The invention relates to a web server that enables role-based multi-level security.
Web browsers such as Netscape Navigator and Microsoft Internet Explorer are well known. Web browsers are software residing on a client (e.g., a personal computer). Via the browser, the client can communicate with a web server to enable access to and viewing of Hypertext Markup Language (HTML) documents. A web server typically includes a server (e.g., a UNIX- or Windows NT-based computer) connected to a network (e.g., the Internet, an intranet or other network), web server software configured with the host name of the server and the location of HTML files on the servers and the HTML files stored by that server.
In general operation, to access a web page, a user enters a request by specifying a uniform resource locator (URL) via the browser and hitting xe2x80x9cSubmitxe2x80x9d (or another function key) and the URL is sent to the web server using HTTP. The web server responds by locating the requested HTML document and returning it to the browser. The browser receives the HTML document, interprets the HTML codes, converts them into a web page, and displays the web page. In this way, web browsers enable access to the vast number of HTML documents via the World Wide Web, the Internet or intranets. HTML generally is well known. A primary purpose of HTML is to describe how to format the text (and other content) of a web page. HTML uses tags to indicate how text of a web page should be displayed and to specify the URL of objects to which a page is linked. HTML files are commonly stored on a web server as standard text files with a HTM or HTML extension. Linking is a powerful feature of HTML. One drawback with HTML links is that links are created by coding a page with HTML tags to link it to other objects (e.g., another document or a specific location within a document). Therefore creating web pages and links requires a working knowledge of HTML and the time required to write HTML code a create a page and any desired links. Editing an HTML page or a link typically requires using HTML to edit the original web page or link. One significant problem with HTML links is that if a web page (or other object is linked to it) is moved or deleted any links to that page or object needs to be manually changed or a xe2x80x9cfile not foundxe2x80x9d message will appear when a user clicks on the link.
One limitation of web browsers and web servers is that they were designed primarily to access HTML documents. Browsers typically cannot cause a web server to retrieve and return non-HTML documents. This inhibits a user from accessing non-HTML documents, objects or databases from a web browser. Non-HTML objects, for example, may include non-HTML documents, stored views for documents in a database, identification files stored in a user directory and many other types of objects. Views provide a convenient way to index a plurality of documents. Identification files may comprise information about a system user (e.g., electronic mail address, role, profile, etc.).
One example of a non-HTML database is Lotus Notes. Lotus Notes is a popular software system, rich with a number of well-known functions. These functions, however, are typically accessed via a client terminal (loaded with Lotus Notes client software) communicating with a server (loaded with Lotus Notes server software). Because Notes is not an HTML-based application, it has not been practical to access objects in a Notes database via a standard web browser.
Web Servers typically do not provide security access to documents. Prior web servers generally either grant or deny complete access to a document. Thus, users may gain access to confidential or proprietary information or be denied access to information which the user is authorized to access. Access denial may be based on a particular field within a document although a user may have authorization to view other fields in a document. This is a drawback.
Prior systems offer network users numerous functions. These functions, however, are offered only to client network users. For example, users of web browsers not in the client network cannot access files within the client network. Prior systems offering a broad range of functions (e.g., Lotus Notes) do not permit non-client users the ability to utilize these functions. For example, Lotus Notes offers enterprise integration, an agent builder, enhanced linking, navigators, hierarchical folders, and others.
Enterprise integration allows access to all data within Notes. Notes exchanges data with various types of databases and systems to allow network users access to data in stored in numerous formats. Agent builders provide an interface that enables users to design and create agents for automating administrative and end-user tasks. Enhanced linking allows creating links to Notes databases, documents, web pages, etc. and preview linked documents before opening. Navigators provide a graphical process for finding documents or taking actions without maneuvering through multiple views or find menu commands. Hierarchical folders permit network users to create folders to store documents and messages. Notes agents may be used to automatically organize items within a folder.
These and other drawbacks exist.
An object of the invention is to overcome these and other drawbacks in existing systems.
Another object of the invention is to provide a web server that can respond to requests from a web browser for either HTML or non-HTML documents and return the requested documents to the web browser.
Another object of the invention is to enable a web server to provide role-based multi-level security access to HTML and non-HTML documents within a system using a browser.
Another object of the invention is to enable a web server to provide role-based multi-level security access to HTML and non-HTML documents within a system based on fields within the HTML and non-HTML documents using a browser.
Another object of the invention is to enable a web server to assign a priority level to users of a system wherein the priority level is used to grant or deny access to HTML and non-HTML documents within the system using a browser.
Another object of the invention is to enable a web server to assign a priority level to users of a system wherein the priority level is used to grant or deny access to fields within HTML and non-HTML documents using a browser.
Another object of the invention is to enable a web server to authenticate a user requesting HTML and non-HTML documents within a system using a browser.
According to one embodiment of the invention, the system comprises a novel web server for a client/server network, where the client side is equipped with a standard browser. The server comprises standard web server functionality (e.g., HTTP server), an HTML translator, a server side software (e.g., Lotus Notes server software) and a database (e.g., a Lotus Notes database). Significantly, the database does not need HTML files. Preferably, the server receives a URL-based request from a browser via HTTP, the HTTP server and HTML translator determine the object (e.g., documents or databases) specified by the URL, retrieves that object, converts or translates that object to HTML format and sends the HTML downloaded object to the client side browser for display.
According to another aspect of the invention, the system includes a server comprising an interface module. The interface module includes a security module for providing role-based security access to HTML and non-HTML documents within a system. The system enables the server to control access of documents to users of web browsers through the security module. The security module provides for authentication of users and authorization of access to requested documents and fields within a document. The security module assigns identifiers, passwords and priority levels to users. The system requests a user to input the user""s identifier and password. If the identifier and password do not match the identifier and password stored in the system, the user may not be granted access to certain documents or fields. If a user is authenticated, the user may attempt to retrieve a document. If the document requires a priority level higher than the priority level attained by the user, the system may deny access to the document or fields within the document which the user does not have permission to view.