1. Field of the Invention
The present invention relates to computer security, and deals more particularly with a method, system, and computer program for securely executing code that is invoked within a browser. Credentials for a user are automatically shared only among a trusted set of applications, without requiring the application developer to write code to manage the credentials.
2. Description of the Related Art
The Internet is a vast collection of computing resources, interconnected as a network, from sites around the world. It is used every day by millions of people. The World Wide Web (referred to herein as the xe2x80x9cWebxe2x80x9d) is that portion of the Internet which uses the HyperText Transfer Protocol (xe2x80x9cHTTPxe2x80x9d) as a protocol for exchanging messages. (Alternatively, the xe2x80x9cHTTPSxe2x80x9d protocol can be used, where this protocol is a security-enhanced version of HTTP.)
A user of the Internet typically accesses and uses the Internet by establishing a network connection through the services of an Internet Service Provider (ISP). An ISP provides computer users the ability to dial a telephone number using their computer modem (or other connection facility, such as satellite transmission), thereby establishing a connection to a remote computer owned or managed by the ISP. This remote computer then makes services available to the user""s computer. Typical services include: providing a search facility to search throughout the interconnected computers of the Internet for items of interest to the user; a browse capability, for displaying information located with the search facility; and an electronic mail facility, with which the user can send and receive mail messages from other computer users.
The user working in a Web environment will have software running on his computer to allow him to create and send requests for information, and to see the results. These functions are typically combined in what is referred to as a xe2x80x9cWeb browserxe2x80x9d, or xe2x80x9cbrowserxe2x80x9d. After the user has created his request using the browser, the request message is sent out into the Internet for processing. The target of the request message is one of the interconnected computers in the Internet network. That computer will receive the message, attempt to find the data satisfying the user""s request, format that data for display with the user""s browser, and return the formatted response to the browser software running on the user""s computer. This is an example of a client-server model of computing, where the machine at which the user requests information is referred to as the client, and the computer that locates the information and returns it to the client is the server. In the Web environment, the server is referred to as a xe2x80x9cWeb serverxe2x80x9d. The client-server model may be extended to what is referred to as a xe2x80x9cthree-tier architecturexe2x80x9d. This architecture places the Web server in the middle tier, where the added third tier typically represents data repositories of information that may be accessed by the Web server as part of the task of processing the client""s request. This three-tiered architecture recognizes the fact that many client requests do not simply require the location and return of static data, but require an application program to perform processing of the client""s request in order to dynamically create the data to be returned. In this architecture, the Web server may equivalently be referred to as an xe2x80x9capplication serverxe2x80x9d, reflecting the fact that this middle tier is where the business logic of the application typically resides, and the computers on which the data repositories reside may be referred to as xe2x80x9cdata serversxe2x80x9d, or xe2x80x9cbackend data serversxe2x80x9d. A data server stores and manages the data that is used by an application.
When a Web page is retrieved from a server and downloaded to a client machine, the page may contain static predefined content formatted using HTML (HyperText Markup Language). In addition, the Web page may contain dynamically-executable content. One way in which dynamic content can be embedded in a Web page is through use of one or more Java applets. Java is a programming language that is widely accepted for writing Web applications, as it is a robust portable object-oriented language defined specifically for the Web environment. (xe2x80x9cJavaxe2x80x9d is a trademark of Sun Microsystems, Inc.) Java attains its portability through use of a specially-designed virtual machine, called a xe2x80x9cJava Virtual Machinexe2x80x9d (JVM), which runs on the client workstation and enables executable code to adapt to various execution platforms. An xe2x80x9cappletxe2x80x9d is a small Java program that executes within a Web browser on the client machine. The applet typically is delivered to the client machine from the Web server along with the Web page in which the applet is embedded. When the Web browser accesses and processes a Web page containing an applet, the applet""s code is executed (either automatically or in response to an invocation such as the user clicking on an icon, depending on how the applet has been written) to create the dynamic content.
Network computing models are replacing traditional client-server models in the Web environment. A network computing model is a scalable distributed computing infrastructure, enabling a server to provide a client machine with access to applications on demand of the client. With this type of distributed computing, a key concern is limiting application access to authorized clients. When a request for service from an application is received in a client-server or network computing model (that is, when requests for execution are sent from the client to a server, and executed at the server on behalf of the client), a verification process may be performed to determine if the requesting client is in fact authorized to use this service, before the application performs the service. For example, the executing application code often needs to access protected data that is stored on the server. Protected services and data may also be a concern when the code is a locally-executing applet, such that a verification process may need to be implemented on the client machine. This verification process typically uses user credentials, where xe2x80x9ccredentialsxe2x80x9d refers to application-specific information (such as a user name or other identifier, a user password, etc.) that identifies the requesting user at the client machine. These credentials are compared to a previously-defined, stored set of the credentials for all authorized users. If the credentials match an entry in this stored set, then this user is an authorized user.
For Web-based applications, the security procedures that are used to control access to protected data and/or services are usually implemented independently for each application. This results in redundant effort by programmers, taking time and resources away from addressing the actual requirements of the application itself. Alternatively, HTTP Authentication may be used. HTTP Authentication is a standard technique whereby user credentials are encoded as an HTTP Request header, and authentication challenges are encoded as an HTTP Response header. At least two types of HTTP Authentication mechanisms are currently defined: Basic Authentication and Digest Authentication. Basic Authentication is quite common, and uses plaintext transmission of passwords. Digest Authentication, on the other hand, sends credentials as digested information, but is not currently supported by many browsers.
The basic authentication scheme is always supported in typical implementations of Java, and the digest scheme may also be supported. When present, these schemes form part of the core Java Development Kit, and are accessed via the java.net.URLConnection class.
Since HTTP Authentication support is implemented in Java classes that are loaded from the local client file system (i.e. the file system on the machine that is running the browser), the Java classes in which the authentication support is provided are accessible to all Java applets, regardless of the codebase and server from which that applet was loaded. The authentication classes store credentials in static class data. Because the classes are available to all applets, all appletsxe2x80x94whether trusted or untrustedxe2x80x94have equal access to this stored static class data. (A trusted applet is one that was loaded from a trusted source. The concepts of trusted code and trusted sources are well known in the art.) This equal access prevents using a single set of credentials to distinguish the access rights to those applets which are trusted, instead sharing the user""s credentials among all applets running under the browser, creating a potential security weakness.
Accordingly, a need exists for a technique by which these security concerns can be overcome in an efficient manner. The present invention provides a technique for securely sharing user credentials only among a restricted and authorized set of trusted applications.
An object of the present invention is to provide a technique to enhance security in a Web environment.
Another object of the present invention is to provide a technique whereby user credentials are shared only among a restricted and authorized set of trusted applications.
It is a further object of the present invention to implement this technique using a single log-in in which the user credentials are obtained.
Yet another object of the present invention is to provide this technique by exploiting the services of the Java sandbox, such that application developers do not have to write code to manage the credentials.
Other objects and advantages of the present invention will be set forth in part in the description and in the drawings which follow and, in part, will be obvious from the description or may be learned by practice of the invention.
To achieve the foregoing objects, and in accordance with the purpose of the invention as broadly described herein, the present invention provides a software-implemented process, system, and method for use in a computing environment having a connection to a network, for securely sharing log-in credentials among trusted browser-based applications, comprising: requesting a secure service from an executing one of one or more applets capable of executing within a browser, each of the applets having been loaded from a codebase associated therewith, and wherein each associated codebase may be distinct; searching, responsive to the request, for stored credentials in a shared static data area associated with the codebase from which the executing applet was loaded, wherein each of the distinct codebases has a distinct shared static data area associated therewith; retrieving the stored credentials when the search is successful; and when the search is not successful, prompting a user of the applet to enter a new set of credentials and storing the new set of credentials in the shared static data associated with the codebase from which the executing applet was loaded. Optionally, the technique may further comprise verifying the retrieved stored credentials or the new set of credentials before allowing the requested secure service to continue. In addition, the technique may further comprise: returning an exception to the applet if a result of the verifying step indicates that the user is not authorized to perform the requested secure service; and performing the requested secure service if the result of the verifying step indicates that the user is authorized.
The present invention will now be described with reference to the following drawings, in which like reference numbers denote the same element throughout.