System and method for supporting web services in a multitenant application server environment
First Claim
1. A system for supporting web services in a multitenant application server environment, comprising:
- a microprocessor;
an application server environment, executing on the microprocessor, that includes a plurality of partitions, wherein each partition includes one or more services, a web services inspection language (WSIL) application, and a security information repository for storing security information, wherein the security information comprises key stores, credential stores, keys or certificates for use in authentication and authorization of requests directed to web services in the partition;
a web service security manager that attaches one or more security policies to each of the one or more web services in each partition;
a managed bean server configured to dynamically generate an address for each of the one or more web services in each partition, wherein the managed bean server includes one or more partition-aware managed beans of different scopes, one or more configuration managed beans for generating relative address for web services deployed to a partition, and one or more runtime managed beans for generating context paths for the web services;
wherein the web service security manager operates tointercept a request originating from a client and targeted to a web service in a particular partition,acquire the one or more security policies attached to the web service on the request from a security information repository in the particular partition,execute the one or more security policies attached to the web service on the request,determine that the one or more security policies attached to the web service on the request execute successfully,invoke the WSIL application in the particular partition to retrieve from the managed bean server the address for the web service,deliver the request to the targeted web service using the retrieved address for the web service,receive a response from the web service,apply appropriate security policies to the response,determine that the appropriate security policies execute successfully, andpass the response to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with an embodiment, described herein is a system and method for supporting web services in a multitenant application server environment. The system comprises a domain with a plurality of partitions, wherein each partition can include one or more web services, and a web services inspection language (WSIL) application. A partition-aware managed bean server can include managed beans for generating addresses of web services deployed to each partition, wherein the generated addresses can be retrieved by the WSIL application in that partition for use by clients in accessing the web services. The system can further include a web service security manager that can secure web services in each partition, by attaching security policies to each web service endpoint and enforcing the security policies on requests directed to that web service endpoint.
-
Citations
19 Claims
-
1. A system for supporting web services in a multitenant application server environment, comprising:
-
a microprocessor; an application server environment, executing on the microprocessor, that includes a plurality of partitions, wherein each partition includes one or more services, a web services inspection language (WSIL) application, and a security information repository for storing security information, wherein the security information comprises key stores, credential stores, keys or certificates for use in authentication and authorization of requests directed to web services in the partition; a web service security manager that attaches one or more security policies to each of the one or more web services in each partition; a managed bean server configured to dynamically generate an address for each of the one or more web services in each partition, wherein the managed bean server includes one or more partition-aware managed beans of different scopes, one or more configuration managed beans for generating relative address for web services deployed to a partition, and one or more runtime managed beans for generating context paths for the web services; wherein the web service security manager operates to intercept a request originating from a client and targeted to a web service in a particular partition, acquire the one or more security policies attached to the web service on the request from a security information repository in the particular partition, execute the one or more security policies attached to the web service on the request, determine that the one or more security policies attached to the web service on the request execute successfully, invoke the WSIL application in the particular partition to retrieve from the managed bean server the address for the web service, deliver the request to the targeted web service using the retrieved address for the web service, receive a response from the web service, apply appropriate security policies to the response, determine that the appropriate security policies execute successfully, and pass the response to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for supporting web services in a multitenant application server environment, comprising:
-
providing an application server environment, executing on one or more computers, that includes a plurality of partitions, wherein each partition includes one or more services, a web services inspection language (WSIL) application, and a security information repository for storing security information, wherein the security information comprises key stores, credential stores, keys or certificates for use in authentication and authorization of requests directed to web services in the partition; attaching, via a web service security manager, one or more security policies to each of the one or more web services in each partition; configuring a managed bean server to dynamically generate an address for each of the one or more web services in each partition, wherein the managed bean server includes one or more partition-aware managed beans of different scopes, one or more configuration managed beans for generating relative address for web services deployed to a partition, and one or more runtime managed beans for generating context paths for the web services; wherein the web service security manager operates to perform the steps comprising intercepting a request originating from a client and targeted to a web service in a particular partition and executing the one or more security policies attached to the web service on the request; acquiring the one or more security policies attached to the web service on the request from a security information repository in the particular partition; executing the one or more security policies attached to the web service on the request; determining that the one or more security policies attached to the web service on the request execute successfully; invoking the WSIL application in the particular partition to retrieve from the managed bean server the address for the web service; and delivering the request to the web service using the retrieved address for the web service; receiving a response from the web service, applying appropriate security policies to the response, determining that the appropriate security policies execute successfully, and passing the response to the client. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium, including instructions stored thereon which when read and executed by one or more computers cause the one or more computers to perform the steps comprising:
-
providing an application server environment, executing on one or more computers, that includes a plurality of partitions, wherein each partition includes one or more services, a web services inspection language (WSIL) application, and a security information repository for storing security information, wherein the security information comprises key stores, credential stores, keys or certificates for use in authentication and authorization of requests directed to web services in the partition; attaching, via a web service security manager, one or more security policies to each of the one or more web services in each partition; configuring a managed bean server to dynamically generate an address for each of the one or more web services in each partition, wherein the managed bean server includes one or more partition-aware managed beans of different scopes, one or more configuration managed beans for generating relative address for web services deployed to a partition, and one or more runtime managed beans for generating context paths for the web services; wherein the web service security manager operates to perform the steps comprising intercepting a request originating from a client and targeted to a web service in a particular partition and executing the one or more security policies attached to the web service on the request; acquiring the one or more security policies attached to the web service on the request from a security information repository in the particular partition; executing the one or more security policies attached to the web service on the request; determining that the one or more security policies attached to the web service on the request execute successfully; invoking the WSIL application in the particular partition to retrieve from the managed bean server the address for the web service; and delivering the request to the web service using the retrieved address for the web service; receiving a response from the web service, applying appropriate security policies to the response, determining that the appropriate security policies execute successfully, and passing the response to the client. - View Dependent Claims (16, 17, 18, 19)
-
Specification