Architecture for dynamic permissions in java

US 6,526,513 B1
Filed: 08/03/1999
Issued: 02/25/2003
Est. Priority Date: 08/03/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for dynamically modifying access to an object, comprising the steps of:

responsive to a request for access to the object, checking a dynamic behavior attribute for the object, wherein a value for the dynamic behavior attribute is selected from a group of values comprising;

a value indicating that a permission is granted, a value indicated that a permission is denied, a value indicating to prompt a user, and at least one other value indicating not to prompt a user;

responsive to a prompt value for the dynamic behavior attribute, prompting a user whether access should be granted to the object; and

responsive to user input, modifying access to the object.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An architecture for extending the Java security model to allow a user or administrator to grant permissions dynamically. By itself, the Java 2 security model does not allow additions to the collections of policy permissions after they have been loaded from the Java policy file. The inventive architecture allows Java applets and applications to dynamically prompt the user to grant a permission that does not exist in the Java policy file. If the user grants the permission, the present invention grants the permission for the ProtectionDomain to which the class asking for the permission belongs. Attributes for the dynamic permission may be set during runtime and saved across browser sessions.

187 Citations

27 Claims

1. A method for dynamically modifying access to an object, comprising the steps of:
- responsive to a request for access to the object, checking a dynamic behavior attribute for the object, wherein a value for the dynamic behavior attribute is selected from a group of values comprising;
  
  a value indicating that a permission is granted, a value indicated that a permission is denied, a value indicating to prompt a user, and at least one other value indicating not to prompt a user;
  
  responsive to a prompt value for the dynamic behavior attribute, prompting a user whether access should be granted to the object; and
  
  responsive to user input, modifying access to the object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as described in claim 1 wherein the dynamic behavior attribute is set to an accept session value.
  - 3. The method as described in claim 1 wherein the dynamic behavior attribute is set to an accept permanent value.
  - 4. The method as described in claim 2 wherein the accept session value indicates that the user should not be prompted and that permissions that have not been statically or dynamically granted and have not been denied will be granted for a given program session.
  - 5. The method as described in claim 1 wherein the dynamic behavior attribute is set to a deny permanent value.
  - 6. The method as described in claim 1 wherein the dynamic behavior attribute is set to a deny session value.
  - 7. The method as described in claim 3 wherein the accept permanent value indicates that the user should not be prompted and that permissions that have not been statically or dynamically granted and have not been denied will be granted for a given program session and saved for future invocations of other program sessions.
  - 8. The method as described in claim 6 wherein the deny session value indicates that the user should not be prompted and that permissions that have not been statically or dynamically granted and have not been denied will be denied for a given program session.
  - 9. The method as described in claim 5 wherein the deny permanent value indicates that the user should not be prompted and that permissions that have not been statically or dynamically granted and have not been denied will be denied for a given program session and saved for future invocations of other program sessions.

10. A method operative in a computer for executing a Java program, comprising the steps of:
- starting the Java program;
  
  initiating a Java runtime environment;
  
  as the program executes, determining whether access to a protected resource is required;
  
  if so, executing an access control permission method according to directives of a dynamic behavior attribute, wherein a value for the dynamic behavior attribute is selected from a group of values comprising;
  
  a value indicating that a permission is granted, a value indicated that a permission is denied, a value indicating to prompt a user, and at least one other value indicating not to prompt a user; and
  
  responsive to a prompt value for the dynamic behavior attribute, prompting a user to determine whether dynamic permission to access the protected resource should be granted.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method as described in claim 10 further including the step of granting the user access to the protected resource responsive to a given user input.
  - 12. The method as described in claim 10 further including the step of setting one or more attributes of the dynamic permission in response to given user input during runtime.
  - 13. The method as described in claim 10 wherein the Java program is a Java applet executable in a Java Virtual Machine.
  - 14. The method as described in claim 10 wherein the Java program is a Java application executable in a Java interpreter.
  - 15. The method as described in claim 12 further including the step of saving the dynamic permission.
  - 16. The method as described in claim 15 further including the step of determining whether the dynamic permission is to be saved across browser sessions.
  - 17. The method as described in claim 16 further including the step of saving the dynamic permission according to a user input.

18. A computer program product in a computer readable medium for dynamically modifying access to an object, comprising:
- means responsive to a request for access to the object for checking a dynamic behavior attribute for the object, wherein a value for the dynamic behavior attribute is selected from a group of values comprising;
  
  a value indicating that a permission is granted, a value indicated that a permission is denied, a value indicating to prompt a user, and at least one other value indicating not to prompt a user;
  
  means responsive to a prompt value for the dynamic behavior attribute for prompting a user whether access should be granted to the object; and
  
  means responsive to user input for modifying access to the object.
- View Dependent Claims (19)
- - 19. The computer program product as described in claim 18 is set to a given value selected from the set of values consisting essentially of:
    - accept session value, accept permanent value, deny session value and deny permanent value.

20. A computer, comprising:
- a Java program;
  
  a Java runtime environment for executing the Java program;
  
  means operative during execution of the Java program for determining whether access to a protected resource is required;
  
  means responsive to the determining means for executing an access control permission method according to directives of a dynamic behavior attribute, wherein a value for the dynamic behavior attribute is selected from a group of values comprising;
  
  a value indicating that a permission is granted, a value indicated that a permission is denied, a value indicating to prompt a user, and at least one other value indicating not to prompt a user; and
  
  means responsive to a prompt value for the dynamic behavior attribute for prompting a user to determine whether dynamic permission to access the protected resource should be granted.
- View Dependent Claims (21, 22, 23)
- - 21. The computer as described in claim 20 further including means for granting the user access to the protected resource responsive to a given user input.
  - 22. The computer as described in claim 20 further including means for setting one or more attributes of the dynamic permission in response to given user input.
  - 23. The computer as described in claim 20 further including means for saving the dynamic permission.

24. A computer program product in a computer readable medium for dynamically granting permission to a protected resource during runtime of a Java program executing in a Java Runtime Environment, comprising:
- means operative during execution of the Java program for determining whether access to a protected resource is required;
  
  means responsive to the determining means for executing an access control permission method according to directives of a dynamic behavior attribute, wherein a value for the dynamic behavior attribute is selected from a group of values comprising;
  
  a value indicating that a permission is granted, a value indicated that a permission is denied, a value indicating to prompt a user, and at least one other value indicating not to prompt a user; and
  
  means responsive to a prompt value for the dynamic behavior attribute for prompting a user to determine whether dynamic permission to access the protected resource should be granted.
- View Dependent Claims (25, 26, 27)
- - 25. The computer program product as described in claim 24 further including means for granting the user access to the protected resource responsive to a given user input.
  - 26. The computer program product as described in claim 24 further including means for setting one or more attributes of the dynamic permission in response to given user input.
  - 27. The computer program product as described in claim 24 further including means for saving the dynamic permission.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Shrader, Theodore Jack London, Yarsa, Julianne, Rich, Bruce Arland, Skibbie, Donna
Primary Examiner(s)
Wong, Peter
Assistant Examiner(s)
VO, TIM T

Application Number

US09/366,465
Time in Patent Office

1,302 Days
Field of Search

713/200, 713/201, 713/100, 709/315, 709/316, 709/331, 709/332
US Class Current

726/4
CPC Class Codes

G06F 21/52 during program execution, e...

G06F 9/465 Distributed object oriented...

Architecture for dynamic permissions in java

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

187 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Architecture for dynamic permissions in java

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

187 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links