Architecture for dynamic permissions in java
First Claim
1. A method for dynamically modifying access to an object, comprising the steps of:
- responsive to a request for access to the object, checking a dynamic behavior attribute for the object, wherein a value for the dynamic behavior attribute is selected from a group of values comprising;
a value indicating that a permission is granted, a value indicated that a permission is denied, a value indicating to prompt a user, and at least one other value indicating not to prompt a user;
responsive to a prompt value for the dynamic behavior attribute, prompting a user whether access should be granted to the object; and
responsive to user input, modifying access to the object.
1 Assignment
0 Petitions
Accused Products
Abstract
An architecture for extending the Java security model to allow a user or administrator to grant permissions dynamically. By itself, the Java 2 security model does not allow additions to the collections of policy permissions after they have been loaded from the Java policy file. The inventive architecture allows Java applets and applications to dynamically prompt the user to grant a permission that does not exist in the Java policy file. If the user grants the permission, the present invention grants the permission for the ProtectionDomain to which the class asking for the permission belongs. Attributes for the dynamic permission may be set during runtime and saved across browser sessions.
187 Citations
27 Claims
-
1. A method for dynamically modifying access to an object, comprising the steps of:
-
responsive to a request for access to the object, checking a dynamic behavior attribute for the object, wherein a value for the dynamic behavior attribute is selected from a group of values comprising;
a value indicating that a permission is granted, a value indicated that a permission is denied, a value indicating to prompt a user, and at least one other value indicating not to prompt a user;
responsive to a prompt value for the dynamic behavior attribute, prompting a user whether access should be granted to the object; and
responsive to user input, modifying access to the object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method operative in a computer for executing a Java program, comprising the steps of:
-
starting the Java program;
initiating a Java runtime environment;
as the program executes, determining whether access to a protected resource is required;
if so, executing an access control permission method according to directives of a dynamic behavior attribute, wherein a value for the dynamic behavior attribute is selected from a group of values comprising;
a value indicating that a permission is granted, a value indicated that a permission is denied, a value indicating to prompt a user, and at least one other value indicating not to prompt a user; and
responsive to a prompt value for the dynamic behavior attribute, prompting a user to determine whether dynamic permission to access the protected resource should be granted. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer program product in a computer readable medium for dynamically modifying access to an object, comprising:
-
means responsive to a request for access to the object for checking a dynamic behavior attribute for the object, wherein a value for the dynamic behavior attribute is selected from a group of values comprising;
a value indicating that a permission is granted, a value indicated that a permission is denied, a value indicating to prompt a user, and at least one other value indicating not to prompt a user;
means responsive to a prompt value for the dynamic behavior attribute for prompting a user whether access should be granted to the object; and
means responsive to user input for modifying access to the object. - View Dependent Claims (19)
-
-
20. A computer, comprising:
-
a Java program;
a Java runtime environment for executing the Java program;
means operative during execution of the Java program for determining whether access to a protected resource is required;
means responsive to the determining means for executing an access control permission method according to directives of a dynamic behavior attribute, wherein a value for the dynamic behavior attribute is selected from a group of values comprising;
a value indicating that a permission is granted, a value indicated that a permission is denied, a value indicating to prompt a user, and at least one other value indicating not to prompt a user; and
means responsive to a prompt value for the dynamic behavior attribute for prompting a user to determine whether dynamic permission to access the protected resource should be granted. - View Dependent Claims (21, 22, 23)
-
-
24. A computer program product in a computer readable medium for dynamically granting permission to a protected resource during runtime of a Java program executing in a Java Runtime Environment, comprising:
-
means operative during execution of the Java program for determining whether access to a protected resource is required;
means responsive to the determining means for executing an access control permission method according to directives of a dynamic behavior attribute, wherein a value for the dynamic behavior attribute is selected from a group of values comprising;
a value indicating that a permission is granted, a value indicated that a permission is denied, a value indicating to prompt a user, and at least one other value indicating not to prompt a user; and
means responsive to a prompt value for the dynamic behavior attribute for prompting a user to determine whether dynamic permission to access the protected resource should be granted. - View Dependent Claims (25, 26, 27)
-
Specification