System and method for supporting web services in a multitenant application server environment

US 9,807,119 B2
Filed: 09/25/2015
Issued: 10/31/2017
Est. Priority Date: 01/21/2014
Status: Active Grant

First Claim

Patent Images

1. A system for supporting web services in a multitenant application server environment, comprising:

a microprocessor;

an application server environment, executing on the microprocessor, that includes a plurality of partitions, wherein each partition includes one or more services, a web services inspection language (WSIL) application, and a security information repository for storing security information, wherein the security information comprises key stores, credential stores, keys or certificates for use in authentication and authorization of requests directed to web services in the partition;

a web service security manager that attaches one or more security policies to each of the one or more web services in each partition;

a managed bean server configured to dynamically generate an address for each of the one or more web services in each partition, wherein the managed bean server includes one or more partition-aware managed beans of different scopes, one or more configuration managed beans for generating relative address for web services deployed to a partition, and one or more runtime managed beans for generating context paths for the web services;

wherein the web service security manager operates tointercept a request originating from a client and targeted to a web service in a particular partition,acquire the one or more security policies attached to the web service on the request from a security information repository in the particular partition,execute the one or more security policies attached to the web service on the request,determine that the one or more security policies attached to the web service on the request execute successfully,invoke the WSIL application in the particular partition to retrieve from the managed bean server the address for the web service,deliver the request to the targeted web service using the retrieved address for the web service,receive a response from the web service,apply appropriate security policies to the response,determine that the appropriate security policies execute successfully, andpass the response to the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with an embodiment, described herein is a system and method for supporting web services in a multitenant application server environment. The system comprises a domain with a plurality of partitions, wherein each partition can include one or more web services, and a web services inspection language (WSIL) application. A partition-aware managed bean server can include managed beans for generating addresses of web services deployed to each partition, wherein the generated addresses can be retrieved by the WSIL application in that partition for use by clients in accessing the web services. The system can further include a web service security manager that can secure web services in each partition, by attaching security policies to each web service endpoint and enforcing the security policies on requests directed to that web service endpoint.

Citations

19 Claims

1. A system for supporting web services in a multitenant application server environment, comprising:
- a microprocessor;
  
  an application server environment, executing on the microprocessor, that includes a plurality of partitions, wherein each partition includes one or more services, a web services inspection language (WSIL) application, and a security information repository for storing security information, wherein the security information comprises key stores, credential stores, keys or certificates for use in authentication and authorization of requests directed to web services in the partition;
  
  a web service security manager that attaches one or more security policies to each of the one or more web services in each partition;
  
  a managed bean server configured to dynamically generate an address for each of the one or more web services in each partition, wherein the managed bean server includes one or more partition-aware managed beans of different scopes, one or more configuration managed beans for generating relative address for web services deployed to a partition, and one or more runtime managed beans for generating context paths for the web services;
  
  wherein the web service security manager operates tointercept a request originating from a client and targeted to a web service in a particular partition,acquire the one or more security policies attached to the web service on the request from a security information repository in the particular partition,execute the one or more security policies attached to the web service on the request,determine that the one or more security policies attached to the web service on the request execute successfully,invoke the WSIL application in the particular partition to retrieve from the managed bean server the address for the web service,deliver the request to the targeted web service using the retrieved address for the web service,receive a response from the web service,apply appropriate security policies to the response,determine that the appropriate security policies execute successfully, andpass the response to the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the configuration managed beans generate the relative addresses for the web services using information from a web service deployment descriptor.
  - 3. The system of claim 1, further comprising:
    - an application programming interface (API) for use in accessing the management beans on the managed bean server.
  - 4. The system of claim 1, further comprising:
    - one or more internal applications that support web service implementations, where the one or more internal applications are deployed to each partition.
  - 5. The system of claim 4, wherein the one or more internal applications includes a test page application and a web service atomic transaction application.
  - 6. The system of claim 1, wherein each of the one or more security policies attached to the web servicerepresents an assertion on security, reliable messaging, management, or addressing, andis created and stored in a domain-level security policy storage, or in a partition-scoped security policy storage.
  - 7. The system of claim 6,wherein the web service security manager includes a security agent and a policy manager for each partition,wherein each policy manager communicates with a security policy storage to retrieve security policies, andwherein each security agent connects to the policy manager in the partition, to download and cache a latest version of the security policies retrieved from the security policy storage.

8. A method for supporting web services in a multitenant application server environment, comprising:
- providing an application server environment, executing on one or more computers, that includes a plurality of partitions, wherein each partition includes one or more services, a web services inspection language (WSIL) application, and a security information repository for storing security information, wherein the security information comprises key stores, credential stores, keys or certificates for use in authentication and authorization of requests directed to web services in the partition;
  
  attaching, via a web service security manager, one or more security policies to each of the one or more web services in each partition;
  
  configuring a managed bean server to dynamically generate an address for each of the one or more web services in each partition, wherein the managed bean server includes one or more partition-aware managed beans of different scopes, one or more configuration managed beans for generating relative address for web services deployed to a partition, and one or more runtime managed beans for generating context paths for the web services;
  
  wherein the web service security manager operates to perform the steps comprisingintercepting a request originating from a client and targeted to a web service in a particular partition and executing the one or more security policies attached to the web service on the request;
  
  acquiring the one or more security policies attached to the web service on the request from a security information repository in the particular partition;
  
  executing the one or more security policies attached to the web service on the request;
  
  determining that the one or more security policies attached to the web service on the request execute successfully;
  
  invoking the WSIL application in the particular partition to retrieve from the managed bean server the address for the web service; and
  
  delivering the request to the web service using the retrieved address for the web service;
  
  receiving a response from the web service,applying appropriate security policies to the response,determining that the appropriate security policies execute successfully, andpassing the response to the client.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the configuration managed beans generate the relative addresses for web services using information from a deployment descriptor.
  - 10. The method of claim 8, further comprising:
    - providing an application programming interface (API) for accessing the management beans on the managed bean server.
  - 11. The method of claim 8, further comprising:
    - deploying one or more internal applications that support web service implementations, to each partition.
  - 12. The method of claim 11, wherein the one or more internal applications includes a test page application and a web service atomic transaction application.
  - 13. The method of claim 8, wherein each of the one or more security policies attached to the web servicerepresents an assertion on security, reliable messaging, management, or addressing, andis created and stored in a domain-level security policy storage, or in a partition-scoped security policy storage.
  - 14. The method of claim 13,wherein the web service security manager includes a security agent and a policy manager for each partition,wherein each policy manager communicates with a security policy storage to retrieve security policies, andwherein each security agent connects to the policy manager in the partition, to download and cache a latest version of the security policies retrieved from the security policy storage.

15. A non-transitory computer readable storage medium, including instructions stored thereon which when read and executed by one or more computers cause the one or more computers to perform the steps comprising:
- providing an application server environment, executing on one or more computers, that includes a plurality of partitions, wherein each partition includes one or more services, a web services inspection language (WSIL) application, and a security information repository for storing security information, wherein the security information comprises key stores, credential stores, keys or certificates for use in authentication and authorization of requests directed to web services in the partition;
  
  attaching, via a web service security manager, one or more security policies to each of the one or more web services in each partition;
  
  configuring a managed bean server to dynamically generate an address for each of the one or more web services in each partition, wherein the managed bean server includes one or more partition-aware managed beans of different scopes, one or more configuration managed beans for generating relative address for web services deployed to a partition, and one or more runtime managed beans for generating context paths for the web services;
  
  wherein the web service security manager operates to perform the steps comprisingintercepting a request originating from a client and targeted to a web service in a particular partition and executing the one or more security policies attached to the web service on the request;
  
  acquiring the one or more security policies attached to the web service on the request from a security information repository in the particular partition;
  
  executing the one or more security policies attached to the web service on the request;
  
  determining that the one or more security policies attached to the web service on the request execute successfully;
  
  invoking the WSIL application in the particular partition to retrieve from the managed bean server the address for the web service; and
  
  delivering the request to the web service using the retrieved address for the web service;
  
  receiving a response from the web service,applying appropriate security policies to the response,determining that the appropriate security policies execute successfully, andpassing the response to the client.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The non-transitory computer readable storage medium of claim 15, wherein the configuration managed beans generate the relative addresses for the web services using information from a web service deployment descriptor.
  - 17. The non-transitory computer readable storage medium of claim 15, further comprising:
    - providing an application programming interface (API) for use in accessing the management beans on the managed bean server.
  - 18. The non-transitory computer readable storage medium of claim 15, further comprising:
    - providing one or more internal applications that support web service implementations, where the one or more internal applications are deployed to each partition.
  - 19. The non-transitory computer readable storage medium of claim 15, wherein each of the one or more security policies attached to the web servicerepresents an assertion on security, reliable messaging, management, or addressing, andis created and stored in a domain-level security policy storage, or in a partition-scoped security policy storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Watson, Tim, Zhang, Guoyong, Chen, Michael, Mullendore, Alan, Desai, Arjav, Naugle, Bob, Gilbode, Mike
Primary Examiner(s)
Okeke, Izunna
Assistant Examiner(s)
Song, Hee

Application Number

US14/866,591
Publication Number

US 20160094582A1
Time in Patent Office

767 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/0273   using web services for netw...

H04L 41/20   Network management software...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

System and method for supporting web services in a multitenant application server environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for supporting web services in a multitenant application server environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links