| 发明名称 |
CONTROLLED ACCESS |
| 摘要 |
User access to a protected resource is controlled by: intercepting a request from a client browser (80) directed to a server (50); requesting user credentials from the client browser (80); processing user credentials received from the client browser (80) to authenticate the user (20); redirecting the client browser (80) to an authorization server (70) configured to issue a token credential; intercepting an authorization request from the browser (80) to the authorization server (70), and inserting into the authorization request an HTTP header variable indicating the authentication status of the user (20). The authorization server (70) is arranged to issue a token credential, which may be used by the user (20) to obtain a token for indicating to a server (50) hosting the protected resource authorization of the user (20) to access the protected resource. |
| 申请公布号 |
US2014282919(A1) |
申请公布日期 |
2014.09.18 |
| 申请号 |
US201214347809 |
申请日期 |
2012.09.25 |
| 申请人 |
BRITISH TELECOMMUNICATIONS public limited company |
发明人 |
Mason Jeremy Roger |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for controlling user access to a protected resource, in which the method comprises:
(a) intercepting a request from a client browser directed to a server; (b) requesting user credentials from the client browser; (c) processing user credentials received from the client browser to authenticate the user; (d) redirecting the client browser to a server configured to issue a token credential for indicating to a server configured to issue such a token, authorization of the user to obtain a token for indicating to a server hosting the protected resource authorization of the user to access the protected resource; (e) intercepting an authorization request from the browser to the server configured to issue a token credential, and (f) inserting into the authorization request an HTTP header variable indicating the authentication status of the user. |
| 地址 |
London GB |
