Automating configuration of software applications

US 8,024,564 B2
Filed: 12/03/2007
Issued: 09/20/2011
Est. Priority Date: 12/06/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method for configuring a software application, comprising:

running the software application on a data processing system;

invoking a plurality of operations of the software application, the execution of each operation requiring a configuration feature of the software application;

verifying, for each operation in the plurality of operations, an availability or a non-availability of a configuration feature required by the operation based on a data structure storing identifiers of available configuration features required by operations in the plurality of operations;

logging an indication of each non-available configuration feature required by each operation to thereby generate logged non-available configuration features;

simulating, for each operation, availability of each non-available configuration feature to enable execution of the operation;

executing each operation based on the simulation of availability of each non-available configuration feature; and

configuring the software application according to the logged non-available configuration features by updating the data structure to include the logged non-available configuration features as available configuration features required by operations in the plurality of operations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A solution is proposed for populating a policy file in a Java environment automatically. For this purpose, there is provided a wrapper for a security manager in charge of controlling any access to protected resources. A generic Java application is run in a test environment. Whenever a specific operation must be executed on a secured resource, the Java application submits a corresponding permission request to the wrapper. The wrapper forwards the permission request to the security manager, which verifies whether the required permission is available in the policy file. The wrapper logs any denied permission. In any case, the wrapper always grants the required permission to the Java application, so that its operation can continue without any problem. At the end of the running of the Java application, the logged missing permissions are added to the policy file.

124 Citations

23 Claims

1. A method for configuring a software application, comprising:
- running the software application on a data processing system;
  
  invoking a plurality of operations of the software application, the execution of each operation requiring a configuration feature of the software application;
  
  verifying, for each operation in the plurality of operations, an availability or a non-availability of a configuration feature required by the operation based on a data structure storing identifiers of available configuration features required by operations in the plurality of operations;
  
  logging an indication of each non-available configuration feature required by each operation to thereby generate logged non-available configuration features;
  
  simulating, for each operation, availability of each non-available configuration feature to enable execution of the operation;
  
  executing each operation based on the simulation of availability of each non-available configuration feature; and
  
  configuring the software application according to the logged non-available configuration features by updating the data structure to include the logged non-available configuration features as available configuration features required by operations in the plurality of operations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein each configuration feature includes an indication of a permission to execute a corresponding operation.
  - 3. The method according to claim 2, wherein verifying comprises verifying the permission to execute each operation, wherein logging comprises, in response to a denial of a permission, logging an indication of the denied permission, and wherein simulating comprises forcing a grant of each permission in response to the denial of the permission.
  - 4. The method according to claim 3, wherein the data structure is a security structure that stores available permissions for execution of the plurality of operations, and wherein updating the data structure comprises updating the security structure according to the logged denied permissions.
  - 5. The method according to claim 4, wherein updating the security structure comprises:
    - adding the logged denied permissions to the security structure.
  - 6. The method according to claim 4, wherein the software application is a Java application and the security structure is a policy file.
  - 7. The method according to claim 2, wherein the permissions are granted or denied by a security module, and wherein verifying comprises:
    - submitting a request for verifying the permission to execute each operation to an auxiliary module wrapping the security module,forwarding the request from the auxiliary module to the security module, andreturning a response indicative of the grant or the denial of the permission from the security module to the auxiliary module, the steps of logging and simulating being performed under the control of the auxiliary module.
  - 8. The method according to claim 1, wherein running, submitting, verifying, logging, simulating, and configuring are executed in a test environment, the method further comprising:
    - deploying the configured software application in a production environment using the updated data structure.

9. A data processing system, comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to;
  
  run a software application on the data processing system;
  
  invoke a plurality of operations of the software application, the execution of each operation requiring a configuration feature of the software application;
  
  verify, for each operation in the plurality of operations, an availability or a non-availability of a configuration feature required by the operation based on a data structure storing identifiers of available configuration features required by operations in the plurality of operations;
  
  log an indication of each non-available configuration feature required by each operation to thereby generate logged non-available configuration features;
  
  simulate, for each operation, availability of each non-available configuration feature to enable execution of the operation;
  
  execute each operation based on the simulation of availability of each non-available configuration feature; and
  
  configure the software application according to the logged non-available configuration features by updating the data structure to include the logged non-available configuration features as available configuration features required by operations in the plurality of operations.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system according to claim 9, wherein each configuration feature includes an indication of a permission to execute a corresponding operation.
  - 11. The system according to claim 10, wherein the instructions cause the processor to verify by verifying the permission to execute each operation, wherein the instructions cause the processor to log, in response to a denial of a permission, an indication of the denied permission, and wherein the instructions cause the processor to simulate by forcing a grant of each permission in response to the denial of the permission.
  - 12. The system according to claim 11, wherein the data structure is a security structure that stores available permissions for execution of the plurality of operations, and wherein updating the data structure comprises updating the security structure according to the logged denied permissions.
  - 13. The system according to claim 12, wherein the instructions cause the processor to update the security structure by:
    - adding the logged denied permissions to the security structure.
  - 14. The system according to claim 12, wherein the software application is a Java application and the security structure is a policy file.
  - 15. The system according to claim 10, wherein the permissions are granted or denied by a security module, and wherein the instructions cause the processor to verify by:
    - submitting a request for verifying the permission to execute each operation to an auxiliary module wrapping the security module,forwarding the request from the auxiliary module to the security module, andreturning a response indicative of the grant or the denial of the permission from the security module to the auxiliary module, the steps of logging and simulating being performed under the control of the auxiliary module.
  - 16. The system according to claim 9, wherein the instructions cause the processor to run, submit, verify, log, simulate, and configure in a test environment, and wherein the instructions further cause the processor to:
    - deploy the configured software application in a production environment using the undated data structure.

17. A computer program product, in a computer readable storage medium having a computer readable program stored thereon, wherein the computer readable program, when executed by a computing device, causes the computing device to:
- run a software application on a data processing system;
  
  invoke a plurality of operations of the software application, the execution of each operation requiring a configuration feature of the software application;
  
  verify, for each operation in the plurality of operations, an availability or a non-availability of a configuration feature required by the operation based on a data structure storing identifiers of available configuration features required by operations in the plurality of operations;
  
  log an indication of each non-available configuration feature required by each operation to thereby generate logged non-available configuration features;
  
  simulate, for each operation, availability of each non-available configuration feature to enable execution of the operation;
  
  execute each operation based on the simulation of availability of each non-available configuration feature; and
  
  configure the software application according to the logged non-available configuration features by updating the data structure to include the logged non-available configuration features as available configuration features required by operations in the plurality of operations.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The computer program product according to claim 17, wherein each configuration feature includes an indication of a permission to execute a corresponding operation.
  - 19. The computer program product according to claim 18, wherein the computer readable program causes the computing device to verify by verifying the permission to execute each operation, wherein the computer readable program causes the computing device to log, in response to a denial of a permission, an indication of the denied permission, and wherein the computer readable program causes the computing device to simulate by forcing a grant of each permission in response to the denial of the permission.
  - 20. The computer program product according to claim 19, wherein the data structure is a security structure that stores available permissions for execution of the plurality of operations, and wherein updating the data structure comprises updating the security structure according to the logged denied permissions.
  - 21. The computer program product according to claim 20, wherein the computer readable program causes the computing device to update the security structure by:
    - adding the logged denied permissions to the security structure.
  - 22. The computer program product according to claim 18, wherein the permissions are granted or denied by a security module, and wherein the computer readable program causes the computing device to verify by:
    - submitting a request for verifying the permission to execute each operation to an auxiliary module wrapping the security module,forwarding the request from the auxiliary module to the security module, andreturning a response indicative of the grant or the denial of the permission from the security module to the auxiliary module, the steps of logging and simulating being performed under the control of the auxiliary module.
  - 23. The computer program product according to claim 17, wherein the computer readable program causes the computing device to run, submit, verify, log, simulate, and configure in a test environment, and wherein the computer readable program further causes the computing device to:
    - deploy the configured software application in a production environment using the updated data structure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Ferrari, Gaetano, Bassani, Manuela, Secchi, Marco, Morgia, Claudio
Primary Examiner(s)
Zee; Edward

Application Number

US11/949,210
Publication Number

US 20080250493A1
Time in Patent Office

1,387 Days
Field of Search

726/22, 726/1, 726/2, 726/16, 726/17, 726/21, 713/164, 713/166, 717/127, 717/118, 719/318
US Class Current

713/164
CPC Class Codes

G06F 21/604 Tools and structures for ma...

Automating configuration of software applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

124 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Automating configuration of software applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others