Method for trapping HTTP logout events and for calling an application specific logout handler

US 7,703,105 B1
Filed: 07/21/2005
Issued: 04/20/2010
Est. Priority Date: 07/21/2005
Status: Active Grant

First Claim

Patent Images

1. A method for trapping an HTTP logout event comprising:

receiving an HTTP request;

checking if a URI of the HTTP request matches an entry in a first map comprising a plurality of logout URI entries for a set of applications;

if the URI of the HTTP request matches an entry in the first map, then triggering a logout event for one of the applications in the set of applications corresponding to the matching entry in the first map;

if the URI of the HTTP request does not match an entry in the first map, then looking for an entry in a second map;

wherein looking for an entry in a second map comprises looking for an entry in a logout parameter map comprising a plurality of logout parameter values for the set of applications that matches a logout request in a list of query parameters in the received HTTP request;

checking for a logout parameter in a list of request query parameters if an entry is found in the logout parameter map;

checking for a logout parameter in a header of the HTTP request if a logout parameter is not found in the list of request query parameters;

checking for permission to inspect a body of the HTTP request if a logout parameter is not found in the header of the HTTP request;

searching for a logout handler in a third map;

calling the logout handler if the logout hander is found in the third map and synchronizing an HTTP session; and

calling a global logout handler if a logout handler is not found in the third map.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of trapping a logout event includes receiving an HTTP request, checking if a URI of the HTTP request matches an entry in a first map, looking for an entry in a second map, checking for a logout parameter in a list of request query parameters, checking for a logout parameter in a header of the HTTP request, checking for a logout parameter in a body of the HTTP request, and triggering a logout event when the first of the entries or parameters if found. The method can be extended to call a logout handler and can be used in a wide range of web-based computing environments and in particular with policy/web/j2ee agents.

Citations

15 Claims

1. A method for trapping an HTTP logout event comprising:
- receiving an HTTP request;
  
  checking if a URI of the HTTP request matches an entry in a first map comprising a plurality of logout URI entries for a set of applications;
  
  if the URI of the HTTP request matches an entry in the first map, then triggering a logout event for one of the applications in the set of applications corresponding to the matching entry in the first map;
  
  if the URI of the HTTP request does not match an entry in the first map, then looking for an entry in a second map;
  
  wherein looking for an entry in a second map comprises looking for an entry in a logout parameter map comprising a plurality of logout parameter values for the set of applications that matches a logout request in a list of query parameters in the received HTTP request;
  
  checking for a logout parameter in a list of request query parameters if an entry is found in the logout parameter map;
  
  checking for a logout parameter in a header of the HTTP request if a logout parameter is not found in the list of request query parameters;
  
  checking for permission to inspect a body of the HTTP request if a logout parameter is not found in the header of the HTTP request;
  
  searching for a logout handler in a third map;
  
  calling the logout handler if the logout hander is found in the third map and synchronizing an HTTP session; and
  
  calling a global logout handler if a logout handler is not found in the third map.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 further comprising continuing the HTTP request if an entry is not found in the logout parameter map.
  - 3. The method of claim 1 further comprising triggering a logout event when a match is found between the logout request and one of the logout parameters.
  - 4. The method of claim 1 further comprising triggering a logout event if a logout parameter is found in the header of the HTTP request.
  - 5. The method of claim 1 further comprising continuing the HTTP request if permission to inspect the body of the HTTP request is not given.
  - 6. The method of claim 1 further comprising checking for a logout parameter in the body of the HTTP request if permission is given.
  - 7. The method of claim 6 further comprising triggering a logout event if a logout parameter is found in the body of the HTTP request.
  - 8. The method of claim 1 further comprising triggering a logout event through the use of cookies.
  - 9. The method of claim 1 further comprising executing a task after triggering the logout event.
  - 10. The method of claim 1 comprising logging out from an identity server.
  - 11. The method of claim 1 comprising logging out from an application/web/portal server.
  - 12. The method of claim 1 further comprising executing logout-related tasks.

13. A method of trapping a logout event sequentially comprising:
- (a) receiving an HTTP request;
  
  (b) checking if a URI of the HTTP request matches one of a plurality of logout URIs mapped to one of a set of applications;
  
  (c) checking for a logout parameter in a list of request query parameters for the set of applications that matches a query parameter in the HTTP request;
  
  (d) checking for a logout parameter in a header of the HTTP request;
  
  (e) checking for a logout parameter in a body of the HTTP request;
  
  (f) triggering a logout event for a corresponding one of the applications in the set of applications after step (b) if the HTTP request matches one of the plurality of logout URIs or after one of steps (c), (d), or (e) if a logout parameter is found;
  
  (g) seeking an application specific logout handler after a logout event is triggered for the corresponding one of the set of applications associated with the HTTP request, wherein the seeking comprises accessing a local logout handler map mapping each application in the set of applications to a logout handler for synchronizing HTTP sessions for the corresponding one of the set of applications; and
  
  (h) continuing processing the HTTP request with a policy agent if a logout event is not triggered.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13 further comprising intercepting the HTTP request before step (a) with a policy agent.
  - 15. The method of claim 13 further comprising the use of a call-back handler to execute housekeeping tasks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Oracle America, Inc. (Oracle Corporation)
Inventors
Chakraborty, Krishnendu, Prabhakar, Arvind
Primary Examiner(s)
Sough; Hyung S
Assistant Examiner(s)
Seye; Abdou K

Application Number

US11/186,214
Time in Patent Office

1,734 Days
Field of Search

719/312
US Class Current

719/312
CPC Class Codes

H04L 67/02   based on web technology, e....

H04L 67/14   Session management for real...

H04L 67/143   Termination or inactivation...

Method for trapping HTTP logout events and for calling an application specific logout handler

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method for trapping HTTP logout events and for calling an application specific logout handler

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links