User context component in environment services patterns
First Claim
1. A method for maintaining a security profile throughout nested service invocations on a distributed, component-based system, comprising the steps of:
- (a) providing interconnections between distributed components each having nested service invocations;
(b) identifying a user;
(c) associating the user with roles;
(d) creating a user context instance upon successful identification of the user, wherein the user context instance includes information about the user including the roles and a unique user identifier;
(e) receiving a request from the user to invoke a first service on a first component, wherein the first component invokes a second service of a second component such that the user context instance is passed as a parameter from the first component to the second component, and wherein completion of the second service is necessary to complete the first service;
(f) querying the user context instance for the unique user identifier;
(g) comparing the unique user identifier in the user context instance with an access control list for verifying that the user has access to the first component; and
(h) comparing the unique user identifier in the user context instance with an access control list for verifying that the user has access to the second service of the second component.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method are provided for maintaining a security profile throughout nested service invocations on a distributed component-based system. Interconnections are provided between distributed components each having nested service invocations. A user context instance is created upon successful identification of the user. A request is received from the user to invoke a first service on a first component, wherein the first component invokes a second service of a second component, and wherein completion of the second service is necessary to complete the first service. The user context is queried for a unique user identifier. The unique user identifier is compared with an access control list for verifying that the user has access to the first component. The unique user identifier is also compared with an access control list for verifying that the user has access to the second service of the second component.
190 Citations
15 Claims
-
1. A method for maintaining a security profile throughout nested service invocations on a distributed, component-based system, comprising the steps of:
-
(a) providing interconnections between distributed components each having nested service invocations;
(b) identifying a user;
(c) associating the user with roles;
(d) creating a user context instance upon successful identification of the user, wherein the user context instance includes information about the user including the roles and a unique user identifier;
(e) receiving a request from the user to invoke a first service on a first component, wherein the first component invokes a second service of a second component such that the user context instance is passed as a parameter from the first component to the second component, and wherein completion of the second service is necessary to complete the first service;
(f) querying the user context instance for the unique user identifier;
(g) comparing the unique user identifier in the user context instance with an access control list for verifying that the user has access to the first component; and
(h) comparing the unique user identifier in the user context instance with an access control list for verifying that the user has access to the second service of the second component. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program embodied on a computer readable medium for maintaining a security profile throughout nested service invocations on a distributed, component-based system, comprising:
-
(a) a code segment that provides interconnections between distributed components each having nested service invocations;
(b) a code segment that identifies a user;
(c) a code segment that associates the user with roles;
(d) a code segment that creates a user context instance upon successful identification of the user, wherein the user context instance includes information about the user including the roles and a unique user identifier;
(e) a codc segment that receives a request from the user to invoke a first service on a first component, wherein the first component invokes a second service of a second component such that the user context instance is passed as a parameter from the first component to the second component, and wherein completion of the second service is necessary to complete the first service;
(f) a code segment that queries the user context instance for the unique user identifier;
(g) a code segment that compares the unique user identifier in the user context instance with an access control list for verifying that the user has access to the first component; and
(h) a code segment that compares the unique user identifier in the user context instance with an access control list for verifying that the user has access to the second service of the second component. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for maintaining a security profile throughout nested service invocations on a distributed, component-based system, comprising:
-
(a) logic that provides interconnections between distributed components each having nested service invocations;
(b) logic that identifies a user;
(c) logic that associates the user with roles;
(d) logic that creates a user context instance upon successful identification of the user, wherein the user context instance includes information about the user including the roles and a unique user identifier;
(e) logic that receives a request from the user to invoke a first service on a first component, wherein the first component invokes a second service of a second component such that the user context instance is passed as a parameter from the first component to the second component, and wherein completion of the second service is necessary to complete the first service;
(f) logic that queries the user context instance for the unique user identifier;
(g) logic that compares the unique user identifier in the user context instance with an access control list for verifying that the user has access to the first component; and
(h) logic that compares the unique user identifier in the user context instance with an access control list for verifying that the user has access to the second service of the second component. - View Dependent Claims (12, 13, 14, 15)
-
Specification