摘要 |
Methods, systems, and computer program products for modifying a resource by an authenticated user impersonating another user. In one embodiment of the invention, a lock may be acquired on the resource to be modified, storing the identity of the authenticated user and the identity of the impersonated user inside the lock object, and generating a message indicating that the lock was acquired successfully by the authenticated user impersonating another user. |
主权项 |
1. A computer-implemented method for accessing a resource, the method comprising:
receiving a first identifier and a second identifier that uniquely identify a first user and a second user declared in a computer system, respectively, the first user being different from the second user; authenticating the first user; generating a user session object comprising the first identifier, the second identifier, and a session object identifier; receiving a request to modify the resource from the first user; determining whether the second user is authorized to modify the resource; preventing the first user from modifying the resource responsive to a determination that the second user is not authorized to modify the resource; responsive to a determination that the second user is authorized to modify the resource:
determining whether a lock object is associated with the resource, the lock object for preventing concurrent modification of the resource by more than one user, the lock object comprising a lock object session identifier, a lock object first identifier, and a lock object second identifier;responsive to a determination that the lock object is not associated with the resource, generating a lock object, storing the session object identifier, the first identifier, and the second identifier as the lock object session identifier, the lock object first identifier, and the lock object second identifier, respectively, and assigning the generated lock object to the first user;responsive to a determination that a lock object is already associated with the resource:
determining whether the lock object is owned by any user;responsive a determination that the lock object is not owned, assigning the lock object to the first user and storing the session object identifier, the first identifier, and the second identifier as the lock object session identifier, the lock object first identifier, and the lock object second identifier, respectively;responsive to a determination that the lock object is owned, determining whether a first set of criteria is satisfied for assigning the lock object to the first user; andresponsive to a determination that the first set of criteria is satisfied, providing the first user with a capability to acquire the lock object.
|