1. Field of the Invention
The present invention relates to an information processing apparatus realizing a server function for providing a service in response to a request from a user, a method for controlling the information processing apparatus, and a program.
2. Description of the Related Art
(1) Application Execution Server
Referring to FIG. 17, an embedded device 101 has many limitations in terms of resources, such as a memory and a central processing unit (CPU). In a case of executing a plurality of programs, the embedded device 101 does not generally cause the programs to simply operate as separate processes, but in many cases uses an application execution server 102 for managing execution of the programs. It is common to execute various application programs in the processing of the application execution server 102. One example of an application execution server is an OSGi server.
The OSGi server is an application execution server specified by the OSGi Alliance for managing execution of a plurality of Java® programs on an embedded device such as a home gateway. Java® is a programming language and a program execution environment developed and defined by Sun Microsystems®, Inc., U.S.A.
A hypertext transfer protocol (HTTP) service 103 is an implementation of an HTTP server. A content service 104 includes a program for extending the functionality of an HTTP server, called a servlet, and hypertext markup language (HTML) data. A servlet is an HTTP-server extension interface developed and defined by Sun Microsystems®, Inc., U.S.A., and is written in the Java® language.
The HTTP service 103, the content service 104, and other services 105 are equally handled as a single service program and are started and stopped by the application execution server 102.
The HTTP service 103 includes an application program interface (API) for registering the content service 104. The content service 104, when activated, is registered in the HTTP service 103 through the API. This allows a user to use the content service 104 through the HTTP service 103.
The API ability of the HTTP service 103 to register the content service 104 allows dynamic registration and deletion of servlets and content services such as HTML data with respect to the HTTP service 103 that is in operation.
(2) Extension Program for HTTP Server
Most of the recent HTTP servers implemented have functions for static transfer of files stored in the servers, such as HTML files and image files, to clients and for dynamic generation and transfer of data to clients. Typical extension program interfaces include a servlet interface and Common Gateway Interface (CGI). The use of such servlet or CGI functions allows interactive transaction with a user who uses a client.
(3) HTML Form
Current Web clients enable forms defined in HTML, which is a structure description language, to be displayed on browsers. A user can fill in an HTML form displayed on a browser of a Web client and can submit it to an HTTP server. The HTML form includes various control items, such as a text field, a text field for password entry, a radio button, a list, a check box, a file transfer form, a submit button, and a cancel button.
(4) Script Language
Many current Web clients are capable of executing a script language written in HTML data transmitted from an HTTP server. The script language also allows data generated by performing processing, such as encryption, on the user input in the HTML form to be submitted to the HTTP server. ECMA Script (Java Script) is a script language.
(5) Web Authentication Scheme
As Web authentication schemes, BASIC authentication and Digest authentication, which are specified by RFC 2068, have widely been supported, as disclosed in, for example, Japanese Patent Laid-Open No. 2001-51946. Servlet authentication using the servlet or CGI (Common Gateway Interface) technology has also been widely used. BASIC authentication and Digest authentication are authentication schemes implemented in an HTTP server, and only use a user interface (UI) through which two values, namely, an ID embedded in the Web browser and a password, are input by the user. There are further limitations in that only an ID and a password or an ID and a digested password are exchanged between an HTTP server and a browser (or Web client), a stronger authentication system cannot be additionally provided, etc.
Although it is necessary to add an authentication program to an HTTP server as an extension program such as a servlet or CGI program to realize an authentication system, servlet authentication allows a user to arbitrarily generate HTML form data as an implementation of the authentication UI. Servlet authentication further allows a user input encrypted by an encryption method desired by a user using a script language to be submitted to the HTTP server, or allows an authentication server used when the user logs in to be specified. Therefore, a user-friendly secure authentication system can be achieved.
Furthermore, by exchanging servlets for authentication (i.e., authentication servlets), various authentication schemes can be used depending on the application purpose of the device.
The HTTP service 103 on the application execution server 102 also registers and executes an authentication servlet service as a content service, thus achieving a more user-friendly authentication system.
With the use of the aforementioned technology, an HTTP server of the related art can achieve a high-flexibility authentication system. However, an extension program including an authentication servlet is enabled as a portion of the server program when the server is turned on. It is therefore difficult to dynamically register the extension program including the authentication servlet in the running HTTP server.
Therefore, there is no flexibility in exchanging an extension program including an authentication servlet. Moreover, many resource-limited devices, such as the embedded device 101, are not capable of changing the setting of the server program so as to execute an extension program including different authentication servlets.
In order to overcome such problems, an HTTP service running on an OSGi server serving as an application execution server is designed so that an extension program including an authentication servlet can dynamically be added to the running HTTP service. However, a combination of the HTTP service 103 of the related art and the authentication servlet service on the application execution server 102 causes the following problems.
FIGS. 18 and 19 are diagrams illustrating problems with the related art. The authentication servlet service, when activated, obtains the HTTP service 103 registered in the application execution server 102 and registers itself in the HTTP service 103. It is therefore necessary to activate the HTTP service 103 before activating the authentication servlet service. Therefore, the HTTP service 103 is generated and activated first (step S201).
Then, the authentication servlet service is registered (step S203). In case of access from a client after the authentication servlet service is activated, authentication is performed (step S204). However, a problem arises in case of access from a client for a period of time between the generation and activation processing of the HTTP service (step S201) and the activation processing of the authentication servlet service (step S203). In this case, the authentication servlet service has not yet been activated when the access occurs, and the client is allowed to access the HTTP service without authentication (step S202).
FIG. 19 shows a method for separately performing generation and activation of the HTTP service 103 in order to overcome the above-described problem. First, the HTTP service 103 is generated (step S301), and, then, the authentication servlet service is registered in the HTTP service 103 (step S303). Next, the HTTP service 103 is activated (step S305), and the general content service 104 is then registered (step S307).
Since the HTTP service 103 has not yet been activated even after the HTTP service 103 is generated, access from a client is not received (step S302). Moreover, even after the authentication servlet service is registered, the HTTP service 103 has not yet been activated, and access from a client is not received (step S304). After the HTTP service 103 is activated, in response to access from a client, authentication of the authentication servlet service is carried out (step S306).
However, the method shown in FIG. 19 has a problem in that the procedure for the application execution server 102 to register the authentication servlet service becomes more complicated.
Moreover, since generation and activation of the HTTP service 103 are separately performed, the number of service statuses to be managed by the application execution server 102 increases.
Furthermore, it is necessary to perform registration of the authentication servlet service between generation and activation of the HTTP service 103. Thus, the application execution server 102 needs to manage a sequence of operations, such as generation of the HTTP service 103, registration of the authentication servlet service, and activation of the HTTP service 103, in the activation processing of various services.