Controlling access of a client system to access protected remote resources supporting relative URLs
First Claim
1. A method for controlling access of a client system to access protected remote resources comprising:
- receiving a response from an access protected remote resource in response to a client request to said access protected remote resource, wherein said access protected remote resource is configured in such a way that a client system is not allowed to directly access said access protected remote resource but all client requests are rerouted via a web application which is authorized to access said access protected remote resource;
identifying in said response all references that are defined by absolute URLs and point to access protected remote resources;
generating a rewritten URL for each original URL of said identified reference to an access protected remote resource by;
splitting the original URL into a base part and a resource part;
generating an authentication identifier by applying an authentication method to said base part and a set of parameters provided by said web application; and
concatenating the URL of said web application, the base part, authentication identifier, and resource part;
replacing the original URL of said references contained in said response by said rewritten URL including said authentication identifier; and
sending said response including rewritten URL and authentication identifier to said client system.
1 Assignment
0 Petitions
Accused Products
Abstract
A client system is controlled for accessing protected remote resources via a Web Application using a rewriter proxy that supports relative URLs. In one configuration, the Web application can be a Portal application. A URL utility module can be provided for a rewriter proxy that splits an absolute URL into a base part (the URL string up to the resource) and the resource part. A security module computes an authentication identifier for the base part. This can occur by applying a secure hash algorithm and/or secret key. The URL utility module then constructs the rewritten URL by concatenating the URL encoded base part, the authentication identifier, and the resource part as separate path elements.
22 Citations
19 Claims
-
1. A method for controlling access of a client system to access protected remote resources comprising:
-
receiving a response from an access protected remote resource in response to a client request to said access protected remote resource, wherein said access protected remote resource is configured in such a way that a client system is not allowed to directly access said access protected remote resource but all client requests are rerouted via a web application which is authorized to access said access protected remote resource; identifying in said response all references that are defined by absolute URLs and point to access protected remote resources; generating a rewritten URL for each original URL of said identified reference to an access protected remote resource by; splitting the original URL into a base part and a resource part; generating an authentication identifier by applying an authentication method to said base part and a set of parameters provided by said web application; and concatenating the URL of said web application, the base part, authentication identifier, and resource part; replacing the original URL of said references contained in said response by said rewritten URL including said authentication identifier; and sending said response including rewritten URL and authentication identifier to said client system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 18, 19)
-
-
13. A server system in a client-server environment comprising:
-
a Web application running on said server system in a client-server environment; a communication link to a client system; a communication link to an access protected remote resource allowing communication of said Web application with said access protected remote resource; a rewriter proxy for identifying references to absolute URLs in said response from said access protected remote resource pointing to access protected remote resources, generating a rewritten URL for each such reference including the URL of said rewriter proxy and replacing the original URL of said reference in said response by said rewritten URL; a URL utility module for splitting the original URL into a base part and a resource part and concatenating the base part, an authentication identifier, and the resource part to the rewritten URL before the original URL is replaced by said rewritten URL, and for splitting each URL of each client request into the base part, the authentication identifier, and the resource part to validate the authentication identifier for at least the base part and create the URL of the remote resource from the base part and the resource part; and a security module for generating an authentication identifier by applying an authentication method to said base part and a set of parameters provided by said web application and returning said authentication identifier to said URL utility module, and for validating the authentication identifier for the base part and the set of parameters, returning the validation result to the URL utility module, wherein said Web application provides said response including said rewritten URLs to said client system. - View Dependent Claims (14, 15, 16)
-
-
17. A computer program product stored on a non-transitory computer usable medium comprising computer readable program which when executed on a computer cause said computer to:
-
receive response from an access protected remote resource in response to a client request to said access protected remote resource, wherein said access protected remote resource is configured in such a way that a client system is not allowed to directly access said access protected remote resource but all client requests are rerouted via a web application which is authorized to access said access protected remote resource; identify in said response all references that are defined by absolute URLS and point to access protected remote resources; generate a rewritten URL for each original URL of said identified reference to an access protected remote resource by; splitting the original URL into a base part and a resource part; generating an authentication identifier by applying an authentication method to said base part and a set of parameters provided by said web application; and concatenating the URL of said web application, the base part, authentication identifier, and resource part; replace the original URL of said references contained in said response by said rewritten URL including said authentication identifier; and send said response including rewritten URL and authentication identifier to said client system.
-
Specification