Method and apparatus for sharing a security context between different sessions on a database server
First Claim
1. A method for sharing a security context for a given application client between different applications associated with the given application client on a database server, comprising:
- receiving a request at the database server through a database session between the database server and an application on a database client;
looking up an identifier for the given application client that identifies a client of the application, wherein the identifier for the given application client identifies a user of the application that is sending the request to the database server, the identifier having been previously associated with the database session;
using the identifier to look up the security context for the given application client within a storage area associated with the database server;
wherein the security context includes attributes related to the given application client;
wherein only applications associated with the given application client will receive the security context for the given client;
receiving the security context for the given application client from the database client;
inserting the security context into the storage area associated with the database server so that the security context can be indexed by the identifier for the given application client;
performing a database operation to satisfy the request;
wherein performing the database operation involves enforcing access rights associated with the security context; and
allowing the given application client to use the same security context through a second application and a second database session by;
receiving a second request at the database server through the second database session with the second application, looking up the identifier for the given application client, the identifier having been previously associated with the second database session, and using the identifier to look up the security context for the given application client within the storage area associated with the database server.
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system for sharing a security context between different sessions on a database server. The system operates by receiving a request at the database server through a database session between the database server and an application on a database client. The system looks up an identifier for an application client that was previously associated with the database session. The system uses this identifier to look up the security context containing attributes related to the application client within a storage area associated with the database server. Next, the system performs a database operation to satisfy the request and in doing so enforces access rights associated with the security context. In one embodiment of the present invention, the request includes a database query directed to a database on the database server. In one embodiment of the present invention, performing the database operation involves modifying the database query to enforce access rights associated with the security context. In one embodiment of the present invention, the identifier for the application client identifies a user of the application that is sending the request to the database server. In one embodiment of the present invention, the database client is an application server that is sending the request to the database server, and the identifier for the application client identifies an application session between the application on the application server and the client of the application.
84 Citations
18 Claims
-
1. A method for sharing a security context for a given application client between different applications associated with the given application client on a database server, comprising:
-
receiving a request at the database server through a database session between the database server and an application on a database client;
looking up an identifier for the given application client that identifies a client of the application, wherein the identifier for the given application client identifies a user of the application that is sending the request to the database server, the identifier having been previously associated with the database session;
using the identifier to look up the security context for the given application client within a storage area associated with the database server;
wherein the security context includes attributes related to the given application client;
wherein only applications associated with the given application client will receive the security context for the given client;
receiving the security context for the given application client from the database client;
inserting the security context into the storage area associated with the database server so that the security context can be indexed by the identifier for the given application client;
performing a database operation to satisfy the request;
wherein performing the database operation involves enforcing access rights associated with the security context; and
allowing the given application client to use the same security context through a second application and a second database session by;
receiving a second request at the database server through the second database session with the second application, looking up the identifier for the given application client, the identifier having been previously associated with the second database session, and using the identifier to look up the security context for the given application client within the storage area associated with the database server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for sharing a security context for a given application client between different applications associated with the given application client on a database server, the method comprising:
-
receiving a request at the database server through a database session between the database server and an application on a database client;
looking up an identifier for the given application client that identifies a client of the application, wherein the identifier for the given application client identifies a user of the application that is sending the request to the database server, the identifier having been previously associated with the database session;
using the identifier to look up the security context for the given application client within a storage area associated with the database server;
wherein the security context includes attributes related to the given application client;
wherein only applications associated with the given application client will receive the security context for the given client;
receiving the security context for the given application client from the database client;
inserting the security context into the storage area associated with the database server so that the security context can be indexed by the identifier for the given application client;
performing a database operation to satisfy the request;
wherein performing the database operation involves enforcing access rights associated with the security context; and
allowing the given application client to use the same security context through a second application and a second database session by;
receiving a second request at the database server through the second database session with the second application, looking up the identifier for the given application client, the identifier having been previously associated with the second database session, and using the identifier to look up the security context for the given application client within the storage area associated with the database server. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus that facilitates sharing a security context for a given application client between different applications associated with the given application client on a database server, comprising:
-
a receiving mechanism that is configured to receive a request at the database server through a database session between the database server and an application on a database client;
wherein the receiving mechanism is further configured to receive the security context for the given application client from the database client;
wherein the receiving mechanism is further configured to receive a second request at the database server through a second database session between the database server and a second application;
a lookup mechanism that is configured to look up an identifier for an given application client that identifies a client of the application, wherein the identifier for the given application client identifies a user of the application that is sending the request to the database server, the identifier having been previously associated with the database session;
wherein the lookup mechanism is configured to use the identifier to look up the security context for the given application client within a storage area associated with the database server;
wherein the lookup mechanism is further configured to look up the identifier for the given application client, the identifier having been previously associated with the second database session;
wherein the lookup mechanism is further configured to use the identifier to look up the security context for the given application client within the storage area associated with the database server;
wherein the security context includes attributes related to the given application client;
wherein only applications associated with the given application client will receive the security context for the given client;
a security context initialization mechanism that is configured to insert the security context into the storage area associated with the database server so that the security context can be indexed by the identifier for the given application client; and
a database engine that is configured to perform a database operation to satisfy the request;
wherein performing the database operation involves enforcing access rights associated with the security context. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification