Access control in a web application using event filtering
First Claim
Patent Images
1. A computer, comprising:
- a non-transitory computer program product;
a web server, provided on said non-transitory computer program product, comprising a web application capable of assuming a plurality of states and being arranged to process a received event from among a predeterminable set of events to change from one state to another, an event mapper that maps user requests to events, a state machine controller that computes a next application state based on combination of a current state of the state machine, the event received, an environment context and a set of allowed transitions from the current state, a definition file defining the states and the transitions between states based on the events, and a permission record file defining one or more events each corresponding to a role credential, wherein the web application comprises an event filter arranged to consult the role credentials and corresponding events in the permission record file on receipt of an event for a particular user role credential to determine whether to permit or not permit the event to be processed for such user role credential to cause a state transition.
3 Assignments
0 Petitions
Accused Products
Abstract
A web application is described that is capable of assuming a plurality of states and being arranged to process a received event from among a predeterminable set of events to change from one state to another. A permission record defines a set of permitted or forbidden events and the web application comprises an event filter arranged to consult the permission record on receipt of an event in order to determine whether to permit or not permit the event to be processed. Related methods of access control and computer program products are also described.
19 Citations
12 Claims
-
1. A computer, comprising:
-
a non-transitory computer program product; a web server, provided on said non-transitory computer program product, comprising a web application capable of assuming a plurality of states and being arranged to process a received event from among a predeterminable set of events to change from one state to another, an event mapper that maps user requests to events, a state machine controller that computes a next application state based on combination of a current state of the state machine, the event received, an environment context and a set of allowed transitions from the current state, a definition file defining the states and the transitions between states based on the events, and a permission record file defining one or more events each corresponding to a role credential, wherein the web application comprises an event filter arranged to consult the role credentials and corresponding events in the permission record file on receipt of an event for a particular user role credential to determine whether to permit or not permit the event to be processed for such user role credential to cause a state transition. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for access control within a web server computer, comprising:
-
assuming a plurality of states by the web server and the web server being arranged to process a received event from among a predeterminable set of events to change from one state to another; computing by a state machine controller a next application state based on combination of a current state of the state machine, the event received, an environment context and a set of allowed transitions from the current state; defining in a permission record file a set of permitted or forbidden events, each event corresponding to a role credential, mapping user requests to events; and consulting, by the web server, the permission record file on receipt of an event from a user having a particular user role credential to determine whether to permit or not permit the event to cause a change in state of an application. - View Dependent Claims (7, 8)
-
- 9. A non-transitory computer program product containing a web server to assume a plurality of states and to process a received event from among a predeterminable set of events to change from one state to another, the web server comprising program code elements for mapping user requests to events and for providing an event filter for consulting, on receipt of an event, a state machine controller that computes a next application state based on combination of a current state of the state machine, the event received, an environment context and a set of allowed transitions from the current state, a permission record file defining one or more events each corresponding to a role credential to determine whether to permit or not permit the received event to be processed based on a comparison of the received event and an associated role credential with the events and corresponding role credentials in said permission record file.
Specification