Security proxying for end-user applications
First Claim
1. In an end-user application, a method comprising:
- receiving input from an interface, the input soliciting an operation of the end-user application, wherein the end-user application is one of multiple enterprise widgets, limited featured applications that execute on a widget runtime environment on a computing platform of an enterprise, the enterprise widgets available to a user authenticated on the computing platform, the widget runtime environment to execute on the computing platform to provide an execution platform on the computing platform including services shared by the enterprise widgets, each enterprise widget including functionality to access enterprise data from one or more backend servers of the enterprise;
sending, from the end-user application to the widget runtime environment, a request for a service of a backend server that provides the solicited operation, the request having insufficient security information for the backend server to authenticate the application to enable the application to access the requested service, the request to cause the widget runtime environment to use a security proxy on the widget runtime environment to determine that the request from the end-user application is missing required security information for the request, obtain the required security information not included in the request from a security information source separate from the end-user application, and to inject the security information into the request for the service of the backend server in response to determining that the request does not include the required security information and forward the request to the backend server;
receiving the service from the backend server at the end-user application in response to the solicited operation, based on the backend server authenticating the end-user application with the security information injected by the security proxy; and
providing a representation of data associated with the received service in the interface.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatuses enable a service mediator to provide security proxying services to an end-user application requesting a backend service of an enterprise network. The end-user application generates a request for a service of the backend system. The request does not have sufficient security information to enable access to the backend system. The service mediator can detect that one or more items of required security information are not present in the request and injects the necessary security information into the request. The end-user application need not even have access to the security information or even be aware that security information is needed to access the service. The request having the required security information is sent to the backend to enable access to the backend service.
63 Citations
23 Claims
-
1. In an end-user application, a method comprising:
-
receiving input from an interface, the input soliciting an operation of the end-user application, wherein the end-user application is one of multiple enterprise widgets, limited featured applications that execute on a widget runtime environment on a computing platform of an enterprise, the enterprise widgets available to a user authenticated on the computing platform, the widget runtime environment to execute on the computing platform to provide an execution platform on the computing platform including services shared by the enterprise widgets, each enterprise widget including functionality to access enterprise data from one or more backend servers of the enterprise; sending, from the end-user application to the widget runtime environment, a request for a service of a backend server that provides the solicited operation, the request having insufficient security information for the backend server to authenticate the application to enable the application to access the requested service, the request to cause the widget runtime environment to use a security proxy on the widget runtime environment to determine that the request from the end-user application is missing required security information for the request, obtain the required security information not included in the request from a security information source separate from the end-user application, and to inject the security information into the request for the service of the backend server in response to determining that the request does not include the required security information and forward the request to the backend server; receiving the service from the backend server at the end-user application in response to the solicited operation, based on the backend server authenticating the end-user application with the security information injected by the security proxy; and providing a representation of data associated with the received service in the interface. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An article of manufacture comprising a non-signal machine readable storage medium having content stored thereon to provide instructions that cause a machine to perform operations including:
-
receiving input from an interface, the input soliciting an operation of the end-user application, wherein the end-user application is one of multiple enterprise widgets, limited featured applications that execute on a widget runtime environment on a computing platform of an enterprise, the enterprise widgets available to a user authenticated on the computing platform, the widget runtime environment to execute on the computing platform to provide an execution platform on the computing platform including services shared by the enterprise widgets, each enterprise widget including functionality to access enterprise data from one or more backend servers of the enterprise; sending, from the end-user application to the widget runtime environment, a request for a service of a backend server that provides the solicited operation, the request having insufficient security information to access the requested service, the request to cause the widget runtime environment to use a security proxy on the widget runtime environment to determine that the request from the end-user application is missing required security information for the request, obtain the required security information not included in the request from a security information source separate from the end-user application, and to inject the security information into the request for the service of the backend server in response to determining that the request does not include the required security information and forward the request to the backend server; receiving the service from the backend server at the end-user application in response to the solicited operation, based on the backend server authenticating the end-user application with the security information injected by the security proxy; and providing a representation of data associated with the received service in the interface. - View Dependent Claims (7, 8)
-
-
9. In a service mediator that provides services to an end-user application, a method comprising:
-
receiving at the service mediator from an end-user application a request for a service of a backend server, wherein the end-user application is one of multiple enterprise widgets, limited featured applications that execute on a widget runtime environment on a computing platform of an enterprise, the enterprise widgets available to a user authenticated on the computing platform, the widget runtime environment to execute on the computing platform to provide an execution platform on the computing platform including services shared by the enterprise widgets including the service mediator, each enterprise widget including functionality to access enterprise data from one or more backend servers of the enterprise; determining at the widget runtime environment via the service mediator that the request for the service requires security information; determining at the widget runtime environment via the service mediator that the request from the end-user application is missing the required security information; obtaining the required security information not included in the request from a security information source separate from the end-user application; injecting the required security information into the request; and forwarding the request for the service to the backend server to cause the backend server to authenticate the end-user application with the security information injected by the service mediator. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An article of manufacture comprising a non-signal machine readable storage medium having content stored thereon to provide instructions that cause a machine to perform operations including:
-
receiving at the service mediator from an end-user application a request for a service of a backend server, wherein the end-user application is one of multiple enterprise widgets, limited featured applications that execute on a widget runtime environment on a computing platform of an enterprise, the enterprise widgets available to a user authenticated on the computing platform, the widget runtime environment to execute on the computing platform to provide an execution platform on the computing platform including services shared by the enterprise widgets including the service mediator, each enterprise widget including functionality to access enterprise data from one or more backend servers of the enterprise; determining at the widget runtime environment via the service mediator that the request for the service requires security information; determining at the widget runtime environment via the service mediator that the request from the end-user application is missing the required security information; obtaining the required security information not included in the request from a security information source separate from the end-user application; injecting the required security information into the request; and forwarding the request for the service to the backend server to cause the backend server to authenticate the end-user application with the security information injected by the service mediator. - View Dependent Claims (18, 19)
-
-
20. A system comprising:
-
an end-user application operating out of memory, the end-user application to generate a request for a backend service, the request lacking security information required to access the backend service, wherein the end-user application is one of multiple enterprise widgets, limited featured applications that execute on a widget runtime environment on a computing platform of an enterprise, the enterprise widgets available to a user authenticated on the computing platform, the widget runtime environment to execute on the computing platform to provide an execution platform on the computing platform including services shared by the enterprise widgets, each enterprise widget including functionality to access enterprise data from one or more backend servers of the enterprise; and a security proxy on the widget runtime environment coupled to the end-user application to obtain the request, determine that the request from the end-user application does not include required security information for the request, obtain the required security information not included in the request from a security information source separate from the end-user application, and inject the security information into the request in response to determining that the request does not include the required security information to authenticate the end-user application based on the security information injected by the security proxy to enable the end-user application to access the backend service. - View Dependent Claims (21, 22, 23)
-
Specification