Securing asynchronous client server transactions
First Claim
1. A computer usable program product comprising a computer usable storage device including computer usable code for securing asynchronous client server transactions, the computer usable code comprising:
- computer usable code for receiving a request at a first application executing in a data processing system, the request including an application identifier and a version associated with a second application;
computer usable code for generating a service identifier responsive to a session with the second application being valid;
computer usable code for generating a registry at the first application, the registry including information about a set of services and data that the second application is permitted to use;
computer usable code for sending the service identifier and information from the registry to the second application;
computer usable code for receiving a sub-request, the sub-request being a part of an asynchronous client server transaction, the sub-request including the service identifier;
computer usable code for determining a validity of the sub-request by determining whether the service identifier has expired; and
computer usable code for providing, responsive to the sub-request being valid, the service in response to the sub-request.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, and computer usable program product for securing asynchronous client server transactions are provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.
-
Citations
14 Claims
-
1. A computer usable program product comprising a computer usable storage device including computer usable code for securing asynchronous client server transactions, the computer usable code comprising:
-
computer usable code for receiving a request at a first application executing in a data processing system, the request including an application identifier and a version associated with a second application; computer usable code for generating a service identifier responsive to a session with the second application being valid; computer usable code for generating a registry at the first application, the registry including information about a set of services and data that the second application is permitted to use; computer usable code for sending the service identifier and information from the registry to the second application; computer usable code for receiving a sub-request, the sub-request being a part of an asynchronous client server transaction, the sub-request including the service identifier; computer usable code for determining a validity of the sub-request by determining whether the service identifier has expired; and computer usable code for providing, responsive to the sub-request being valid, the service in response to the sub-request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A data processing system for securing asynchronous client server transactions, the data processing system comprising:
-
a storage device including a storage medium, wherein the storage device stores computer usable program code; and a processor, wherein the processor executes the computer usable program code, and wherein the computer usable program code comprises; computer usable code for receiving, from a first application, at a second application executing in a data processing system, a service identifier and a catalog responsive to sending an application identifier and an application version associated with the second application, the catalog including a transformed subset of a registry associated with the first application; computer usable code for dynamically constructing a sub-request, the sub-request being a part of an asynchronous client server transaction, the sub-request including the service identifier, and the sub-request further including a request for a service from the catalog, wherein a validity of the sub-request is determinable by determining whether the sub-request requests a service that is permissible according to the catalog; and computer usable code for receiving, responsive to the sub-request being valid according to the first application, data associated with the service. - View Dependent Claims (13, 14)
-
Specification