| US 7,552,222 B2 | ||
| Single system user identity | ||
| Sandilya Garimella, San Jose, Calif. (US); and Sanjay Dalal, Sunnyvale, Calif. (US) | ||
| Assigned to BEA Systems, Inc., Redwood Shores, Calif. (US) | ||
| Filed on Aug. 05, 2002, as Appl. No. 10/212,303. | ||
| Claims priority of provisional application 60/392144, filed on Jun. 27, 2002. | ||
| Prior Publication US 2003/0079029 A1, Apr. 24, 2003 | ||
| Int. Cl. G06F 15/16 (2006.01); G06F 7/00 (2006.01) | ||
| U.S. Cl. 709—229 [709/225; 707/9; 719/314; 717/120] | 19 Claims |
| 1. A method for validating a user on an application server, comprising:
receiving a request for access from an external user with an external user identity at an access point of an application on
an application server, wherein an internal user identity is configured to provide access to resources at the application server
for users with that internal user identity;
authenticating the external user based at least on user credentials associated with the external user in response to the request
for access;
upon successful authentication, switching the identity of the external user to the internal user identity for the application
by pushing internal user information on a user stack for the external user, so that the internal user identity governs access
to resources at the application server for the external user, wherein switching the identity of the external user to the internal
user identity includes adding internal user context information to the external user identity;
upon the external user exiting the application server, popping the internal user information from the user stack, so that
the external user is switched back to the external user identity; and
providing, by the internal user identity, to the external user, a higher level of privilege in the application server, that
is unavailable for the external user as the external user identity.
|