| 摘要 |
A secure, layered logout of a user session is implemented in a web-based management tool, such as a middleware appliance. A logout strategy is provided to include a set of security levels of varying sensitivity, with each security level having a set of permissions associated therewith and that are enforced upon occurrence of an event. A succeeding security level in the set of security levels is reached upon occurrence of an event associated with that level, in which case the set of permissions associated with the security level are then enforced against at least one managed object while the user session continues. As each next security level is reached, the set of permissions associated with the security level are then enforced (with respect to the managed object or against one or more other managed objects), once again while the user session continues. Each of the objects preferably is managed independently of at least one other object; thus, the layered logout may enforce different permissions with respect to different managed objects while at the time maintaining the user session. If the user takes no action, and as a result of the occurrence of the events, eventually a final security level of the set of security levels will occur, at which point the user session is finally terminated.
|
