Access control in a web application using event filtering

US 7,735,119 B2
Filed: 05/06/2005
Issued: 06/08/2010
Est. Priority Date: 05/07/2004
Status: Active Grant

First Claim

Patent Images

1. A computer, comprising:

a non-transitory computer program product;

a web server, provided on said non-transitory computer program product, comprising a web application capable of assuming a plurality of states and being arranged to process a received event from among a predeterminable set of events to change from one state to another, an event mapper that maps user requests to events, a state machine controller that computes a next application state based on combination of a current state of the state machine, the event received, an environment context and a set of allowed transitions from the current state, a definition file defining the states and the transitions between states based on the events, and a permission record file defining one or more events each corresponding to a role credential, wherein the web application comprises an event filter arranged to consult the role credentials and corresponding events in the permission record file on receipt of an event for a particular user role credential to determine whether to permit or not permit the event to be processed for such user role credential to cause a state transition.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A web application is described that is capable of assuming a plurality of states and being arranged to process a received event from among a predeterminable set of events to change from one state to another. A permission record defines a set of permitted or forbidden events and the web application comprises an event filter arranged to consult the permission record on receipt of an event in order to determine whether to permit or not permit the event to be processed. Related methods of access control and computer program products are also described.

19 Citations

View as Search Results

12 Claims

1. A computer, comprising:
- a non-transitory computer program product;
  
  a web server, provided on said non-transitory computer program product, comprising a web application capable of assuming a plurality of states and being arranged to process a received event from among a predeterminable set of events to change from one state to another, an event mapper that maps user requests to events, a state machine controller that computes a next application state based on combination of a current state of the state machine, the event received, an environment context and a set of allowed transitions from the current state, a definition file defining the states and the transitions between states based on the events, and a permission record file defining one or more events each corresponding to a role credential, wherein the web application comprises an event filter arranged to consult the role credentials and corresponding events in the permission record file on receipt of an event for a particular user role credential to determine whether to permit or not permit the event to be processed for such user role credential to cause a state transition.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer as claimed in claim 1 wherein the dynamic generation of a web page is triggered on entry to at least some of the states.
  - 3. The computer as claimed in claim 1 wherein at least some of the states correspond to user interface views of the web application.
  - 4. The computer as claimed in claim 1 wherein the event filter is part of a state machine controller that controls transitions between the states and that interacts with business logic.
  - 5. The computer as claimed in claim 1 wherein the permission record file further defines, for at least one defined event, a state of the web application, and the event filter being arranged to further determine the current state of the application and a user role credential for a received event to determine whether to permit or not permit the received event to be processed.

6. A method for access control within a web server computer, comprising:
- assuming a plurality of states by the web server and the web server being arranged to process a received event from among a predeterminable set of events to change from one state to another;
  
  computing by a state machine controller a next application state based on combination of a current state of the state machine, the event received, an environment context and a set of allowed transitions from the current state;
  
  defining in a permission record file a set of permitted or forbidden events, each event corresponding to a role credential, mapping user requests to events; and
  
  consulting, by the web server, the permission record file on receipt of an event from a user having a particular user role credential to determine whether to permit or not permit the event to cause a change in state of an application.
- View Dependent Claims (7, 8)
- - 7. The method as claimed in claim 6 comprising triggering dynamic generation of a web page on entry to at least some of the states.
  - 8. The method as claimed in claim 6 wherein the permission record file includes for at least one event and corresponding role credential, and said method further comprising determining the current state of the application, and consulting said permission record file to determine whether to permit or not permit the event to be processed to change the state of the application.

9. A non-transitory computer program product containing a web server to assume a plurality of states and to process a received event from among a predeterminable set of events to change from one state to another, the web server comprising program code elements for mapping user requests to events and for providing an event filter for consulting, on receipt of an event, a state machine controller that computes a next application state based on combination of a current state of the state machine, the event received, an environment context and a set of allowed transitions from the current state, a permission record file defining one or more events each corresponding to a role credential to determine whether to permit or not permit the received event to be processed based on a comparison of the received event and an associated role credential with the events and corresponding role credentials in said permission record file.
- View Dependent Claims (10, 11, 12)
- - 10. The non-transitory computer program product as claimed in claim 9 comprising program code elements for providing an event mapper for mapping http requests received from a web browser to events.
  - 11. The non-transitory computer program product as claimed in claim 9 wherein the event filter is part of a state machine controller.
  - 12. The non-transitory computer program product as claimed in claim 9 wherein the event filter is arranged to determine the current state of the application in order to determine whether to permit or not permit an event to be processed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Marqeta, Inc.
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Fouche, Pierre, Manfredi, Raphael
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Nobahar; Abdulhakim

Application Number

US11/124,549
Publication Number

US 20050262099A1
Time in Patent Office

1,859 Days
Field of Search

726 2- 4, 707/9, 707/10
US Class Current

726/4
CPC Class Codes

G06F 9/542   Event management; Broadcast...

H04L 63/102   Entity profiles

H04L 63/168   above the transport layer

Access control in a web application using event filtering

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Access control in a web application using event filtering

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links