Managing Web Single Sign-On Applications

US 20100083361A1
Filed: 09/29/2008
Published: 04/01/2010
Est. Priority Date: 09/29/2008
Status: Active Grant

First Claim

Patent Images

1. A method of managing a web single sign-on (SSO) application with a common set of uniform resource locators (URLs), comprising:

defining a first servlet mapping including a description of a protected URL resource pattern;

defining a second servlet mapping including a description of an unprotected URL resource pattern;

determining display logic support to establish if display logic of the web SSO application supports both the first servlet mapping and the second servlet mapping;

configuring the display logic of the web SSO application based on the determination;

defining an intercepting filter configured to review a received request for a resource, to determine if a source issuing the request is an authorized source, and redirecting the requesting source to a protected URL resource pattern for the requested resource if the source is an unauthorized source; and

registering URL patterns for the common set of URLs in the intercepting filter, the URL patterns including definitions of the protected URL resource pattern and the unprotected URL resource pattern.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of managing a web single sign-on (SSO) application with a common set of uniform resource locators (URLs) includes defining a first servlet mapping including a description of a protected URL resource pattern, defining a second servlet mapping including a description of an unprotected URL resource pattern, determining display logic support to establish if display logic of the web SSO application supports both the first servlet mapping and the second servlet mapping, configuring the display logic of the web SSO application based on the determination, defining an intercepting filter, and registering URL patterns for the common set of URLs in the intercepting filter, the URL patterns including definitions of the protected URL resource pattern and the unprotected URL resource pattern.

22 Citations

View as Search Results

20 Claims

1. A method of managing a web single sign-on (SSO) application with a common set of uniform resource locators (URLs), comprising:
- defining a first servlet mapping including a description of a protected URL resource pattern;
  
  defining a second servlet mapping including a description of an unprotected URL resource pattern;
  
  determining display logic support to establish if display logic of the web SSO application supports both the first servlet mapping and the second servlet mapping;
  
  configuring the display logic of the web SSO application based on the determination;
  
  defining an intercepting filter configured to review a received request for a resource, to determine if a source issuing the request is an authorized source, and redirecting the requesting source to a protected URL resource pattern for the requested resource if the source is an unauthorized source; and
  
  registering URL patterns for the common set of URLs in the intercepting filter, the URL patterns including definitions of the protected URL resource pattern and the unprotected URL resource pattern.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - receiving a request for a resource, the request identifying one of at least two URLs of the common set of URLs, wherein,the at least two URLs include the protected URL resource pattern and the unprotected URL resource pattern,the protected URL resource pattern identifies the requested resource as a protected resource, andthe unprotected URL resource pattern identifies the requested resource as an unprotected resource;
      
      determining if the requested resource is protected based on the received request;
      
      determining if a source requesting the resource is an authenticated source based on a set of received credentials and the received request; and
      
      transmitting a request for the requested resource if the source requesting the resource is an authenticated source.
  - 3. The method of claim 2, further comprising:
    - transmitting the request for the requested resource if the requested resource is determined to be an unprotected resource.
  - 4. The method of claim 2, further comprising:
    - transmitting a request for a set of authorization credentials from the source generating the request for the resource.
  - 5. The method of claim 4, further comprising:
    - receiving the requested set of authorization credentials from the source generating the request for the resource; and
      
      determining if the source is an authorized source based on the set of authorization credentials.
  - 6. The method of claim 5, further comprising refusing access to the requested resource if the source is an unauthorized source.
  - 7. The method of claim 2, further comprising refusing access to the requested resource if the source is an unauthorized source.
  - 8. The method of claim 2, wherein the source generating the request is a user of a web browser, the requested resource is included in a web application of an online system, and the web SSO application is separate from the web browser and the web application.

9. A computer program product including a computer usable medium having computer executable instructions embodied therewith that, when executed on a computer apparatus, carry out a method of managing a web single sign-on (SSO) application with a common set of uniform resource locators (URLs), the method comprising:
- defining a first servlet mapping including a description of a protected URL resource pattern;
  
  defining a second servlet mapping including a description of an unprotected URL resource pattern;
  
  determining display logic support to establish if display logic of the web SSO application supports both the first servlet mapping and the second servlet mapping;
  
  configuring the display logic of the web SSO application based on the determination;
  
  defining an intercepting filter configured to review a received request for a resource, to determine if a source issuing the request is an authorized source, and redirecting the requesting source to a protected URL resource pattern for the requested resource if the source is an unauthorized source; and
  
  registering URL patterns for the common set of URLs in the intercepting filter, the URL patterns including definitions of the protected URL resource pattern and the unprotected URL resource pattern.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer program product of claim 9, wherein the method further comprising:
    - receiving a request for a resource, the request identifying one of at least two URLs of the common set of URLs, wherein,the at least two URLs include the protected URL resource pattern and the unprotected URL resource pattern,the protected URL resource pattern identifies the requested resource as a protected resource, andthe unprotected URL resource pattern identifies the requested resource as an unprotected resource;
      
      determining if the requested resource is protected based on the received request;
      
      determining if a source requesting the resource is an authenticated source based on a set of received credentials and the received request; and
      
      transmitting a request for the requested resource if the source requesting the resource is an authenticated source.
  - 11. The computer program product of claim 10, wherein the method further comprises:
    - transmitting the request for the requested resource if the requested resource is determined to be an unprotected resource.
  - 12. The computer program product of claim 10, wherein the method further comprises:
    - transmitting a request for a set of authorization credentials from the source generating the request for the resource.
  - 13. The computer program product of claim 12, wherein the method further comprises:
    - receiving the requested set of authorization credentials from the source generating the request for the resource; and
      
      determining if the source is an authorized source based on the set of authorization credentials.
  - 14. The computer program product of claim 12, wherein the method further comprises refusing access to the requested resource if the source is an unauthorized source.
  - 15. The computer program product of claim 10, wherein the method further comprises refusing access to the requested resource if the source is an unauthorized source.
  - 16. The computer program product of claim 10, wherein the source generating the request is a user of a web browser, the requested resource is included in a web application of an online system, and the web SSO application is separate from the web browser and the web application.

17. A system comprising:
- a web browser;
  
  a web single sign-on (SSO) application in operative communication with the web browser; and
  
  a web application in operative communication with the SSO application;
  
  wherein the system is configured to perform a method comprising,defining a first servlet mapping including a description of a protected URL resource pattern;
  
  defining a second servlet mapping including a description of an unprotected URL resource pattern;
  
  determining display logic support to establish if display logic of the web application supports both the first servlet mapping and the second servlet mappingconfiguring the display logic of the web application based on the determination;
  
  defining an intercepting filter configured to review a received request for a resource, to determine if a source issuing the request is an authorized source, and redirecting the requesting source to a protected URL resource pattern for the requested resource if the source is an unauthorized source; and
  
  registering URL patterns for a common set of URLs in the intercepting filter, the URL patterns including definitions of the protected URL resource pattern and the unprotected URL resource pattern.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the method further comprises:
    - receiving a request from the web browser for a resource of the web application, the request identifying one of at least two URLs of the common set of URLs identifying the web application, wherein,the at least two URLs include a protected URL resource pattern and an unprotected URL resource pattern,the protected URL resource pattern identifies the requested resource as a protected resource, andthe unprotected URL resource pattern identifies the requested resource as an unprotected resource;
      
      determining if the requested resource is protected based on the received request;
      
      determining if the web browser is an authorized source based on a set of received credentials and the received request; and
      
      transmitting a request for the requested resource if the web browser is an authorized source.
  - 19. The system of claim 18, wherein the method further comprises:
    - transmitting the request for the requested resource if the requested resource is determined to be an unprotected resource.
  - 20. The system of claim 18, wherein the method further comprises:
    - transmitting a request for a set of authorization credentials from the web browser.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Taasera Licensing LLC (Quest Patent Research Corporation)
Original Assignee
International Business Machines Corporation
Inventors
Malton, Craig, Yu, Esther, Lee, Wan Ngain, Fleming, Brian J.

Granted Patent

US 8,171,533 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/41 where a single sign-on prov...

Managing Web Single Sign-On Applications

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Managing Web Single Sign-On Applications

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links