Controlling transactions in accordance with role based security
First Claim
1. At a computer system, the computer system including a transaction manager, the transaction manager configured to interoperate with one or more other transaction related components to perform transaction related operations within distributed transactions in accordance with a two-phase commit protocol, the one or more other transaction related components selected from among:
- applications, resource managers, databases, message queues, and other transaction managers, a method for controlling a distributed transaction based on role based transaction control information listing transaction related operations the one or more other transaction related components are permitted to assume relative to the transaction manager, the method comprising;
an act of the transaction manager receiving a transaction related message, including a request from a transaction related component to perform a requested transaction related operation within the distributed transaction in accordance with the two-phase commit protocol on behalf of the transaction related component, the requested transaction related operation instructing the transaction manager to communicate with at least one other transaction related component on behalf of the transaction related component, the requested transaction related operation selected from among;
beginning a transaction, marshalling data for a transaction, unmarshalling data for a transaction, enlisting in a transaction, propagating data from the transaction manager, and propagating data to the transaction manager, the corresponding transaction to include the transaction manager, the transaction related component, and the at least one other transaction related component as participants;
in response to receiving the transaction related message;
an act of the transaction manager authenticating that the transaction related message originated from the transaction related component;
an act of the transaction manager referring to the role based transaction control information in response to receiving authentication that the transaction related message originated from the transaction related component, the role based transaction control information having been previously configured by a user and expressly listing transaction related operations the transaction related component is permitted to perform relative to the transaction manager for transactions in which the transaction manager and the transaction related component are participants, the listing permitting the transaction manager to perform transaction related operations on behalf of the transaction related component including one or more of;
beginning a transaction, marshalling data for a transaction, unmarshalling data for a transaction, enlisting in a transaction, propagating data from the transaction manager, and propagating data to the transaction manager;
an act of comparing the requested transaction related operation to the role based transaction control information to determine if the transaction related component is permitted to assume a role of the requested transaction related operation relative to the transaction manager that allows the transaction manager to perform the requested transaction related operation on behalf of the transaction related component; and
an act of implementing the requested transaction related operation in accordance with the results of the comparison.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention extends to methods, systems, and computer program products for controlling transactions in accordance with role based security. A first transaction related component receives a transaction related message from a second transaction related component. The transaction related message indicates a request by the second transaction related component to perform a transaction related operation that is to involve the first transaction related component. The first transaction related component authenticates the second transaction related component. The first transaction related component refers to transaction control information indicating roles the second transaction component is permitted to assume relative to the first transaction related component. The transaction related operation indicated in the request is compared to the permitted roles for the second transaction related component. The transaction related operation is implemented in accordance with the results of the comparison.
-
Citations
20 Claims
-
1. At a computer system, the computer system including a transaction manager, the transaction manager configured to interoperate with one or more other transaction related components to perform transaction related operations within distributed transactions in accordance with a two-phase commit protocol, the one or more other transaction related components selected from among:
- applications, resource managers, databases, message queues, and other transaction managers, a method for controlling a distributed transaction based on role based transaction control information listing transaction related operations the one or more other transaction related components are permitted to assume relative to the transaction manager, the method comprising;
an act of the transaction manager receiving a transaction related message, including a request from a transaction related component to perform a requested transaction related operation within the distributed transaction in accordance with the two-phase commit protocol on behalf of the transaction related component, the requested transaction related operation instructing the transaction manager to communicate with at least one other transaction related component on behalf of the transaction related component, the requested transaction related operation selected from among;
beginning a transaction, marshalling data for a transaction, unmarshalling data for a transaction, enlisting in a transaction, propagating data from the transaction manager, and propagating data to the transaction manager, the corresponding transaction to include the transaction manager, the transaction related component, and the at least one other transaction related component as participants;in response to receiving the transaction related message; an act of the transaction manager authenticating that the transaction related message originated from the transaction related component; an act of the transaction manager referring to the role based transaction control information in response to receiving authentication that the transaction related message originated from the transaction related component, the role based transaction control information having been previously configured by a user and expressly listing transaction related operations the transaction related component is permitted to perform relative to the transaction manager for transactions in which the transaction manager and the transaction related component are participants, the listing permitting the transaction manager to perform transaction related operations on behalf of the transaction related component including one or more of;
beginning a transaction, marshalling data for a transaction, unmarshalling data for a transaction, enlisting in a transaction, propagating data from the transaction manager, and propagating data to the transaction manager;an act of comparing the requested transaction related operation to the role based transaction control information to determine if the transaction related component is permitted to assume a role of the requested transaction related operation relative to the transaction manager that allows the transaction manager to perform the requested transaction related operation on behalf of the transaction related component; and an act of implementing the requested transaction related operation in accordance with the results of the comparison. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- applications, resource managers, databases, message queues, and other transaction managers, a method for controlling a distributed transaction based on role based transaction control information listing transaction related operations the one or more other transaction related components are permitted to assume relative to the transaction manager, the method comprising;
-
14. A computer program product for use at a computer system, the computer system including a transaction manager, the transaction manager configured to interoperate with one or more other transaction related components to perform transaction related operations within distributed transactions in accordance with a two-phase commit protocol, the one or more other transaction related components selected from among:
- applications, resource managers, databases, message queues, and other transaction managers, the computer program product for implementing a method controlling a distributed transaction based on role based transaction control information listing transaction related operations the one or more other transaction related components are permitted to assume relative to the transaction manager, the computer program product comprising one or more computer storage media having stored thereon computer-executable instructions that, when executed by a processor, cause the transaction manager to perform the following;
receive a transaction related message, including a request from a transaction related component to perform a requested transaction related operation within the distributed transaction in accordance with the two-phase commit protocol on behalf of the transaction related component, the requested transaction related operation instructing the transaction manager to communicate with at least one other transaction related component on behalf of the transaction related component, the requested transaction related operation selected from among;
beginning a transaction, marshalling data for a transaction, unmarshalling data for a transaction, enlisting in a transaction, propagating data from the transaction manager, and propagating data to the transaction manager, the corresponding transaction to include the transaction manager, the transaction related component, and the at least one other transaction related component as participants;in response to receiving the transaction related message; authenticate that the transaction related message originated from the transaction related component; refer to the role based transaction control information in response to receiving authentication that the transaction related message originated from the transaction related component, the role based transaction control information having been previously configured by a user and expressly listing transaction related operations the transaction related component is permitted to perform relative to the transaction manager for transactions in which the transaction manager and the transaction related component are participants, the listing permitting the transaction manager to perform transaction related operations on behalf of the transaction related component including one or more of;
beginning a transaction, marshalling data for a transaction, unmarshalling data for a transaction, enlisting in a transaction, propagating data from the transaction manager, and propagating data to the transaction manager;compare the requested transaction related operation to the role based transaction control information to determine if the transaction related component is permitted to assume a role of the requested transaction related operation relative to the transaction manager that allows the transaction manager to perform the requested transaction related operation on behalf of the transaction related component; and implement the requested transaction related operation in accordance with the results of the comparison. - View Dependent Claims (15, 16, 17, 18, 19)
- applications, resource managers, databases, message queues, and other transaction managers, the computer program product for implementing a method controlling a distributed transaction based on role based transaction control information listing transaction related operations the one or more other transaction related components are permitted to assume relative to the transaction manager, the computer program product comprising one or more computer storage media having stored thereon computer-executable instructions that, when executed by a processor, cause the transaction manager to perform the following;
-
20. A computer system, comprising:
-
one or more processors; a system memory; and one or more computer-readable media having stored thereon a transaction manager, the transaction manger configured to perform operations related to distributed transactions in accordance with a two-phase commit protocol based on role based transaction control information listing transaction related operations the one or more other transaction related components are permitted to assume relative to the transaction manager, wherein the distributed transactions are to include the transaction manager and one or more additional other components, the one or more additional other components selected from among;
applications, resource managers, databases, message queues, and other transaction managers, including being configured to;receive a transaction related message from an application, the transaction related message indicating a request by the application for the transaction manager to perform a begin transaction operation within a distributed transaction in accordance with the two-phase commit protocol, the transaction related message indicating that the transaction is to include at least the transaction manager, the application, and a second transaction manager, wherein the second transaction manager is separated from the first transaction manager by a network boundary; authenticate that the transaction related message originated from the application; refer to the role based transaction control information in response to receiving authentication that the transaction related message originated from the application, the role based transaction control information having been previously configured by a user and expressly listing transaction related operations the application and the second transaction manager are permitted to perform relative to the transaction manager for transactions in which the transaction manager, the application, and the second transaction manager are participants, the role based transaction control information including an entry for each of the application and the second transaction manager, the listing permitting the transaction manager to perform one or more transaction related operations on behalf of the application and the second transaction manager, the one or more transaction related operations selected from among;
beginning a transaction, marshalling data for a transaction, unmarshalling data for a transaction, enlisting in a transaction, propagating data from the transaction manager, propagating data to the transaction manager, become a subordinate transaction manager to the transaction manager, and become a superior transaction manager to the transaction manager;compare the begin transaction operation to the role based transaction control information in the entry for the application to determine if the application is permitted to perform a first transaction related operation relative to the transaction manager that allows the transaction manager to begin a transaction in response to a request from the application; determine that the transaction manager is permitted to begin transactions in response to a request from the application based on the results of the comparison; initiate a transaction that is to include the transaction manager, the application, and the second transaction manager in response to the application request; receive a transaction manager request from the second transaction manager to perform a second transaction related operation of becoming either superior or subordinate transaction manager to the second transaction manager; authenticate that the transaction manager request originated from the second transaction manager; refer to the role based transaction control information in response to receiving authentication that the transaction related message originated from the second transaction manager; compare the transaction related operation to the role based transaction control information in the entry for the second transaction manger to determine if the second transaction manager is permitted to perform the second transaction related operation relative to the transaction manager that allows the transaction manager to become either superior or subordinate to the second transaction manager; determine that the second transaction manager is permitted to perform the second transaction related operation relative to the transaction manager that allows the transaction manager to become either superior or subordinate to the second transaction manager; cause the transaction manager to become either superior or subordinate to the second transaction manger in response to receiving the transaction manager request; and simultaneously participate in the transaction, along with the application and the second transaction manager, to transfer data from the application to the second transaction manager in accordance with the two-phase commit protocol.
-
Specification