RESTRICTING ACCESS BY SERVICES DEPLOYED ON AN APPLICATION SERVER

摘要

An example method for controlling access to services coupled to an application server includes receiving a set of method calls issued from originator services to target services and recording information about the set of method calls into a data structure. The method also includes modifying, based on user input, the data structure to exclude each unauthorized method call from the data structure. The method further includes receiving a first method call from a first originator service to a target service, and determining, based on searching the data structure, whether the first originator service is authorized to issue the first method call to the first target service. In response to a determination that the first originator service is not authorized to issue the first method call to the first target service, the application server may block the first originator service from issuing the first method call to the first target service.

主权项

1. A method of controlling access to one or more services coupled to an application server, comprising:
receiving a set of method calls issued from one or more originator services deployed on an application server to one or more target services; for each method call of the set of method calls, recording a method name, zero or more parameters, an originator service, and a target service of the respective method call into a data structure; receiving user input indicating whether method calls recorded in the data structure are authorized; modifying, based on the user input, the data structure to exclude each unauthorized method call recorded in the data structure; receiving a first method call specifying a first method name, a set of zero or more parameters, and a first target service, wherein the first method call is issued from a first originator service deployed on the application server to the first target service; after modifying the data structure, searching the data structure to determine whether the first originator service is authorized to issue the first method call to the first target service; and in response to a determination that the first originator service is not authorized to issue the first method call to the first target service, blocking the first originator service from issuing the first method call to the first target service.