System and method for dynamic security configuration in a multitenant application server environment
First Claim
1. A system for supporting dynamic security configuration in a multitenant application server environment, comprising:
- one or more computers, including an application server environment executing thereon, and a domain for execution of software applications;
wherein the application server environment provides a plurality of partitions,wherein each partition provides an administrative and runtime subdivision of the domain, that can be associated with a tenant, andwherein the application server environment provides a plurality of realms associated with the plurality of partitions, including that each particular partition is associated with a particular security realm that is used with the particular partition and associated with one or more attributes; and
wherein the system enables configuration changes to be made for partition level security, by associating one or more listeners with the attributes of the security realm, that detect changes to the attributes, wherein each listener listens for changes to a specific attribute, and whereupon changes to the attributes being detected for the particular partition, a determination is made whether to restart one or both of the security realm associated with the particular partition, or a server hosting the particular partition, including;
upon determining that the changes to the attributes are all dynamic changes, then applying the changes to the security realm for the particular partition, without restarting either the security realm associated with the particular partition or the server hosting the particular partition; and
upon a particular listener determining an associated attribute change is non-dynamic, then directing the system whether to restart one or both of;
(a) the security realm associated with the particular partition, or(b) the server hosting the particular partition,to apply the attribute change, and cause the particular partition to be restarted with the changed attributes.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with an embodiment, described herein is a system and method for supporting dynamic security configuration in a multitenant application server environment. Common configuration changes required for partition level security can be made without requiring a server restart, such as for example, adding a new security realm for a partition; deleting an existing realm; changing the configuration on an existing realm; adding or removing a security provider to a realm; or changing the configuration of a security provider. In accordance with an embodiment, also described herein is a system and method for supporting dynamic reconfiguration in a multitenant application server environment. Attributes of partition management components, for example managed beans (MBeans) and child MBeans contained within a partition, can be made dynamic and annotated accordingly, so that a restart of servers is not required for configuration changes to those attributes for a particular partition.
20 Citations
20 Claims
-
1. A system for supporting dynamic security configuration in a multitenant application server environment, comprising:
-
one or more computers, including an application server environment executing thereon, and a domain for execution of software applications; wherein the application server environment provides a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of the domain, that can be associated with a tenant, and wherein the application server environment provides a plurality of realms associated with the plurality of partitions, including that each particular partition is associated with a particular security realm that is used with the particular partition and associated with one or more attributes; and wherein the system enables configuration changes to be made for partition level security, by associating one or more listeners with the attributes of the security realm, that detect changes to the attributes, wherein each listener listens for changes to a specific attribute, and whereupon changes to the attributes being detected for the particular partition, a determination is made whether to restart one or both of the security realm associated with the particular partition, or a server hosting the particular partition, including; upon determining that the changes to the attributes are all dynamic changes, then applying the changes to the security realm for the particular partition, without restarting either the security realm associated with the particular partition or the server hosting the particular partition; and upon a particular listener determining an associated attribute change is non-dynamic, then directing the system whether to restart one or both of; (a) the security realm associated with the particular partition, or (b) the server hosting the particular partition, to apply the attribute change, and cause the particular partition to be restarted with the changed attributes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for supporting dynamic security configuration in a multitenant application server environment, comprising:
-
providing, at one or more computers, including an application server environment executing thereon, a domain for execution of software applications; and a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of the domain, that can be associated with a tenant, and wherein the application server environment provides a plurality of realms associated with the plurality of partitions, including that each particular partition is associated with a particular security realm that is used with the particular partition and associated with one or more attributes; and wherein configuration changes for partition level security are made, by associating one or more listeners with the attributes of the security realm, that detect changes to the attributes, wherein each listener listens for changes to a specific attribute, and whereupon changes to the attributes being detected for the particular partition, a determination is made whether to restart one or both of the security realm associated with the particular partition, or a server hosting the particular partition, including; upon determining that the changes to the attributes are all dynamic changes, then applying the changes to the security realm for the particular partition, without restarting either the security realm associated with the particular partition or the server hosting the particular partition; and upon a particular listener determining an associated attribute change is non-dynamic, then directing whether one or both of; (a) the security realm associated with the particular partition, or (b) the server hosting the particular partition, is to be restarted, to apply the attribute change, and cause the particular partition to be restarted with the changed attributes. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable storage medium, including instructions stored thereon which when read and executed by one or more computers cause the one or more computers to perform the steps comprising:
-
providing an application server environment, together with a domain for execution of software applications; and a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of the domain, that can be associated with a tenant, and wherein the application server environment provides a plurality of realms associated with the plurality of partitions, including that each particular partition is associated with a particular security realm that is used with the particular partition and associated with one or more attributes; and wherein configuration changes for partition level security are made, by associating one or more listeners with the attributes of the security realm, that detect changes to the attributes, wherein each listener listens for changes to a specific attribute, and whereupon changes to the attributes being detected for the particular partition, a determination is made whether to restart one or both of the security realm associated with the particular partition, or the server hosting the particular partition, including; upon determining that the changes to the attributes are all dynamic changes, then applying the changes to the security realm for the particular partition, without restarting either the security realm associated with the particular partition or a server hosting the particular partition; and upon a particular listener determining an associated attribute change is non-dynamic, then directing whether one or both of; (a) the security realm associated with the particular partition, or (b) the server hosting the particular partition, is to be restarted, to apply the attribute change, and cause the particular partition to be restarted with the changed attributes. - View Dependent Claims (18, 19, 20)
-
Specification