User role mapping in web applications
First Claim
Patent Images
1. A method comprising:
- a reverse proxy server storing a plurality of application role mappings, each application role mapping defining an application resource that a web application is allowed to access;
the reverse proxy server receiving a request from a user for a first web application, the first web application being associated with at least one of the plurality of stored application role mappings;
based upon the at least one of the plurality of stored application role mappings, the reverse proxy server determining a first user role for the first web application requested by the user;
the reverse proxy server sending the determined first user role as part of a HTTP header to the first web application;
wherein the first web application uses the first user role, without doing an independent mapping of the user to a role, to generate a display of the first web application suitable for use according to the determined first user role for the first web application;
identifying a tag in code that is included in the display of the first web application that refers to a second web application; and
inserting the second web application into the generated display.
1 Assignment
0 Petitions
Accused Products
Abstract
Roles and policies are used to provide display and access to data in a flexible manner. Users and/or web applications can be mapped to user roles that dictate which displays or other application resources are available to the user or application. Roles are assigned to web applications individually, allowing for user roles to be used without requiring an independent mapping of users to roles. In some cases, application roles can be centrally managed, so that presentation systems also avoid the need for an independent mapping of user or application roles.
97 Citations
18 Claims
-
1. A method comprising:
-
a reverse proxy server storing a plurality of application role mappings, each application role mapping defining an application resource that a web application is allowed to access; the reverse proxy server receiving a request from a user for a first web application, the first web application being associated with at least one of the plurality of stored application role mappings; based upon the at least one of the plurality of stored application role mappings, the reverse proxy server determining a first user role for the first web application requested by the user; the reverse proxy server sending the determined first user role as part of a HTTP header to the first web application; wherein the first web application uses the first user role, without doing an independent mapping of the user to a role, to generate a display of the first web application suitable for use according to the determined first user role for the first web application; identifying a tag in code that is included in the display of the first web application that refers to a second web application; and inserting the second web application into the generated display. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
a storage medium storing a plurality of application role mappings, each application role mapping defining an application resource that a web application is allowed to access; a server in communication with the storage medium, the server configured to; receive a request from a user for a first web application at a reverse proxy server, the first web application being associated with at least one of the plurality of stored application role mappings; based upon the at least one of the plurality of stored application role mappings, determine a proper first user role for the first web application requested by the user at the reverse proxy server; send the determined first user role as part of a HTTP header to the first web application;
wherein the first web application uses the user role, without doing an independent mapping of the user to a role, to generate a presentation of the first web application suitable for use according to the determined first user role for the first web applicationidentify a tag in code that is included in the presentation of the first web application that refers to a second web application; and insert the second web application into the generated presentation. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium storing a plurality of instructions that cause a processor to:
-
store a plurality of application role mappings, each application role mapping defining an application resource that a web application is allowed to access; receive a request from a user for a first web application at the reverse proxy server, the first web application being associated with at least one of the plurality of stored application role mappings; based upon the at least one of the plurality of stored application role mappings, determine a proper first user role for the first web application requested by the user at the reverse proxy server; send the determined first user role as part of a HTTP header to the first web application; wherein the first web application uses the user role, without doing an independent mapping of the user to a role, to generate a presentation of the first web application suitable for use according to the determined first user role for the first web application; identify a tag in code included in the presentation of the first web application that refers to a second web application; and insert the second web application into the generated presentation. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification