used to facilitate multiple file accessess from the distributed file system. At the same time, the Web client may obtain access to Web server (as opposed to distributed file system) documents via conventional user id and password in an HTTP request.
-
Citations
20 Claims
-
1. A method of authenticating a client to a Web server connectable to a distributed file system of a distributed computing environment, the distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising the steps of:
-
(a) responsive to receipt by the Web server of a user id and password from the client, executing a login protocol with the security service and storing a credential resulting therefrom; (b) returning to the client a persistent client state object having an identifier therein; and (c) having the client use the persistent client state object including the identifier in lieu of a user id and password to obtain subsequent access to Web documents in the distributed file system. - View Dependent Claims (2, 3, 4)
-
-
5. A method of authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment, the distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising the steps of:
-
(a) for an HTTP request received by the Web server, determining whether the Web client has a browser that supports persistent client state objects; (b) if the Web client has a browser that supports persistent client state objects, having the Web server sends the Web client a login HTML form and a first persistent client state object including a URL identified by the HTTP request; (c) having the user complete the HTML form with user id and password; (d) transmitting the completed form along with the first persistent client state object including the URL back to the Web server; (e) extracting information from the completed form and executing a login protocol with the security service to generate a credential; (f) returning to the Web client a second persistent client state object having an identifier therein; and (g) having the Web client use the second persistent client state object including the identifier in lieu of a user id and password to obtain subsequent access to Web documents in the distributed file system. - View Dependent Claims (6)
-
-
7. A method of authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment, the distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising the steps of:
-
(a) responsive to receipt of a transaction request from the Web client, executing a login protocol with the security service to determine whether the Web client has access rights to the distributed file system; (b) if the Web client does not have access rights to the distributed file system, returning an error message to the Web client; (c) if the Web client does have access rights to the distributed file system, storing a credential resulting from the login protocol in a database of credentials associated with authenticated users; (d) returning to the Web client a cookie having an identifier uniquely associated with the Web client; and (e) having the Web client use the cookie in lieu of a user id and password to obtain subsequent access to Web documents in the distributed file system. - View Dependent Claims (8)
-
-
9. A method of authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment, the distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising the steps of:
-
maintaining credentials of the users authenticated to access the distributed file system in a storage; responsive to receipt from a Web client of a persistent client state object having an identifier therein, using the identifier to access one of the credentials in the storage; and using the credential to facilitate multiple file accesses in the distributed file system.
-
-
10. A computer program product for use in authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment, the distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, the computer program product comprising:
-
a computer-readable storage medium having a substrate; and program data encoded in the substrate of the computer-readable storage medium, wherein the program data comprises; means, responsive to receipt by the Web server of a user id and password from the Web client, for executing a login protocol with the security service and storing a credential resulting therefrom; means for returning to the Web client a persistent client state object having an identifier therein; and means responsive to receipt of the persistent client state object including the identifier for controlling subsequent access to Web documents in the distributed file system. - View Dependent Claims (11, 12, 13)
-
-
14. A computer program product for use in authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment, the distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, the computer program product comprising:
-
a computer-readable storage medium having a substrate; and program data encoded in the substrate of the computer-readable storage medium, wherein the program data comprises; means for maintaining a storage of the credentials of the users authenticated to access the distributed file system; and means, responsive to receipt from a Web client of a persistent client state object having an identifier therein, for using the identifier to access one of the credentials in the storage to facilitate access to documents in the distributed file system.
-
-
15. A computer connectable to a distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising:
-
a processor; an operating system; a Web server program for providing World Wide Web information retrieval to Web clients connectable to the Web server program via a stateless computer network; a server plug-in for authenticating Web clients to the Web server program, comprising; means, responsive to receipt by the Web server of a user id and password from a Web client, for executing a login protocol with the security service and storing a credential resulting therefrom; means for returning to the Web client a persistent client state object having an identifier therein; and means responsive to subsequent receipt of the persistent client state object including the identifier in lieu of a user id and password to control access to Web documents in the distributed file system. - View Dependent Claims (16)
-
-
17. A method of accessing documents from a Web server and a distributed file system to which the Web server is connected, the distributed file system supported in a distributed computing environment having a security service for returning a credential to a user authenticated to access the distributed file system, the method comprising the steps of:
-
(a) responsive to receipt by the Web server of a user id and password from the Web client, executing a login protocol with the security service and storing a credential resulting therefrom; (b) returning to the Web client a persistent client state object having an identifier therein; (c) having the Web client use the persistent client state object including the identifier in lieu of a user id and password to obtain access to Web documents in the distributed file system; and (d) having the Web client use the user id and password to obtain access to Web documents in the Web server. - View Dependent Claims (18, 19, 20)
-
Specification