External platform extensions in a multi-tenant environment

US 9,294,482 B2
Filed: 09/03/2013
Issued: 03/22/2016
Est. Priority Date: 07/25/2013
Status: Active Grant

First Claim

Patent Images

1. A method of enforcing access control of features in a multi-tenant cloud environment, the method comprising:

reading a file schema that defines an element, a child element, and an attribute;

defining, in a config file that is compatible with the file schema that is read, a service access rule for a feature of a service in a multi-tenant cloud environment, the defining using the element, the child element, and the attribute;

delivering a copy of the config file in which the service access rule is defined;

allowing editing the delivered copy of the config file to define a service access of the feature;

determining, using a processor operatively coupled with a memory, changes to the delivered copy of the config file made during editing, to create a delta file;

packaging the created delta file in an archive that is included in a shared library of class files;

merging the delta file with the config file, in which the service access rule is defined, to create an executable code config file having the feature for the service;

reading, by the service, the executable code config file that is created by merging the delta file with the config file;

initializing objects for the service with the feature using the executable code config file that is read; and

instantiating objects for the feature of the service using the executable code config file that is read.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are described for allowing third party developers to add extensions to a cloud service provider'"'"'s software as a service (SaaS) services by editing an ‘empty’ config file according to a schema provided by the cloud service provider to form a delta file and then merging the delta file with an internal, full version of the config file. The full config file is then used to initialize and instantiate objects upon a restart of the cloud provider'"'"'s services.

Citations

20 Claims

1. A method of enforcing access control of features in a multi-tenant cloud environment, the method comprising:
- reading a file schema that defines an element, a child element, and an attribute;
  
  defining, in a config file that is compatible with the file schema that is read, a service access rule for a feature of a service in a multi-tenant cloud environment, the defining using the element, the child element, and the attribute;
  
  delivering a copy of the config file in which the service access rule is defined;
  
  allowing editing the delivered copy of the config file to define a service access of the feature;
  
  determining, using a processor operatively coupled with a memory, changes to the delivered copy of the config file made during editing, to create a delta file;
  
  packaging the created delta file in an archive that is included in a shared library of class files;
  
  merging the delta file with the config file, in which the service access rule is defined, to create an executable code config file having the feature for the service;
  
  reading, by the service, the executable code config file that is created by merging the delta file with the config file;
  
  initializing objects for the service with the feature using the executable code config file that is read; and
  
  instantiating objects for the feature of the service using the executable code config file that is read.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 19, 20)
- - 2. The method of claim 1 wherein the delivered copy of the config file has no child elements.
  - 3. The method of claim 1 wherein the determining changes to the delivered copy of the config file includes tracking one or more changes during editing.
  - 4. The method of claim 1 wherein the determining changes to the delivered copy of the config file includes comparing a pre-edited version of the delivered copy of the config file before the editing and a post-edited version of the delivered copy of the config file after the editing.
  - 5. The method of claim 1 wherein the changes to the copy of the config file are determined by ignoring blank lines, remarks, or a combination thereof.
  - 6. The method of claim 1 wherein the archive includes a Mozilla archive (MAR) file.
  - 7. The method of claim 1 wherein the merging includes inserting contents of the delta file into the config file.
  - 8. The method of claim 1 wherein the shared library is within a metadata services (MDS) customization file.
  - 9. The method of claim 1 wherein the file schema includes an extensible markup language (XML) schema, and wherein the config file conforms to the XML schema.
  - 10. The method of claim 1 wherein the copy of the config file is in an Application Development Framework (ADF) library jar file.
  - 11. The method of claim 1 further comprising:
    - creating the file schema that defines the element, the child element, and the attribute.
  - 12. The method of claim 1 further comprising:
    - editing the delivered copy of the config file to define the service access of the feature.
  - 13. The method of claim 1 wherein the objects for the feature of the service using the executable code config file are instantiated such that multiple tenants in the multi-tenant cloud environment can access the feature of the service.
  - 14. The method of claim 1 wherein the service includes a Java service.
  - 15. The method of claim 1 wherein operations of the method are performed according to an order of elements as shown in the method.
  - 19. The method of claim 1, wherein the delta file includes a configuration for the service access of the feature, wherein the executable code config file includes the configuration by merging the delta file with the config file, and wherein the objects are instantiated using the configuration read from the executable code config file.
  - 20. The method of claim 19, further comprising:
    - detecting an error reading the configuration from the executable code config file; and
      
      upon detecting the error, preventing the configuration from being read from the executable code config file;
      
      wherein the objects for the feature of the service are instantiated without using the configuration that is prevented from being read from the executable code config file.

16. A non-transitory machine-readable tangible medium embodying information indicative of instructions for causing one or more machines to perform operations comprising:
- reading a file schema that defines an element, a child element, and an attribute;
  
  defining, in a config file that is compatible with the file schema that is read, a service access rule for a feature of a service in a multi-tenant cloud environment, the defining using the element, the child element, and the attribute;
  
  delivering a copy of the config file in which the service access rule is defined;
  
  allowing editing the delivered copy of the config file to define a service access of the feature;
  
  determining changes to the delivered copy of the config file made during editing to create a delta file;
  
  packaging the created delta file in an archive that is included in a shared library of class files;
  
  merging the delta file with the config file, in which the service access rule is defined, to create an executable code config file having the feature for the service;
  
  reading, by the service, the executable code config file that is created by merging the delta file with the config file;
  
  initializing objects for the service with the feature using the executable code config file that is read; and
  
  instantiating objects for the feature of the service using the executable code config file that is read.
- View Dependent Claims (17)
- - 17. The non-transitory machine-readable tangible medium of claim 16 wherein the delivered copy of the config file has no child elements.

18. A computer system executing instructions, the computer system comprising:
- at least one processor; and
  
  a memory operatively coupled with the at least one processor, the at least one processor executing computer code stored in the memory for;
  
  reading a file schema that defines an element, a child element, and an attribute;
  
  defining, in a config file that is compatible with the file schema that is read, a service access rule for a feature of a service in a multi-tenant cloud environment, the defining using the element, the child element, and the attribute;
  
  delivering a copy of the config file in which the service access rule is defined;
  
  allowing editing the delivered copy of the config file to define a service access of the feature;
  
  determining changes to the delivered copy of the config file made during editing to create a delta file;
  
  packaging the created delta file in an archive that is included in a shared library of class files;
  
  merging the delta file with the config file, in which the service access rule is defined, to create an executable code config file having the feature for the service;
  
  reading, by the service, the executable code config file that is created by merging the delta file with the config file;
  
  initializing objects for the service with the feature using the executable code config file that is read; and
  
  instantiating objects for the feature of the service using the executable code config file that is read.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Mellor, David R.
Primary Examiner(s)
Dao, Thuy
Assistant Examiner(s)
BERMAN, STEPHEN DAVID

Application Number

US14/016,582
Publication Number

US 20150033217A1
Time in Patent Office

931 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 16/113   Details of archiving lifecy...

G06F 16/1756   based on delta files

G06F 16/211   Schema design and management

G06F 16/83   Querying

G06F 21/604   Tools and structures for ma...

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 8/65   Updates security arrangemen...

G06F 8/658   Incremental updates; Differ...

G06F 8/71   Version control security ar...

G06F 9/44505   Configuring for program ini...

H04L 41/0803   Configuration setting

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 67/1001   for accessing one among a p...

External platform extensions in a multi-tenant environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

External platform extensions in a multi-tenant environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links