Systems and methods for integration adapter security

US 7,546,462 B2
Filed: 10/15/2002
Issued: 06/09/2009
Est. Priority Date: 10/18/2001
Status: Active Grant

First Claim

Patent Images

1. A system for restricting access to an enterprise information system for a validated system user, comprising:

a computer including an application server running thereon;

an intermediate abstraction layer at the application server, including an application view component that provides an interface between a client application and an enterprise information system, and allows the client application to communicate requests for resources to the enterprise information system;

a security service in communication with the intermediate abstraction layer that, for each request from the client application for a particular resource at the enterprise information system, determines an entitlement and an initiating security principal for the request;

a plurality of J2EE Connector Architecture (JCA) resource adapters within the intermediate abstraction layer, that are adapted to receive the requests from the application view component and to subsequently communicate the requests to the enterprise information system, wherein each of the plurality of resource adapters is associated with a specific resource offered by the enterprise information system, and wherein each resource uses its own resource appropriate principal, and wherein each of the plurality of resource adapters includes a security principal map that is used by the security service to map the initiating security principal used by the client application to the resource-appropriate security principal used by the enterprise information system for that resource; and

wherein the application server upon receiving a request from a client application to access a resource at the enterprise information system, first validates the user using the security service, and then uses an appropriate adapter together with the security principal map of the appropriate adapter to map the initiating security principal to the resource-appropriate principal, before sending the request to the enterprise information and thereafter using the resource appropriate principal to access the resource,wherein the application view uses XML as a common language among client applications, and wherein XML-encoded service and event definitions are used to expose application capabilities, wherein XML schemas can be used to define the data for services and events between the client applications and the enterprise information system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An application view, which can represent a self-describing interface to functionality in a resource such as an application or enterprise system, can configure a security principal for a validated system user. A resource adapter can receive the request from the application view and can use a security principal map to map the security principal to a resource-appropriate principal. The resource adapter can perform a resource sign-on in a manner specific to the resource using the resource-appropriate principal.

386 Citations

19 Claims

1. A system for restricting access to an enterprise information system for a validated system user, comprising:
- a computer including an application server running thereon;
  
  an intermediate abstraction layer at the application server, including an application view component that provides an interface between a client application and an enterprise information system, and allows the client application to communicate requests for resources to the enterprise information system;
  
  a security service in communication with the intermediate abstraction layer that, for each request from the client application for a particular resource at the enterprise information system, determines an entitlement and an initiating security principal for the request;
  
  a plurality of J2EE Connector Architecture (JCA) resource adapters within the intermediate abstraction layer, that are adapted to receive the requests from the application view component and to subsequently communicate the requests to the enterprise information system, wherein each of the plurality of resource adapters is associated with a specific resource offered by the enterprise information system, and wherein each resource uses its own resource appropriate principal, and wherein each of the plurality of resource adapters includes a security principal map that is used by the security service to map the initiating security principal used by the client application to the resource-appropriate security principal used by the enterprise information system for that resource; and
  
  wherein the application server upon receiving a request from a client application to access a resource at the enterprise information system, first validates the user using the security service, and then uses an appropriate adapter together with the security principal map of the appropriate adapter to map the initiating security principal to the resource-appropriate principal, before sending the request to the enterprise information and thereafter using the resource appropriate principal to access the resource,wherein the application view uses XML as a common language among client applications, and wherein XML-encoded service and event definitions are used to expose application capabilities, wherein XML schemas can be used to define the data for services and events between the client applications and the enterprise information system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A system according to claim 1, wherein:
    - the resource adapter is further adapted to invoke functionality in the resource and expose that functionality through the application view component.
  - 3. A system according to claim 1, wherein:
    - the application view component further provides a self-describing interface to services and events in the resource.
  - 4. A system according to claim 1, further comprising:
    - a resource consisting of an enterprise system.
  - 5. A system according to claim 1, wherein:
    - the application view component is specific to the resource adapter.
  - 6. A system according to claim 1, wherein:
    - the application view component is further adapted to allow the setting and management of multiple levels of access and security in configuring a security principal.
  - 7. A system according to claim 1, further comprising:
    - an application component adapted to validate a user as a validated system user.
  - 8. A system according to claim 1, further comprising:
    - an application integration service adapted to run as a security principal for the application view component.
  - 9. A system according to claim 1, further comprising:
    - a ConnectionSpec object adapted to be used by the application view component to set credentials for the resource.

10. A method for restricting access to a resource for a validated system user, comprising the steps of:
- providing a computer including an application server running thereon;
  
  providing an intermediate abstraction layer at the application server, including an application view component that operates that provides an interface between a client application and an enterprise information system, and allows the client application to communicate requests for resources to the enterprise information system;
  
  providing a security service in communication with the intermediate abstraction layer that, for each request from the client application for a particular resource at the enterprise information system, determines an entitlement and an initiating security principal for the request;
  
  providing a plurality of J2EE Connector Architecture (JCA) resource adapters within the intermediate abstraction layerjhat are adapted to receive the requests from the application view component and to subsequently communicate the requests to the enterprise information system, wherein each of the plurality of resource adapters is associated with a specific resource offered by the enterprise information system, and wherein each resource uses its own resource appropriate principal, and wherein each of the plurality of resource adapters includes a security principal map that is used by the security service to map the initiating security principal used by the client application to the resource-appropriate security principal used by the enterprise information system for that resource; and
  
  receiving a request from a client application at the application server to access a resource at the enterprise information system, using the security service to validate the user, and then using an appropriate adapter together with the security principal map of the appropriate adapter to map the initiating security principal provided by the security service to the resource-appropriate principal, and to thereafter use the resource appropriate principal to allow the client application to access the resource,wherein the application view uses XML as a common language among client applications, and wherein XML-encoded service and event definitions are used to expose application capabilities, wherein XML schemas can be used to define the data for services and events between the client applications and the enterprise information system.
- View Dependent Claims (11, 12, 13)
- - 11. A method according to claim 10, further comprising:
    - invoking functionality in the resource and exposing that functionality through the interface.
  - 12. A method according to claim 10, further comprising:
    - setting and managing of multiple levels of access and security to be used in configuring a security principal.
  - 13. A method according to claim 10, further comprising:
    - validating a user as a validated system user.

14. A system for providing secure access to a resource at an enterprise information system, comprising:
- a computer including an application server running thereon;
  
  an intermediate abstraction layer at the application server, including an application view component that provides an interface between a client application and an enterprise information system, and allows the client application to communicate requests for resources to the enterprise information system;
  
  a security service in communication with the intermediate abstraction layer that operates within the application server, and that for each request from the client application for a particular resource, determines an entitlement and an initiating security principal for the request;
  
  a plurality of J2EE Connector Architecture (JCA) resource adapters within the intermediate abstraction layer, that are adapted to receive the requests from the application view component and to subsequently communicate the requests to the enterprise information system, wherein each of the plurality of resource adapters is associated with a specific resource offered by the enterprise information system, and wherein each resource uses its own resource appropriate principal, and wherein each of the plurality of resource adapters includes a security principal map that is used by the security service to map the initiating security principal used by the client application to the resource-appropriate security principal used by the enterprise information system for that resource; and
  
  wherein the application server upon receiving a request from a client application to access a resource, validates the user using the security service, and then uses an appropriate adapter for the resource, together with the security principal map of the appropriate adapter to map the initiating security principal provided by the security service to the resource-appropriate principal,and to use the resource-appropriate principal to communicate the request to the resource wherein the application view uses XML as a common language among client applications, and wherein XML-encoded service and event definitions are used to expose application capabilities, wherein XML schemas can be used to define the data for services and events between the client applications and the enterprise information system.
- View Dependent Claims (15, 16)
- - 15. The system of claim 14 wherein the application container is an Enterprise Java Beans ENTERPRISE JAVABEANS container as defined by the ENTERPRISE JAVABEANS specification.
  - 16. The system of claim 14 wherein the security service further comprises a plurality of access decision devices that define an access policy, and wherein each of the plurality of access decision devices can determine its own contributory decision to permit, deny, or abstain from allowing the access request.

17. A method of providing secure access to a resource at an enterprise information system, comprising the steps of:
- starting an application server environment;
  
  providing an intermediate abstraction layer at the application server, including an application view component that operates provides an interface between a client application and an enterprise information system, and allows the client application to communicate requests for resources to the enterprise information system;
  
  operating a security service in communication with the intermediate abstraction layer that for each request from the client application for a particular resource, determines an entitlement and an initiating security principal for the request;
  
  providing a plurality of J2EE Connector Architecture (JCA) resource adapters within the intermediate abstraction layer, that are adapted to receive the requests from the application view component and to subsequently communicate the requests to the enterprise information system, wherein each of the plurality of resource adapters is associated with a specific resource offered by the enterprise information system, and wherein each resource uses its own resource appropriate principal, and wherein each of the plurality of resource adapters includes a security principal map that is used by the security service to map the initiating security principal used by the client application to the resource-appropriate security principal used by the enterprise information system for that resource; and
  
  wherein the application server upon receiving a request from a client application to access a resource, validates the user using the security service, and then uses an appropriate adapter for the resource, together with the security principal map of the appropriate adapter to map the initiating security principal provided by the security service to the resource-appropriate principal, and to use the resource-appropriate principal to communicate the request to the resource, wherein the application view uses XML as a common language among client applications, and wherein XML-encoded service and event definitions are used to expose application capabilities, wherein XML schemas can be used to define the data for services and events between the client applications and the enterprise information system.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17 wherein the application container is an Enterprise Java Beans ENTERPRISE JAVABEANS container as defined by the ENTERPRISE JAVABEANS specification.
  - 19. The method of claim 17 wherein the security service further comprises a plurality of access decision devices that define an access policy, and wherein each of the plurality of access decision devices can determine its own contributory decision to permit, deny, or abstain from allowing the access request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Upton, Mitch
Primary Examiner(s)
Moazzami; Nasser G
Assistant Examiner(s)
Reza; Mohammad W

Application Number

US10/271,215
Publication Number

US 20030097574A1
Time in Patent Office

2,429 Days
Field of Search

713153-200, 380/201, 380/203, 380/209, 705/57, 709/26, 726/4
US Class Current

713/170
CPC Class Codes

G06F 2209/544   Remote

G06F 9/541   via adapters, e.g. between ...

G06F 9/542   Event management; Broadcast...

G06Q 10/103   Workflow collaboration or p...

Y10S 707/99943   Generating database or data...

Y10S 707/99945   Object-oriented database st...

Systems and methods for integration adapter security

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

386 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for integration adapter security

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

386 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others