User role mapping in web applications

US 8,136,150 B2
Filed: 11/02/2010
Issued: 03/13/2012
Est. Priority Date: 09/22/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

a reverse proxy server storing a plurality of application role mappings, each application role mapping defining an application resource that a web application is allowed to access;

the reverse proxy server receiving a request from a user for a first web application, the first web application being associated with at least one of the plurality of stored application role mappings;

based upon the at least one of the plurality of stored application role mappings, the reverse proxy server determining a first user role for the first web application requested by the user;

the reverse proxy server sending the determined first user role as part of a HTTP header to the first web application;

wherein the first web application uses the first user role, without doing an independent mapping of the user to a role, to generate a display of the first web application suitable for use according to the determined first user role for the first web application;

identifying a tag in code that is included in the display of the first web application that refers to a second web application; and

inserting the second web application into the generated display.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Roles and policies are used to provide display and access to data in a flexible manner. Users and/or web applications can be mapped to user roles that dictate which displays or other application resources are available to the user or application. Roles are assigned to web applications individually, allowing for user roles to be used without requiring an independent mapping of users to roles. In some cases, application roles can be centrally managed, so that presentation systems also avoid the need for an independent mapping of user or application roles.

97 Citations

View as Search Results

18 Claims

1. A method comprising:
- a reverse proxy server storing a plurality of application role mappings, each application role mapping defining an application resource that a web application is allowed to access;
  
  the reverse proxy server receiving a request from a user for a first web application, the first web application being associated with at least one of the plurality of stored application role mappings;
  
  based upon the at least one of the plurality of stored application role mappings, the reverse proxy server determining a first user role for the first web application requested by the user;
  
  the reverse proxy server sending the determined first user role as part of a HTTP header to the first web application;
  
  wherein the first web application uses the first user role, without doing an independent mapping of the user to a role, to generate a display of the first web application suitable for use according to the determined first user role for the first web application;
  
  identifying a tag in code that is included in the display of the first web application that refers to a second web application; and
  
  inserting the second web application into the generated display.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - the reverse proxy server receiving an indication of one or more roles supported by the first web application from an administrator by way of an administrative user interface at the reverse proxy server.
  - 3. The method of claim 1, wherein the second web application uses a second user role different from the first user role identified for the first web application.
  - 4. The method of claim 3, further comprising sending the second user role as part of the HTTP header sent to the second web application.
  - 5. The method of claim 3, further comprising:
    - determining the second user role corresponding to the second web application;
      
      including code from each of the first web application and the second web application in the generated display, wherein the code included from the first web application is based on the first user role and the code included from the second web application is based on the second user role.
  - 6. The method of claim 1, the method further comprising providing the generated display to the user that requested the first web application.

7. A system comprising:
- a storage medium storing a plurality of application role mappings, each application role mapping defining an application resource that a web application is allowed to access;
  
  a server in communication with the storage medium, the server configured to;
  
  receive a request from a user for a first web application at a reverse proxy server, the first web application being associated with at least one of the plurality of stored application role mappings;
  
  based upon the at least one of the plurality of stored application role mappings, determine a proper first user role for the first web application requested by the user at the reverse proxy server;
  
  send the determined first user role as part of a HTTP header to the first web application;
  
  wherein the first web application uses the user role, without doing an independent mapping of the user to a role, to generate a presentation of the first web application suitable for use according to the determined first user role for the first web applicationidentify a tag in code that is included in the presentation of the first web application that refers to a second web application; and
  
  insert the second web application into the generated presentation.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, the processor further configured to:
    - receive an indication of one or more roles supported by the first web application from an administrator by way of an administrative user interface at the reverse proxy server.
  - 9. The system of claim 7, wherein the second web application uses a second user role different from the first user role identified for the first web application.
  - 10. The system of claim 9, the server further configured to send the second user role as part of the HTTP header sent to the second web application.
  - 11. The system of claim 9, the server further configured to:
    - determine the second user role corresponding to the second web application;
      
      include code from each of the first web application and the second web application in the generated presentation, wherein the code included from the first web application is based on the first user role and the code included from the second web application is based on the second user role.
  - 12. The system of claim 7, the server further configured to provide the generated presentation to the user that requested the first web application.

13. A non-transitory computer-readable storage medium storing a plurality of instructions that cause a processor to:
- store a plurality of application role mappings, each application role mapping defining an application resource that a web application is allowed to access;
  
  receive a request from a user for a first web application at the reverse proxy server, the first web application being associated with at least one of the plurality of stored application role mappings;
  
  based upon the at least one of the plurality of stored application role mappings, determine a proper first user role for the first web application requested by the user at the reverse proxy server;
  
  send the determined first user role as part of a HTTP header to the first web application;
  
  wherein the first web application uses the user role, without doing an independent mapping of the user to a role, to generate a presentation of the first web application suitable for use according to the determined first user role for the first web application;
  
  identify a tag in code included in the presentation of the first web application that refers to a second web application; and
  
  insert the second web application into the generated presentation.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable storage medium of claim 13, the instructions further causing the processor to:
    - receive an indication of one or more roles supported by the first web application from an administrator by way of an administrative user interface at the reverse proxy server.
  - 15. The non-transitory computer-readable storage medium of claim 13, wherein the second web application uses a second user role different from the first user role identified for the first web application.
  - 16. The non-transitory computer-readable storage medium of claim 15, the instructions further causing the processor to send the second user role as part of the HTTP header sent to the second web application.
  - 17. The non-transitory computer-readable storage medium of claim 16, the instructions further causing the processor to:
    - determine the second user role corresponding to the second web application;
      
      include code from each of the first web application and the second web application in the generated presentation, wherein the code included from the first web application is based on the first user role and the code included from the second web application is based on the second user role.
  - 18. The non-transitory computer-readable storage medium of claim 13, the instructions further causing the processor to provide the generated presentation to the user that requested the first web application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Hayler, Don L., Vu, Daniel
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US12/917,764
Publication Number

US 20110047611A1
Time in Patent Office

497 Days
Field of Search

None
US Class Current

726/12
CPC Class Codes

G06F 12/1466   Key-lock mechanism

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

User role mapping in web applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

97 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

User role mapping in web applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links