Method for controlling access to a multiplicity of objects using a customizable object-oriented access control hook
First Claim
1. A computer-implemented object-oriented method for controlling access to a multiplicity of objects, said method comprising the steps of:
- a. creating specific access control object types, each including a pre-check method for implementing a pre-defined access control policy;
b. associating each one of said multiplicity of objects to be controlled with one of said access control objects;
c. upon an attempt to invoke a feature of any one of said multiplicity of objects, determining if said one of said multiplicity of objects is linked to an access control object, and if yes;
d. performing the pre-check method for said access control object associated with said one of said multiplicity of objects to determine whether to grant access wherein, prior to performing said pre-check method, there is performed the step of determining if any conditions exist that allow automatic access to be granted to any one of said multiplicity of objects, and if so, granting access to said one of said multiplicity of objects, wherein said step of granting access grants access to said one of said multiplicity of objects if a method of said one of said multiplicity of objects is currently being performed.
12 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented object-oriented method for controlling access to a multiplicity of objects is disclosed. The method includes creating specific access control object types, each including a pre-check method for implementing a pre-defined access control policy. Each one of the multiplicity of objects to be controlled is then associated with one of the access control objects. Next, upon an attempt to invoke a feature of any one of the multiplicity of objects, a determination is made if one of the multiplicity of objects is linked to an access control object, and if yes; the pre-check method for the access control object associated with the one of the multiplicity of objects is performed to determine whether to grant access.
75 Citations
19 Claims
-
1. A computer-implemented object-oriented method for controlling access to a multiplicity of objects, said method comprising the steps of:
-
a. creating specific access control object types, each including a pre-check method for implementing a pre-defined access control policy;
b. associating each one of said multiplicity of objects to be controlled with one of said access control objects;
c. upon an attempt to invoke a feature of any one of said multiplicity of objects, determining if said one of said multiplicity of objects is linked to an access control object, and if yes;
d. performing the pre-check method for said access control object associated with said one of said multiplicity of objects to determine whether to grant access wherein, prior to performing said pre-check method, there is performed the step of determining if any conditions exist that allow automatic access to be granted to any one of said multiplicity of objects, and if so, granting access to said one of said multiplicity of objects, wherein said step of granting access grants access to said one of said multiplicity of objects if a method of said one of said multiplicity of objects is currently being performed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19)
e. determining if said feature is a constructor, and if so;
f. allocating a new object for construction and passing it on as an object argument to said pre-check; and
,g. if pre-check denies access, de-allocating said new object that would have been constructed had access been granted.
-
-
8. The method as in claim 1 where in step d thereof further including the steps of:
-
e. determining if said feature is a constructor, and if not;
f. providing the object being accessed as the object argument to said pre-check.
-
-
9. The method as in claim 1 where in step d thereof further including the step of determining an access kind and passing access kind on as an argument to said pre-check.
-
10. The method as in claim 1 where in step d thereof further including the step of providing the feature being accessed as an argument to said pre-check.
-
11. The method as in claim 2 where in step d thereof further including the steps of:
-
e. determining if said feature is an operation, and if so;
f. collecting arguments to said operation in a list and passing said list to said pre-check.
-
-
12. The method as in claim 9 further including the step of determining if said access kind is write_property, and if so, passing new property value to said pre-check.
-
13. The method as in claim 7 wherein it is determined that said feature of said object is not a constructor, providing said object being accessed as an object argument to said pre-check.
-
15. The storage medium as in claim 13 wherein it is determined that said one of said multiplicity of objects is not associated with an access control object, further including the step of granting access thereto.
-
16. The storage medium as in claim 13 further comprising the step of determining prior to performing said pre-check method if any conditions exist that allow automatic access to be granted to any one of said multiplicity of objects, and if so, granting access to said one of said multiplicity of objects.
-
17. The storage medium as in claim 13 wherein said step of granting access grants access to said one of said multiplicity of objects if a user of said computer-implemented method is a system administrator.
-
18. The storage medium as in claim 13 wherein said step of granting access grants access to said one of said multiplicity of objects if said one of said multiplicity of objects does not have an associated access control object.
-
19. The storage medium as in claim 13 wherein said step of granting access grants access to said one of said multiplicity of objects if a method of said one of said multiplicity of objects is currently being performed.
-
14. A storage medium encoded with machine-readable computer program code for controlling access to a multiplicity of objects, wherein, when the computer program code is executed by a computer, the computer performs the steps of:
-
a. creating specific access control object types, each including a pre-check method for implementing a pre-defined access control policy;
b. associating each one of said multiplicity of objects to be controlled with one of said access control objects;
c. upon an attempt to invoke a feature of any one of said multiplicity of objects, determining if said one of said multiplicity of objects is linked to an access control object, and if yes;
d. performing the pre-check method for said access control object associated with said one of said multiplicity of objects to determine whether to grant access thereto, wherein access is granted to said one of said multiplicity of objects if a method of said-one of said multiplicity of objects is currently being performed.
-
Specification