Uniform resource locator access management and control system and method
First Claim
1. A uniform resource locator (URL) access enforcement system comprising:
- a server having a centrally controlled URL access enforcement system;
a plurality of web-based applications that are accessed via said centrally controlled URL access enforcement system; and
a single sign-on access system coupled to said server for providing single sign-on access authentication and authorization to said plurality of web-based applications for a user,wherein said server comprises a URL access control logic for controlling user access requests to URLs in said server comprising an identification token for uniquely identifying each authenticated user that successfully connects to said server,wherein said URL access control logic further comprises a URL access list comprising a list of URLs that an authenticated user connected to said server accesses, wherein the URL access list comprises an access allow list that comprises a respective list of URLs that each authenticated user is permitted to access, and an access deny list that contains a respective list of URLs that each authenticated user is not permitted to access, wherein said access deny list takes precedence over said access allow list, and wherein a user URL request is compared to said access allow list and said access deny list to determine which URLs an authenticated user is permitted to access,wherein said identification token comprises information indicating whether a user request is subject to URL policy enforcement, andwherein said single sign-on system comprises token listening logic configured to notify each of said plurality web-based applications when said identification token that is assigned to said user expires.
3 Assignments
0 Petitions
Accused Products
Abstract
In an enterprise server environment having a uniform resource locator (URL) access management and control system. The server includes a user authentication logic to authenticate users attempting to connect to the server to access URL file and directories residing in the server. In one embodiment of the present invention, the user is provided with an identification token and a user URL access policy which allows the user'"'"'s credentials to be validated and permitted access to a list of URLs in the directory server. In one embodiment of the present invention, a URL access enforcement logic uses the user'"'"'s URL access policy to determine which URLs in the directory server a user may or may not access. The user'"'"'s URL access policy may include an access deny or an access allow value which respectively denies or allows the user access to particular URL.
264 Citations
18 Claims
-
1. A uniform resource locator (URL) access enforcement system comprising:
-
a server having a centrally controlled URL access enforcement system; a plurality of web-based applications that are accessed via said centrally controlled URL access enforcement system; and a single sign-on access system coupled to said server for providing single sign-on access authentication and authorization to said plurality of web-based applications for a user, wherein said server comprises a URL access control logic for controlling user access requests to URLs in said server comprising an identification token for uniquely identifying each authenticated user that successfully connects to said server, wherein said URL access control logic further comprises a URL access list comprising a list of URLs that an authenticated user connected to said server accesses, wherein the URL access list comprises an access allow list that comprises a respective list of URLs that each authenticated user is permitted to access, and an access deny list that contains a respective list of URLs that each authenticated user is not permitted to access, wherein said access deny list takes precedence over said access allow list, and wherein a user URL request is compared to said access allow list and said access deny list to determine which URLs an authenticated user is permitted to access, wherein said identification token comprises information indicating whether a user request is subject to URL policy enforcement, and wherein said single sign-on system comprises token listening logic configured to notify each of said plurality web-based applications when said identification token that is assigned to said user expires. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An enterprise server system, comprising:
-
authentication service logic for providing single sign-on access authentication and authorization to said server system for a user; session service logic for tracking and monitoring a user access session to directories and files in said server system; profile logic for storing a user profile defining each user'"'"'s access to said directories and said files in said server system; uniform resource locator (URL) access control logic for controlling user access requests to URLs in said server system, wherein said URL access control logic comprises an identification token for uniquely identifying each authenticated user that successfully connects to said server system, wherein said identification token comprises information indicating whether a user request is subject to URL policy enforcement, wherein said URL access control logic further comprises a URL access list comprising a list of URLs that an authenticated user connected to said server accesses, wherein the URL access list comprises an access allow list that comprises a respective list of URLs that each authenticated user is permitted to access, and an access deny list that contains a respective list of URLs that each authenticated user is not permitted to access, wherein said access deny list takes precedence over said access allow list, and wherein a user URL request is compared to said access allow list and said access deny list to determine which URLs an authenticated user is permitted to access; login logic for providing a login interface between each user and said server system; and listening logic configured to notify said server system when said identification token that is assigned to said user expires. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for enforcing uniform resource locator (URL) files and directories in a server environment, said method comprising:
-
authenticating a user URL request transmitted to said server from a user, wherein said server comprises a URL access control logic for controlling user access requests to URLs, wherein said URL access control logic further comprises a URL access list comprising a list of URLs that an authenticated user connected to said server accesses, wherein said URL access list comprises an access allow list comprising a respective list of URLs that each authenticated user is permitted to access, and an access deny list containing a respective list of URLs that each authenticated user is not permitted to access, wherein said access deny list takes precedence over said access allow list; establishing a session for said user URL request to identify said user across different requests to said server; providing an identification token to uniquely identify said user URL request as part of a single sign-on access, wherein said identification token comprises information indicating that a user request is subject to a URL enforcement policy; and retrieving said URL enforcement policy that matches said user URL request; determining which URL files and directories said user URL request can access using said URL enforcement policy, wherein determining which URL files and directories said user URL request accesses comprises comparing said user URL request to said URL access allow list and said URL access deny list; providing single sign-on access authentication and authorization to said URL files and directories for said user; and notifying said URL files and directories when said identification token that is assigned to said user expires using token listening logic. - View Dependent Claims (17, 18)
-
Specification