User impersonation and authentication
First Claim
Patent Images
1. A computer-implemented method for accessing a resource, the method comprising:
- receiving a first identifier and a second identifier that uniquely identify a first user and a second user declared in a computer system, respectively, the first user being different from the second user;
authenticating the first user;
generating a user session object comprising the first identifier, the second identifier, and a session object identifier;
receiving a request to modify the resource from the first user;
determining whether the second user is authorized to modify the resource;
preventing the first user from modifying the resource responsive to a determination that the second user is not authorized to modify the resource;
responsive to a determination that the second user is authorized to modify the resource;
determining whether a lock object is associated with the resource, the lock object for preventing concurrent modification of the resource by more than one user, the lock object comprising a lock object session identifier, a lock object first identifier, and a lock object second identifier;
responsive to a determination that the lock object is not associated with the resource, generating a lock object, storing the session object identifier, the first identifier, and the second identifier as the lock object session identifier, the lock object first identifier, and the lock object second identifier, respectively, and assigning the generated lock object to the first user;
responsive to a determination that a lock object is already associated with the resource;
determining whether the lock object is owned by any user;
responsive a determination that the lock object is not owned, assigning the lock object to the first user and storing the session object identifier, the first identifier, and the second identifier as the lock object session identifier, the lock object first identifier, and the lock object second identifier, respectively;
responsive to a determination that the lock object is owned, determining whether a first set of criteria is satisfied for assigning the lock object to the first user; and
responsive to a determination that the first set of criteria is satisfied, providing the first user with a capability to acquire the lock object.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and computer program products for modifying a resource by an authenticated user impersonating another user. In one embodiment of the invention, a lock may be acquired on the resource to be modified, storing the identity of the authenticated user and the identity of the impersonated user inside the lock object, and generating a message indicating that the lock was acquired successfully by the authenticated user impersonating another user.
43 Citations
17 Claims
-
1. A computer-implemented method for accessing a resource, the method comprising:
-
receiving a first identifier and a second identifier that uniquely identify a first user and a second user declared in a computer system, respectively, the first user being different from the second user; authenticating the first user; generating a user session object comprising the first identifier, the second identifier, and a session object identifier; receiving a request to modify the resource from the first user; determining whether the second user is authorized to modify the resource; preventing the first user from modifying the resource responsive to a determination that the second user is not authorized to modify the resource; responsive to a determination that the second user is authorized to modify the resource; determining whether a lock object is associated with the resource, the lock object for preventing concurrent modification of the resource by more than one user, the lock object comprising a lock object session identifier, a lock object first identifier, and a lock object second identifier; responsive to a determination that the lock object is not associated with the resource, generating a lock object, storing the session object identifier, the first identifier, and the second identifier as the lock object session identifier, the lock object first identifier, and the lock object second identifier, respectively, and assigning the generated lock object to the first user; responsive to a determination that a lock object is already associated with the resource; determining whether the lock object is owned by any user; responsive a determination that the lock object is not owned, assigning the lock object to the first user and storing the session object identifier, the first identifier, and the second identifier as the lock object session identifier, the lock object first identifier, and the lock object second identifier, respectively; responsive to a determination that the lock object is owned, determining whether a first set of criteria is satisfied for assigning the lock object to the first user; and responsive to a determination that the first set of criteria is satisfied, providing the first user with a capability to acquire the lock object. - View Dependent Claims (2, 3, 10, 11, 12, 13)
-
-
4. A computer program product stored on a non-transitory computer readable medium, the computer readable medium comprising computer program instructions for accessing a resource, the computer program instructions comprising:
-
computer program instructions for receiving a first identifier and a second identifier that uniquely identify a first user and a second user declared in a computer system, respectively, the first user being different from the second user; computer program instructions for authenticating the first user; computer program instructions for generating a user session object comprising the first identifier, the second identifier, and a session object identifier; computer program instructions for receiving a request to modify the resource from the first user; computer program instructions for preventing the first user from modifying the resource responsive to a determination that the second user is not authorized to modify the resource; responsive to a determination the second user is authorized to modify the resource; computer program instructions for determining whether a lock object is associated with the resource, the lock object for preventing concurrent modification of the resource by more than one user, the lock object comprising a lock object session identifier, a lock object first identifier, and a lock object second identifier; computer program instructions for, responsive to a determination that the lock object is not associated with the resource, generating a lock object, storing the session object identifier, the first identifier, and the second identifier as the lock object session identifier, the lock object first identifier, and the lock object second identifier, respectively, and assigning the generated lock object to the first user; responsive to a determination that a lock object is associated with the resource; computer program instructions for determining whether the lock object is owned by any user; computer program instructions for, responsive to a determination that the lock object is not owned, assigning the lock object to the first user and storing the session object identifier, the first identifier, and the second identifier as the lock object session identifier, the lock object first identifier, and the lock object second identifier, respectively; computer program instructions for, responsive to a determination that the lock object is owned, determining whether a first set of criteria for assigning the lock object to the first user is satisfied; and computer program instructions for, responsive to a determination that the first set of criteria is satisfied, providing the first user with a capability to acquire the lock object. - View Dependent Claims (5, 6)
-
-
7. A system for permitting access to a resource, the system comprising:
-
one or more processors; a memory operatively coupled to the one or more processors; one or more nonvolatile storage devices accessible by the one or more processors; and an authentication and authorization tool for permitting a first user to access the resource, the authentication and authorization tool comprising computer program instructions that upon execution by at least one of the one or more processors cause the system to perform steps comprising; receiving a first identifier and a second identifier that uniquely identify a first and second user declared in the computer system, respectively, the first user being different from the second user; authenticating the first user; generating a user session object comprising the first identifier, the second identifier, and a session object identifier; receiving a request to modify the resource from the first user; determining whether the second user is authorized to modify the resource; preventing the first user from modifying the resource responsive to a determination that the second user is not authorized to modify the resource; responsive to a determination that the second user is authorized to modify the resource; determining whether a lock object is associated with the resource, the lock object for preventing concurrent modification of the resource by more than one user, and comprising a lock object session identifier, a lock object first identifier, and a lock object second identifier; responsive to a determination that the lock object is not associated with the resource, generating a first user lock object, storing the session object identifier, the first identifier, and the second identifier as the lock object session identifier, the lock object first identifier, and the lock object second identifier, respectively, and assigning the generated lock object to the first user; responsive to a determination that a lock object is associated with the resource; determining whether the lock object is owned by any user; responsive to a determination that the lock object is not owned, assigning the lock object to the first user and storing the session object identifier, the first identifier, and the second identifier as the lock object session identifier, the lock object first identifier, and the lock object second identifier, respectively; responsive to a determination that the lock object is owned, determining whether a first set of criteria for assigning the lock object to the first user is satisfied; and responsive to a determination that the first set of criteria is satisfied, providing the first user with a capability to acquire the lock object. - View Dependent Claims (8, 9, 14, 15, 16, 17)
-
Specification