Systems and methods for integration adapter security
First Claim
Patent Images
1. A system for restricting access to an enterprise information system for a validated system user, comprising:
- a computer including an application server running thereon;
an intermediate abstraction layer at the application server, including an application view component that provides an interface between a client application and an enterprise information system, and allows the client application to communicate requests for resources to the enterprise information system;
a security service in communication with the intermediate abstraction layer that, for each request from the client application for a particular resource at the enterprise information system, determines an entitlement and an initiating security principal for the request;
a plurality of J2EE Connector Architecture (JCA) resource adapters within the intermediate abstraction layer, that are adapted to receive the requests from the application view component and to subsequently communicate the requests to the enterprise information system, wherein each of the plurality of resource adapters is associated with a specific resource offered by the enterprise information system, and wherein each resource uses its own resource appropriate principal, and wherein each of the plurality of resource adapters includes a security principal map that is used by the security service to map the initiating security principal used by the client application to the resource-appropriate security principal used by the enterprise information system for that resource; and
wherein the application server upon receiving a request from a client application to access a resource at the enterprise information system, first validates the user using the security service, and then uses an appropriate adapter together with the security principal map of the appropriate adapter to map the initiating security principal to the resource-appropriate principal, before sending the request to the enterprise information and thereafter using the resource appropriate principal to access the resource,wherein the application view uses XML as a common language among client applications, and wherein XML-encoded service and event definitions are used to expose application capabilities, wherein XML schemas can be used to define the data for services and events between the client applications and the enterprise information system.
3 Assignments
0 Petitions
Accused Products
Abstract
An application view, which can represent a self-describing interface to functionality in a resource such as an application or enterprise system, can configure a security principal for a validated system user. A resource adapter can receive the request from the application view and can use a security principal map to map the security principal to a resource-appropriate principal. The resource adapter can perform a resource sign-on in a manner specific to the resource using the resource-appropriate principal.
386 Citations
19 Claims
-
1. A system for restricting access to an enterprise information system for a validated system user, comprising:
-
a computer including an application server running thereon; an intermediate abstraction layer at the application server, including an application view component that provides an interface between a client application and an enterprise information system, and allows the client application to communicate requests for resources to the enterprise information system; a security service in communication with the intermediate abstraction layer that, for each request from the client application for a particular resource at the enterprise information system, determines an entitlement and an initiating security principal for the request; a plurality of J2EE Connector Architecture (JCA) resource adapters within the intermediate abstraction layer, that are adapted to receive the requests from the application view component and to subsequently communicate the requests to the enterprise information system, wherein each of the plurality of resource adapters is associated with a specific resource offered by the enterprise information system, and wherein each resource uses its own resource appropriate principal, and wherein each of the plurality of resource adapters includes a security principal map that is used by the security service to map the initiating security principal used by the client application to the resource-appropriate security principal used by the enterprise information system for that resource; and wherein the application server upon receiving a request from a client application to access a resource at the enterprise information system, first validates the user using the security service, and then uses an appropriate adapter together with the security principal map of the appropriate adapter to map the initiating security principal to the resource-appropriate principal, before sending the request to the enterprise information and thereafter using the resource appropriate principal to access the resource, wherein the application view uses XML as a common language among client applications, and wherein XML-encoded service and event definitions are used to expose application capabilities, wherein XML schemas can be used to define the data for services and events between the client applications and the enterprise information system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for restricting access to a resource for a validated system user, comprising the steps of:
-
providing a computer including an application server running thereon; providing an intermediate abstraction layer at the application server, including an application view component that operates that provides an interface between a client application and an enterprise information system, and allows the client application to communicate requests for resources to the enterprise information system; providing a security service in communication with the intermediate abstraction layer that, for each request from the client application for a particular resource at the enterprise information system, determines an entitlement and an initiating security principal for the request; providing a plurality of J2EE Connector Architecture (JCA) resource adapters within the intermediate abstraction layerjhat are adapted to receive the requests from the application view component and to subsequently communicate the requests to the enterprise information system, wherein each of the plurality of resource adapters is associated with a specific resource offered by the enterprise information system, and wherein each resource uses its own resource appropriate principal, and wherein each of the plurality of resource adapters includes a security principal map that is used by the security service to map the initiating security principal used by the client application to the resource-appropriate security principal used by the enterprise information system for that resource; and receiving a request from a client application at the application server to access a resource at the enterprise information system, using the security service to validate the user, and then using an appropriate adapter together with the security principal map of the appropriate adapter to map the initiating security principal provided by the security service to the resource-appropriate principal, and to thereafter use the resource appropriate principal to allow the client application to access the resource, wherein the application view uses XML as a common language among client applications, and wherein XML-encoded service and event definitions are used to expose application capabilities, wherein XML schemas can be used to define the data for services and events between the client applications and the enterprise information system. - View Dependent Claims (11, 12, 13)
-
-
14. A system for providing secure access to a resource at an enterprise information system, comprising:
-
a computer including an application server running thereon;
an intermediate abstraction layer at the application server, including an application view component that provides an interface between a client application and an enterprise information system, and allows the client application to communicate requests for resources to the enterprise information system;a security service in communication with the intermediate abstraction layer that operates within the application server, and that for each request from the client application for a particular resource, determines an entitlement and an initiating security principal for the request; a plurality of J2EE Connector Architecture (JCA) resource adapters within the intermediate abstraction layer, that are adapted to receive the requests from the application view component and to subsequently communicate the requests to the enterprise information system, wherein each of the plurality of resource adapters is associated with a specific resource offered by the enterprise information system, and wherein each resource uses its own resource appropriate principal, and wherein each of the plurality of resource adapters includes a security principal map that is used by the security service to map the initiating security principal used by the client application to the resource-appropriate security principal used by the enterprise information system for that resource; and
wherein the application server upon receiving a request from a client application to access a resource, validates the user using the security service, and then uses an appropriate adapter for the resource, together with the security principal map of the appropriate adapter to map the initiating security principal provided by the security service to the resource-appropriate principal,and to use the resource-appropriate principal to communicate the request to the resource wherein the application view uses XML as a common language among client applications, and wherein XML-encoded service and event definitions are used to expose application capabilities, wherein XML schemas can be used to define the data for services and events between the client applications and the enterprise information system. - View Dependent Claims (15, 16)
-
-
17. A method of providing secure access to a resource at an enterprise information system, comprising the steps of:
-
starting an application server environment; providing an intermediate abstraction layer at the application server, including an application view component that operates provides an interface between a client application and an enterprise information system, and allows the client application to communicate requests for resources to the enterprise information system; operating a security service in communication with the intermediate abstraction layer that for each request from the client application for a particular resource, determines an entitlement and an initiating security principal for the request; providing a plurality of J2EE Connector Architecture (JCA) resource adapters within the intermediate abstraction layer, that are adapted to receive the requests from the application view component and to subsequently communicate the requests to the enterprise information system, wherein each of the plurality of resource adapters is associated with a specific resource offered by the enterprise information system, and wherein each resource uses its own resource appropriate principal, and wherein each of the plurality of resource adapters includes a security principal map that is used by the security service to map the initiating security principal used by the client application to the resource-appropriate security principal used by the enterprise information system for that resource; and wherein the application server upon receiving a request from a client application to access a resource, validates the user using the security service, and then uses an appropriate adapter for the resource, together with the security principal map of the appropriate adapter to map the initiating security principal provided by the security service to the resource-appropriate principal, and to use the resource-appropriate principal to communicate the request to the resource, wherein the application view uses XML as a common language among client applications, and wherein XML-encoded service and event definitions are used to expose application capabilities, wherein XML schemas can be used to define the data for services and events between the client applications and the enterprise information system. - View Dependent Claims (18, 19)
-
Specification