(12) United States Patent (10) Patent No.: US 9.426,152 B2 Pieczul Et Al

USOO9426152B2

(12) United States Patent (10) Patent No.: US 9.426,152 B2 Pieczul et al. (45) Date of Patent: Aug. 23, 2016

(54) SECURE TRANSFER OF WEB APPLICATION (56) References Cited CLIENT PERSISTENT STATE INFORMATION INTO A NEW DOMAIN U.S. PATENT DOCUMENTS 7,194.552 B1* 3/2007 Schneider ...... HO4L 61,3015 (71) Applicant: International Business Machines 709/217 Corporation, Armonk, NY (US) 7,664,724 B2 * 2/2010 Lucovsky ...... GO6F 21,335 707/781 8,504,692 B1 8, 2013 Henderson (72) Inventors: Olgierd S. Pieczul, Dublin (IE): 2004.0054898 A1 3/2004 Chao et al. Mariusz Pajecki, Dublin (IE); Izabela 2005/0204148 A1* 9/2005 Mayo ...... HO4L 63,0815 Pogorzelska-Pieczul, Dublin (IE): T13,185 Mustansir Banatwala, Hudson, NH 2006.0056317 A1 3/2006 Manning et al. (US) (Continued) (73) Assignee: International Business Machines OTHER PUBLICATIONS Corporation, Armonk, NY (US) Nirmal, K.; Ewards, S.E. Vinodh; Geetha, K. Maximizing Online Security by providiniga 3 Factor Authenticationi System to counter (*) Notice: Subject to any disclaimer, the term of this attack Phishing. 2010 International Conference on Emerging patent is extended or adjusted under 35 Trends in Robotics and Communication Technologies. http:// U.S.C. 154(b) by 0 days. ieeexplore.ieee.org/stampfstamp.jsp?tp=&arnumber=5706.185.* (Continued) (21) Appl. No.: 14/326,255 Primary Examiner — Jeremiah Avery (22) Filed: Jul. 8, 2014 (74) Attorney, Agent, or Firm — David B. Woycechowsky; David H. Judson (65) Prior Publication Data US 2016/OO14153 A1 Jan. 14, 2016 (57) ABSTRACT A technique to reassign one or more stored elements of web (51) Int. Cl. application client state information is provided in an HTTP H04L 29/06 (2006.01) based client upon receipt of an HTTP redirect in response to H04L 29/08 (2006.01) a request-URI. One or more stored elements associated to the request-URI are saved in or in association with the client. (52) U.S. Cl. Upon receipt of an HTTP301 (permanent) redirect, the client CPC ...... H04L 63/0876 (2013.01); H04L 63/0853 automatically reassigns (re-associates) the one or more stored (2013.01); H04L 63/168 (2013.01); H04L elements to the redirect domain when the redirect can be 6702 (2013.01); H04L 67/2814 (2013.01) Verified as authentic (e.g., to originate from the application to (58) Field of Classification Search which the client is attempting to connect). None See application file for complete search history. 15 Claims, 3 Drawing Sheets

400

402 REDIRECTRECEIVE

REASSIGNAND REDIRECT US 9,426,152 B2 Page 2

(56) References Cited 2012,0047577 A1 2/2012 Costinsky et al. 2013/0246846 A1* 9/2013 Oyman ...... HO4W 4.06 U.S. PATENT DOCUMENTS T14, 18 2014/0173088 A1* 6/2014 Varney ...... HO4L 67.289 2006/0253446 11, 2006 Leong et al. TO9,224 2006/0265508 11, 2006 Angel ...... HO4L 29, 12047 2014/0337954 A1* 11/2014 Ahmed ...... G06F 21? 41 TO9/230 T26/8 2008.0005127 1, 2008 Schneider ...... HO4L 29, 12594 707,999.01 OTHER PUBLICATIONS 2008/O120412 5/2008 Icaza ...... HO4L 67/16 709,225 2009 OO31368 1/2009 Ling Kumar, Anugrah; Roy, Sanjiban Shekar, Saxena, Sanklan; Rawat, 2009, O144288 6, 2009 Refuah et al. Sarvesh SS. Phishing Detection by determining Reliability Factor 2010, 0070448 3, 2010 Omoigui ...... HOL 27, 1463 using Rough Set Theory. 2013 International Conference on Machine TO6/47 2010/0281107 11, 2010 Fallows ...... GO6F 9/54 Intelligence and Research Advancement. http://ieeexplore.ieee.org/ TO9,203 stamp? stamp.jsp?tp=&arnumber=6918828.* 2011/02092O2 8, 2011 Otranen ...... HO4L 63.08 T26/4 * cited by examiner U.S. Patent Aug. 23, 2016 Sheet 1 of 3 US 9.426,152 B2

100 Y FIG. 1 E 110 104 DDDD Ul SER 112

106-1 000 STORAGE 114

108 CLIENT U.S. Patent Aug. 23, 2016 Sheet 2 of 3 US 9.426,152 B2

COMPUTER READABLE MEDIA FIG 2

216

300 Y 304

MEMORY

310-1 RELINKCODE WEB REASSIGNMENT APPLICATION CODE CLIENT STATE 308 CACHE INFORMATIONN-314 316

302 HARDWARE FIG. 3 U.S. Patent Aug. 23, 2016 Sheet 3 of 3 US 9.426,152 B2

400

402 REDIRECT RECEIVED

ISSYSTEM ENABLED2

420

422

426 US 9,426,152 B2 1. 2 SECURE TRANSFER OF WEB, APPLICATION and/or remove obsolete data stored for the old application CLIENT PERSISTENT STATE INFORMATION server domain. In addition, all persistent cookies that locally INTO A NEW DOMAIN cache a user's state information are not reflected in the new server domain. As a consequence, and despite the authenticity BACKGROUND OF THE INVENTION of the redirect, the user may have difficulty interacting with the new (redirected) application server domain in an auto 1. Technical Field mated and/or seamless manner. This disclosure relates generally to web application Secu rity and, in particular, to ensuring secure transfer of a web BRIEF SUMMARY application's client persistent state information to a new 10 According to this disclosure, a client state information domain upon receipt of an authentic HTTP redirect. transfer or “reassignment' function is implemented in an 2. Background of the Related Art HTTP-based web application client upon receipt by the client One way that computers interact via networks such as the of an HTTP redirect in response to a request-URI. Typically, Internet is using the HyperText Transfer Protocol (HTTP) the request-URI is associated with an application server open standard designed by the World WideWeb Consortium 15 domain. Upon receipt an HTTP permanent redirection mes (W3C) and standardized as Internet Engineering Task Force sage, and upon confirming that the message is authentic, the (IETF) RFC 2616. It is an intentionally simple and open web application client automatically reassigns the client state protocol that is implemented across many heterogeneous information (e.g., form elements, passwords, cookies, and the computer systems. like) to the new application server domain identified in the A web application often needs to modify its URL structure, redirect. e.g., to point to a new domain. When the web application has In operation, and upon receipt of a permanent redirect, a active users, however, the modification of URL structure is a client user-agent that has been provisioned to implement the troublesome task. The most difficult aspect is making Sure reassignment function determines whether the permanent that, even if URLS change, user impact is minimal. In par redirect message is authentic, e.g., whether it is received from ticular, it is important that URLs are preserved in user clients 25 the application server domain to which the request-URI was directed. Preferably, this determination is made in one of (e.g., bookmarks in web browsers, URLs in feed readers and several ways, e.g., evaluating whether the redirect is received other rich-clients that use REST-based APIs, and the like) and in a trusted SSL connection, whether the redirect is received continue to work for at least some transition period following in a connection that, if not protected by SSL, is otherwise the change. Typically, this goal is achieved by using HTTP trusted (e.g., because the request-response is being carried out redirects (from an old to a new location). There are two (2) 30 over a corporate network), or even whether a user has, upon main types of redirects: temporary, when the client is receipt of the HTTP redirect, confirmed that reassignment instructed to temporarily use another location (e.g., for a login should occur, or the like. In response to a determination that page or a resource), and permanent, when a resource (e.g., a the permanent redirect is authentic, state information stored Web application's URL domain structure) changes perma in the browser and associated with the old application server nently. As is well-known, these redirects are done through 35 domain is automatically reassigned (re-associated) at the cli HTTP response codes, respectively, an HTTP 302 (tempo ent user-agent and associated with the new application server rary) and an HTTP301 (permanent), which are returned from domain. a web application to a requesting user-agent, such as a Web The foregoing has outlined some of the more pertinent browser. features of the disclosed subject matter. These features should The HTTP specification (RFC 2616) defines that on per 40 be construed to be merely illustrative. Many other beneficial manent redirection (the HTTP301) “clients with link editing results can be attained by applying the disclosed subject mat capabilities ought to automatically re-link references to the terina different manner or by modifying the Subject matter as Request-URI to one or more of the new references returned will be described. by the server, where possible.” Practically, however, clients BRIEF DESCRIPTION OF THE DRAWINGS typically ignore (some purposefully) this requirement and do 45 not update their URL references for HTTP 301 redirection. For a more complete understanding of the Subject matter The main reasons for this behavior are usability and security and the advantages thereof, reference is now made to the problems. Thus, for example, consider a pay-per-use internet following descriptions taken in conjunction with the accom provider (e.g., at an airport or hotel), which providers often panying drawings, in which: send the HTTP 301 redirect code incorrectly. If a browser 50 FIG. 1 depicts an exemplary block diagram of a distributed updates links for this redirection, those links would be per data processing environment in which exemplary aspects of manently changed to the incorrect location (and thus broken). the illustrative embodiments may be implemented; In another example, if a browser updates URIs in response to FIG. 2 is an exemplary block diagram of a data processing an HTTP 301, malicious open wireless hotspots or proxies system in which exemplary aspects of the illustrative embodi would gain the ability to permanently re-link a user's book 55 ments may be implemented; marks or application URLs, thus expanding the scope of FIG. 3 illustrates a client machine having a user-agent in phishing attacks. Because of these and other similar prob which the subject disclosure may be implemented; and lems, the current default behavior of user-agents is to ignore FIG. 4 is a process flow illustrating how the web applica the RFC and not re-link. tion client state information reassignment upon HTTP redi It is also known that, as a result of interactions between a 60 rect function of this disclosure is implemented in a client web application and an application server, so-called web user-agent that has been provisioned to perform the function. application client state information (Such as form elements, cookies, passwords and the like) that is associated with the DETAILED DESCRIPTION OF AN client-application server interaction, is stored. When a web ILLUSTRATIVE EMBODIMENT application moves to a new domain (such as indicated via a 65 permanent HTTP redirect), this value of this state information With reference now to the drawings and in particular with in effect is lost. Users need to enter the information again reference to FIGS. 1-2, exemplary diagrams of data process US 9,426,152 B2 3 4 ing environments are provided in which illustrative embodi memory 206, persistent storage 208, communications unit ments of the disclosure may be implemented. It should be 210, input/output (I/O) unit 212, and display 214. appreciated that FIGS. 1-2 are only exemplary and are not Processor unit 204 serves to execute instructions for soft intended to assert or imply any limitation with regard to the ware that may be loaded into memory 206. Processor unit 204 environments in which aspects or embodiments of the dis may be a set of one or more processors or may be a multi closed subject matter may be implemented. Many modifica processor core, depending on the particular implementation. tions to the depicted environments may be made without Further, processor unit 204 may be implemented using one or departing from the spirit and scope of the present invention. more heterogeneous processor systems in which a main pro With reference now to the drawings, FIG. 1 depicts a pic cessor is present with secondary processors on a single chip. 10 As another illustrative example, processor unit 204 may be a torial representation of an exemplary distributed data pro symmetric multi-processor (SMP) system containing mul cessing system in which aspects of the illustrative embodi tiple processors of the same type. ments may be implemented. Distributed data processing Memory 206 and persistent storage 208 are examples of system 100 may include a network of computers in which storage devices. A storage device is any piece ofhardware that aspects of the illustrative embodiments may be implemented. 15 is capable of storing information either on a temporary basis The distributed data processing system 100 contains at least and/or a permanent basis. Memory 206, in these examples, one network 102, which is the medium used to provide com may be, for example, a random access memory or any other munication links between various devices and computers suitable volatile or non-volatile storage device. Persistent connected together within distributed data processing system storage 208 may take various forms depending on the par 100. The network 102 may include connections, such as wire, ticular implementation. For example, persistent storage 208 wireless communication links, or fiber optic cables. may contain one or more components or devices. For In the depicted example, server 104 and server 106 are example, persistent storage 208 may be a hard drive, a flash connected to network 102 along with storage unit 108. In memory, a rewritable optical disk, a rewritable magnetic tape, addition, clients 110, 112, and 114 are also connected to or some combination of the above. The media used by per network 102. These clients 110, 112, and 114 may be, for 25 sistent storage 208 also may be removable. For example, a example, personal computers, network computers, or the like. removable hard drive may be used for persistent storage 208. In the depicted example, server 104 provides data, such as Communications unit 210, in these examples, provides for boot files, operating system images, and applications to the communications with other data processing systems or clients 110, 112, and 114. Clients 110, 112, and 114 are devices. In these examples, communications unit 210 is a clients to server 104 in the depicted example. Distributed data 30 network interface card. Communications unit 210 may pro processing system 100 may include additional servers, cli vide communications through the use of either or both physi ents, and other devices not shown. cal and wireless communications links. In the depicted example, distributed data processing sys Input/output unit 212 allows for input and output of data tem 100 is the Internet with network 102 representing a with other devices that may be connected to data processing worldwide collection of networks and gateways that use the 35 system 200. For example, input/output unit 212 may provide Transmission Control Protocol/Internet Protocol (TCP/IP) a connection for user input through a keyboard and mouse. Suite of protocols to communicate with one another. At the Further, input/output unit 212 may send output to a printer. heart of the Internet is a backbone of high-speed data com Display 214 provides a mechanism to display information to munication lines between major nodes or host computers, a U.S. consisting of thousands of commercial, governmental, edu 40 Instructions for the operating system and applications or cational and other computer systems that route data and mes programs are located on persistent storage 208. These instruc sages. Of course, the distributed data processing system 100 tions may be loaded into memory 206 for execution by pro may also be implemented to include a number of different cessor unit 204. The processes of the different embodiments types of networks, such as for example, an intranet, a local may be performed by processor unit 204 using computer area network (LAN), a wide area network (WAN), or the like. 45 implemented instructions, which may be located in a As stated above, FIG. 1 is intended as an example, not as an memory, such as memory 206. These instructions are referred architectural limitation for different embodiments of the dis to as program code, computer-usable program code, or com closed subject matter, and therefore, the particular elements puter-readable program code that may be read and executed shown in FIG. 1 should not be considered limiting with regard by a processor in processor unit 204. The program code in the to the environments in which the illustrative embodiments of 50 different embodiments may be embodied on different physi the present invention may be implemented. cal or tangible computer-readable media, Such as memory With reference now to FIG. 2, a block diagram of an exem 206 or persistent storage 208. plary data processing system is shown in which aspects of the Program code 216 is located in a functional form on com illustrative embodiments may be implemented. Data process puter-readable media 218 that is selectively removable and ing system 200 is an example of a computer, Such as client 110 55 may be loaded onto or transferred to data processing system in FIG. 1, in which computer usable code or instructions 200 for execution by processor unit 204. Program code 216 implementing the processes for illustrative embodiments of and computer-readable media 218 form computer program the disclosure may be located. product 220 in these examples. In one example, computer With reference now to FIG. 2, a block diagram of a data readable media 218 may be in a tangible form, such as, for processing system is shown in which illustrative embodi 60 example, an optical or magnetic disc that is inserted or placed ments may be implemented. Data processing system 200 is an into a drive or other device that is part of persistent storage example of a computer, such as server 104 or client 110 in 208 for transfer onto a storage device, such as a hard drive that FIG. 1, in which computer-usable program code or instruc is part of persistent storage 208. In a tangible form, computer tions implementing the processes may be located for the readable media 218 also may take the form of a persistent illustrative embodiments. In this illustrative example, data 65 storage, such as a hard drive, a thumb drive, or a flash memory processing system 200 includes communications fabric 202, that is connected to data processing system 200. The tangible which provides communications between processor unit 204. form of computer-readable media 218 is also referred to as US 9,426,152 B2 5 6 computer-recordable storage media. In some instances, com that are capable of accessing and interacting with the portal. puter-recordable media 218 may not be removable. Typically, each client or server machine is a data processing Alternatively, program code 216 may be transferred to data system such as illustrated in FIG. 2 comprising hardware and processing system 200 from computer-readable media 218 Software, and these entities communicate with one another through a communications link to communications unit 210 over a network, such as the Internet, an intranet, an extranet, and/or through a connection to input/output unit 212. The a private network, or any other communications medium or communications link and/or the connection may be physical link. A data processing system typically includes one or more or wireless in the illustrative examples. The computer-read processors, an operating system, one or more applications, able media also may take the form of non-tangible media, and one or more utilities. The applications on the data pro Such as communications links or wireless transmissions con 10 cessing system provide native Support for Web services taining the program code. The different components illus including, without limitation, support for HTTP, SOAP. trated for data processing system 200 are not meant to provide XML, WSDL, UDDI, and WSFL, among others. Information architectural limitations to the manner in which different regarding SOAP, WSDL, UDDI and WSFL is available from embodiments may be implemented. The different illustrative the World Wide Web Consortium (W3C), which is respon embodiments may be implemented in a data processing sys 15 sible for developing and maintaining these standards; further tem including components in addition to or in place of those information regarding HTTP and XML is available from illustrated for data processing system 200. Other components Internet Engineering Task Force (IETF). Familiarity with shown in FIG. 2 can be varied from the illustrative examples these standards is presumed. shown. As one example, a storage device in data processing FIG.3 illustrates a client in which the subject matter of this system 200 is any hardware apparatus that may store data. disclosure may be implemented. The client 300 comprises Memory 206, persistent storage 208, and computer-readable hardware 302, memory 304, a web browser or similar user media 218 are examples of storage devices in a tangible form. agent 306, a cache 308, and URL re-link code 310 executed In another example, a bus system may be used to imple by a processor of the hardware. The URL re-link code 310 ment communications fabric 202 and may be comprised of includes computer program code that executes a link editing one or more buses, such as a system bus or an input/output 25 function that also occurs upon receipt of the permanent redi bus. Ofcourse, the bus system may be implemented using any rect. A link editing capability refers to the ability of the suitable type of architecture that provides for a transfer of data user-agent to automatically re-link one or more references to between different components or devices attached to the bus the request-URI to one or more new references returned and system. Additionally, a communications unit may include one identified in the redirect. Thus, for example, if the request or more devices used to transmit and receive data, Such as a 30 URI seeks a resource at //www.content.com/directory/ob modem or a network adapter. Further, a memory may be, for ject.jpg and the HTTP response is: example, memory 206 or a cache such as found in an interface HTTP/1.1301 Moved Permanently and memory controller hub that may be present in communi Location: . . . //www.newcontentdomain.com/directory/ cations fabric 202. object.jpg then the re-link code 310 will update www.con Computer program code for carrying out operations of the 35 tent.com to www.newcontentdomain.com and save that new present invention may be written in any combination of one or reference 312 (e.g., in the bookmarks file, a list of URLs for more programming languages, including an object-oriented a feed reader, other REST-based APIs that reference the origi programming language such as JavaTM, Smalltalk, C++ or the nal URL, or any other code or data structures that include the like, and conventional procedural programming languages, original URL for any purpose). More broadly, any system, Such as the “C” programming language or similar program 40 device, program or process that receives an HTTP redirect ming languages. The program code may execute entirely on and provides a link editing capability may be used for this the user's computer, partly on the user's computer, as a stand purpose. A representative but non-limiting implementation is alone software package, partly on the user's computer and a web browser that includes a link editor function (either partly on a remote computer, or entirely on the remote com natively or via external code). puter or server. In the latter scenario, the remote computer 45 The client 300 may be implemented as a computing may be connected to the user's computer through any type of machine such as shown in FIG. 2. network, including a local area network (LAN) or a wide area In a typical use case, the user-agent 306 is a web applica network (WAN), or the connection may be made to an exter tion client that operates in association with an enterprise nal computer (for example, through the Internet using an application server. FIG. 1 illustrates this basic client-applica Internet Service Provider). 50 tion server paradigm. The application server may be Sup Those of ordinary skill in the art will appreciate that the ported in an enterprise datacenter or, more commonly, in a hardware in FIGS. 1-2 may vary depending on the implemen cloud compute infrastructure. As is well-known, cloud com tation. Other internal hardware or peripheral devices, such as puting is a model of service delivery for enabling convenient, flash memory, equivalent non-volatile memory, or optical on-demand network access to a shared pool of configurable disk drives and the like, may be used in addition to or in place 55 computing resources (e.g. networks, network bandwidth, of the hardware depicted in FIGS. 1-2. Also, the processes of servers, processing, memory, storage, applications, virtual the illustrative embodiments may be applied to a multipro machines, and services) that can be rapidly provisioned and cessor data processing system, other than the SMP system released with minimal management effort or interaction with mentioned previously, without departing from the spirit and a provider of the service. Scope of the disclosed Subject matter. 60 By way of example only, a representative enterprise appli As will be seen, the techniques described herein may oper cation of this type deployed in the cloud is a client-server ate in conjunction within the standard client-server paradigm application such as IBM(R) SmartCloud R for Social Business such as illustrated in FIG. 1 in which client machines com (formerly LotusLive), which provides a cloud-delivered suite municate with an Internet-accessible Web-based portal of technologies that combine web conferencing, messaging, executing on a set of one or more machines. End users operate 65 and collaboration services with social networking capabili Internet-connectable devices (e.g., desktop computers, note ties in an easy-to-use web-based environment. As a compo book computers, Internet-enabled mobile devices, or the like) nent of IBM(R) SmartCloud, Notes.(R) provides a full-featured US 9,426,152 B2 7 8 email, calendaring, contact management, and instant messag securely and (preferably) in an automated manner, typically ing. A user can access the service directly over the Internet in using the reassignment code 316 described above (or using a number of ways, such as using a web browser, or a "rich' separate Software functionality, e.g., a plug-in, an applet, an client application (Such as the Notes rich client). Using this ActiveX control, a script, or the like) that performs the reas service, an enterprise places in the cloud service its email, 5 signment function. The reassignment may take place in asso calendar and/or collaboration infrastructure, and a user uses ciation with a URL re-linking function. The state information the Notes client to access his or her email, perform a calendar reassignment (with or without the URL re-link) may take operation, or facilitate an online collaboration. In a represen place during or after the redirection, although preferably it tative embodiment, the Notes rich client is Version 8.5.2 or occurs concurrently with the redirect handling as will be higher. 10 described. By reassigning the state information in this secure The above example (using IBM SmartCloud) is merely manner, the HTTP redirection achieves its intended purpose representative. The techniques described below are not lim but does not otherwise interfere with stored state information ited for use with a particular enterprise application deployed that are otherwise used by the user-agent. within the cloud environment. The nature of the reassignment itself will depend on the Moreover, the techniques are not limited to application 15 implementation and, in particular, on the one or more stored server(s) that execute in IP-based domains. Some clouds are elements of the web application client state information. based upon non-traditional IP networks. Thus, for example, a Thus, for example, for passwords or other user identifying cloud may be based upon two-tier CLOS-based networks information, the reassignment simply updates a password with special single layer IP routing using hashes of MAC application server domain association to point to the new addresses. The techniques described herein may be used in domain. For form elements, the reassignment may cause one Such non-traditional clouds. or more HTML elements to be rewritten, once again to reflect Regardless of the type of client-server technology imple the new domain. In like manner, the textina cookie that points mented, it is assumed that that user agent-to-server commu to the original domain is overwritten to point to the new nications may take place over a secure transport, such as SSL application server domain. (or TLS, or equivalent) over TCP over IP. This transport is 25 FIG. 4 illustrates representative functionality on a client well-known in the art, and it creates an “https session user-agent to implement the state information reassignment between the browser and the server. Familiarity with SSL/ functionality. The client may be implemented using the hard TLS transport is assumed. The techniques may be used with ware and software described above with respect to FIG. 2. In other secure transport protocols that implement certificate a typical implementation, and as noted above with respect to based cipher Suites. 30 FIG. 3, the client comprises hardware, memory, a web As a result of interactions between the user-agent and the browser or similaruser-agent, a cache, and reassignment code application server, many different types of information are executed by a processor of the hardware. As noted above, the stored in association with the web application. One type of reassignment code may be implemented in any convenient information is user-specific information, such as a user iden manner, Such as native browser code, as a browser plug-in, an tifier (or other identity) and/or userpassword. Another type of 35 applet, an ActiveX or similar control, as a script, or the like. information includes form elements that are generated by the As has also been described, it is assumed that the client stores application server pages and that may be specific to the client. or can access the web application client state information. Yet another type of information includes HTTP cookies that When the browser establishes an HTTP or HTTPS connec are generated by the application server. These cookies typi tion to a target server application (step 400), the operation cally are persistent. The information is stored in the client (or 40 begins and, in particular, upon receipt by the browser of an in association with the client browser) in a data store (e.g., HTTP redirect. As illustrated in FIG. 4, this is step 402. At memory 304, cache 308, or other persistent storage). Whether step 404, a test is performed to determine whether the redirect viewed separately or collectively, the information associated is an HTTP301 (permanent). If the outcome of the test at step with the client-application server interactions is sometimes 404 indicates that the redirect is not permanent, control referred to herein as web application client state information 45 branches to step 406. At step 406, a test is performed to 314, as it reflects the “state' of the client’s permitted interac determine whether the redirection is an HTTP 302 (tempo tions with the application server. rary). If the outcome of the test at step 406 is negative, the According to this disclosure, the client 300 is further pro redirect is neither a 301 nor a 302, and the routine ends at step visioned with additional program code, which is identified in 408. If, however, the outcome of the test at step 406 indicates FIG.3 as reassignment code 316, which is used to securely 50 that the redirect is a 302 redirect, the routine continues at step reassign (transfer/update) the web application client state 410 to perform the temporary redirect. After the temporary information 314, preferably in the manner that is now redirect is performed, the routine ends at step 408. described. If, however, the outcome of the test at step 404 indicates Secure Transfer of Web Application Client State Information that the redirect is a permanent one, the routine continues at into a New Domain 55 step 412 to test whether the user-agent is enabled for the web According to this disclosure, when a user-agent that is application client state information reassignment functional provisioned with the above-described state information reas ity of this disclosure. If the outcome of the test at step 412 signment capability receives an HTTP 301 permanent redi indicates that the user-agent is not enabled to perform the rect, the user-agent automatically determines whether the state information reassignment function of this disclosure, response message is authentic, e.g., because it originates from 60 the control branches to step 410 to perform the redirect. As the application server domain to which the client is attempt before, after the redirect is performed, the routine ends at step ing to connect. If the user-agent can verify the authenticity of 408. the HTTP redirect (i.e., it originates from the application If, however, the outcome of the test at step 412 indicates server domain to which the client is attempting to connect), that the user-agent is enabled to perform the state information one or more stored elements of web application client state 65 reassignment functionality, the routine continues at step 414 information are automatically reassigned to the new domain to test whether current request and response are being carried identified in the redirect. The reassignment is carried out out over SSL (Secure Sockets Layer). If the outcome of the US 9,426,152 B2 10 test at step 414 indicates that the communication link itself is Additional tests for determining authenticity of the HTTP SSL-secured between the requesting client and the target redirect (or, in particular, authenticity of the target server that server, then the server is trusted and the received HTTP redi issued the user-agent the HTTP redirect) may be imple rect is considered to be authentic. Accordingly, control mented as well. branches to step 416 to reassign (to the redirect domain) the Additionally, when the redirect comes back in a trusted one or more stored elements of the web application state SSL connection, the browser may still additionally warn and/ information. At step 416, and in addition to transferring the or disable an update of the web application client state infor one or more stored elements of the web application state mation if there are problems with the SSL connection (e.g., a information, the routine also performs the redirect itself. self-signed certificate or a domain mismatch) even if the user Although not shown, during this operation, a URL re-linking 10 accepts the condition. operation (to reflect the permanent redirect) may also be A particular redirect that triggers the described functional carried out. The routine then continues to step 408 and ends. ity is sometimes referred to herein as “protocol-compliant” if Preferably, the stored elements of the web application client it otherwise satisfies the requirements (e.g., syntax, content, state information are transferred automatically and without style, etc.) required by the protocol. further user input (or even active awareness). 15 A particular redirect may include one or more new refer While the existence of the SSL connection is one preferred ences. Provided the redirect is verified to be authentic, any way of determining that the HTTP response is authentic, the stored web application client state information associated determination regarding authenticity of the HTTP redirect with the request-URI is then reassigned to the new domain may be confirmed in other ways. To that end, if the outcome according to the update techniques described herein. of the test at step 416 indicates that the communication link The following describes an example user Scenario. Assume itself is not SSL-secured, a test is performed at step 418 to Alice is a user of a web application such as IBM LotusLive(R) determine whether the communication is otherwise trusted. and that this application has recently changed its domain from The HTTP redirect may be considered to have originated apps.lotuslive.com (the original domain) to apps.na.collab from a trustworthy source for one of many alternative reasons serv.com (the new domain). Prior to this domain change, (other than being received via SSL), e.g., the client has been 25 Alice has her password and cookies stored in her client and authenticated to the server via other means, the client recog associated with the original apps.lotuslive.com domain. nizes the network address of the target server, the client rec Without knowledge of the domain change, Alice opens her ognizes the target server from the contents of an HTTP browser to the original domain, e.g., by selecting a bookmark response header, the target server is associated with a given stored in her browser navigation bar. Alice's browser has been trusted domain (e.g., an enterprise or corporate network, as 30 provisioned to include the state information update function opposed to an open WiFi hotspot), or the like. Any such ality of this disclosure. Her web browser then connects to the techniques may be implemented. If the outcome of the test at bookmarked domain and receives an HTTP 301 permanent step 418 indicates that the HTTP redirect received is authentic redirect to the new domain. Using the above-described func (in other words, that the target server or the connection itself tionality (which confirms that the message to redirect is is trusted), then control returns to step 416. As noted above, at 35 authentic), the browser detects that it has a stored password this step one or more stored elements of the web application and cookies for the original domain; it then automatically client state information are reassigned and the redirect imple associates those elements with the new domain (or, alterna mented. tively, asks Alice to confirm that the elements should be If, however, the outcome of the test at step 418 still indi re-assigned). cates that an insufficient proof of authenticity still exists, the 40 The Subject matter described herein has many advantages. routine branches to step 420. At this step the redirect (received The technique provides a mechanism to ensure that web at step 402) is implemented (as it must). The routine then application client state information is re-associated with an branches to step 422 to issue a message to the user that a appropriate application server domain and in a seamless and redirection is taking place; the message also provides a reliable manner in those clients that include the above-de prompt to the user to query whether the user desires to reas 45 scribed reassignment capabilities. As described, clients that sign one or more stored elements of the web application client implement the approach automatically update one or more state information. Preferably, the message also provides the stored elements of the web application client state informa user with information about the risk of reassignment or of not tion upon receipt of the HTTP301 redirect. By restricting the reassigning, as the case may be. If the user answers in the state information reassignment to occur only upon receipt of affirmative, the routine continues at step 424 to test whether 50 an authentic HTTP redirect, the approach ensures that clients the requested reassignment should take place. Step 424 may transfer the state information safely and securely. As noted by default be answered affirmatively, but it may also imple above, the preferred approach is to reassign one or more ment one or more conditions that have to be met before even stored elements of the web application client state informa the user-approved reassignment occurs. Thus, for example, tion associated with the request-URI to the redirect applica step 424 may implement a security policy that includes at 55 tion server domain when the response can be verified to least one configurable condition that must be met before the originate from the application server to which the client is user-approved reassignment occurs. This condition may be attempting to connect. As noted, if the user-agent can verify that the target server's domain is recognized in the security the authenticity of the HTTP redirect (i.e., it originates from policy, that some temporal condition associated with the the application to which the client is attempting to connect), request is met, or the like. If the outcome of the test at step 424 60 one or more elements of the web application client state indicates that the update should not occur, the routine information are updated in associated with execution of the branches to step 408 and terminates. If, however, the one or redirect itself. more condition(s) specified are met, the routine continues at The functionality described above may be implemented as step 426 to reassign the one or more stored elements. The a standalone approach, e.g., a software-based function process then terminates at step 408. 65 executed by a processor, or it may be available as a managed Steps 414, 418 and 424 need not occur in any particular service (including as a web service via a SOAP/XML inter order or sequence. These steps may take place concurrently. face). The particular hardware and software implementation US 9,426,152 B2 11 12 details described herein are merely for illustrative purposes may be stored in a computer readable storage medium in a are not meant to limit the scope of the described subject data processing system after being downloaded over a net matter. work from a remote data processing system. Or, those instruc More generally, computing devices within the context of tions or code may be stored in a computer readable storage the disclosed subject matter are eacha data processing system 5 medium in a server data processing system and adapted to be (such as shown in FIG. 2) comprising hardware and Software, downloaded over a network to a remote data processing sys and these entities communicate with one another over a net tem for use in a computer readable storage medium within the work, Such as the Internet, an intranet, an extranet, a private remote system. network, or any other communications medium or link. The applications on the data processing system provide native 10 In a representative embodiment, the state information support for Web and other known services and protocols update/reassignment components are implemented in a spe including, without limitation, support for HTTP, FTP, SMTP cial purpose computer, preferably in Software executed by SOAP, XML, WSDL, UDDI, and WSFL, among others. one or more processors. The Software is maintained in one or Information regarding SOAP, WSDL, UDDI and WSFL is more data stores or memories associated with the one or more available from the World Wide Web Consortium (W3C), 15 processors, and the software may be implemented as one or which is responsible for developing and maintaining these more computer programs. standards; further information regarding HTTP, FTP, SMTP As noted, the functionality need not be implemented in a and XML is available from Internet Engineering Task Force (IETF). Familiarity with these known standards and protocols conventional web browser, the approach may be imple is presumed. mented in a dedicated web app executing in a mobile client The web application client state information update device, in a rich client, or the like. scheme described herein may be implemented in conjunction While the above describes a particular order of operations with various server-side architectures including simple n-tier performed by certain embodiments of the invention, it should architectures, web portals, federated systems, and the like. be understood that such order is exemplary, as alternative The techniques herein may be practiced in association with a 25 embodiments may perform the operations in a different order, loosely-coupled server (including a "cloud-based) environ combine certain operations, overlap certain operations, or the ment. As in the example scenario described, the server itself like. References in the specification to a given embodiment (that issues the redirect) may be hosted in the cloud. indicate that the embodiment described may include a par There is no limitation on the precise nature and type of web ticular feature, structure, or characteristic, but every embodi application client state information that is stored and reas 30 ment may not necessarily include the particular feature, struc signed according to this disclosure. ture, or characteristic. The state information reassignment for HTTP redirects according to this disclosure may be implemented in any com Finally, while given components of the system have been puting entity that acts as a "client’ to another server, thus, the described separately, one of ordinary skill will appreciate that techniques herein are not limited for use for strictly client 35 Some of the functions may be combined or shared in given side web browser software but may also be implemented, for instructions, program sequences, code portions, and the like. example, in a server or intermediary process that itself is As used herein, the “client-side' application should be acting as a client (to Some other server component). broadly construed to refer to an application, a page associated Still more generally, the subject matter described herein with that application, or some other resource or function can take the form of an entirely hardware embodiment, an 40 invoked by a client-side request to the application. A entirely software embodiment or an embodiment containing “browser as used herein is not intended to refer to any both hardware and software elements. In a preferred embodi specific browser (e.g., Internet Explorer, Safari, FireFox, or ment, the function is implemented in Software, which the like), but should be broadly construed to refer to any includes but is not limited to firmware, resident software, client-side rendering engine that can access and display Inter microcode, and the like. Furthermore, as noted above, the 45 web application client state information reassignment func net-accessible resources. Further, while typically the client tionality can take the form of a computer program product server interactions occur using HTTP, this is not a limitation accessible from a computer-usable or computer-readable either. The client server interaction may be formatted to con medium providing program code for use by or in connection form to the Simple Object Access Protocol (SOAP) and travel with a computer or any instruction execution system. For the 50 over HTTP (over the public Internet), FTP, or any other reli purposes of this description, a computer-usable or computer able transport mechanism (such as IBM(R) MQSeries(R tech readable medium can be any apparatus that can contain or nologies and CORBA, for transport over an enterprise intra store the program for use by or in connection with the instruc net) may be used. Also, the term “web site' or “service tion execution system, apparatus, or device. The medium can provider should be broadly construed to cover a web site (a be an electronic, magnetic, optical, electromagnetic, infrared, 55 set of linked web pages), a domain at a given web site or or a semiconductor system (or apparatus or device). server, a trust domain associated with a server or set of serv Examples of a computer-readable medium include a semi ers, or the like. A “service provider domain may include a conductor or Solid State memory, magnetic tape, a removable web site or a portion of a web site. Any application or func computer diskette, a random access memory (RAM), a read tionality described herein may be implemented as native only memory (ROM), a rigid magnetic disk and an optical 60 code, by providing hooks into another application, by facili disk. Current examples of optical disks include compact disk tating use of the mechanism as a plug-in, by linking to the read only memory (CD-ROM), compact disk-read/write mechanism, and the like. (CD-R/W) and DVD. The computer-readable medium is a The term “redirect should be broadly construed to refer to tangible item. the HTTP specification (RFC2616) or, more generally, any The computer program product may be a product having 65 request-response protocol directive (including FTP, SMTP program instructions (or program code) to implement one or and others) that instructs a client side user-agent to look more of the described functions. Those instructions or code elsewhere for a requested resource. US 9,426,152 B2 13 14 Having described the invention, what is now claimed is as program code to connect to an application server domain follows: associated with a request-URI: 1. An apparatus, comprising: program code responsive to receipt of a protocol-compliant a processor, redirect associated with the application server domain, computer memory holding computer program instructions the protocol-compliant redirect pointing to a new appli cation server domain, to determine whether the proto that when executed by the processor securely reassign col-compliant redirect is authentic; and web application client state information associated with program code responsive to a determination that the pro an application server domain, the computer program tocol-compliant redirect is authentic to reassign the web instructions comprising: application client state information to the new applica program code to connect to an application server domain 10 tion server domain. associated with a request-URI: 9. The computer program product as described in claim 8 program code responsive to receipt of a protocol-com wherein the web application client state information is one of: pliant redirect associated with the application server user identifying information, one or more form elements associated with a page located at the application server domain, the protocol-compliant redirect pointing to a 15 new application server domain, to determine whether domain, and a cookie generated by the application server the protocol-compliant redirect is authentic; and domain. program code responsive to a determination that the 10. The computer program product as described in claim 8 protocol-compliant redirect is authentic to reassign wherein the protocol-compliant redirect is an HTTP perma the web application client state information to the new nent redirect. application server domain. 11. The computer program product as described in claim 8 2. The apparatus as described in claim 1 wherein the web wherein the protocol-compliant redirect is authentic if it can application client state information is one of: user identifying be verified to have originated from the application server information, one or more form elements associated with a domain to which a request-URI was directed. page located at the application server domain, and a cookie 12. The computer program product as described in claim 8 25 wherein the determination verifies that the request-URI and generated by the application server domain. the protocol-compliant redirect are communicated over a 3. The apparatus as described in claim 1 wherein the pro SSL-secured communication link. tocol-compliant redirect is an HTTP permanent redirect. 13. The computer program product as described in claim 8 4. The apparatus as described in claim 1 wherein the pro wherein the determination verifies that the request-URI and tocol-compliant redirect is authentic if it can be verified to 30 the protocol-compliant redirect are communicated over a have originated from the application server domain to which trusted communication link. a request-URI was directed. 14. The computer program product as described in claim 8 5. The apparatus as described in claim 1 wherein the deter wherein the determination includes issuing a prompt to deter mination verifies that the request-URI and the protocol-com mine whether reassignment should occur; and pliant redirect are communicated over a SSL-secured com 35 munication link. determining that an affirmative response to the prompt has been received. 6. The apparatus as described in claim 1 wherein the deter 15. Apparatus, comprising: mination verifies that the request-URI and the protocol-com a processor; pliant redirect are communicated over a trusted communica computer memory; tion link. 40 7. The apparatus as described in claim 1 wherein the deter a user-agent that issues a request-URI to a first application mination includes issuing a prompt to determine whether server domain and receives a response identifying a reassignment should occur, and second application server domain to which the first determining that an affirmative response to the prompt has application server domain is asserted in the response to been received. have been moved; and 8. A computer program product in a non-transitory com 45 computer program instructions executed by the processor puter readable storage medium for use in a data processing upon receipt of the response to reassign one or more System, the computer program product holding computer stored elements of web application client state informa tion from the first application server domain to the sec program instructions which, when executed by the data pro ond application server domain when the response can be cessing system, securely reassign web application client state 50 information associated with an application server domain, the verified as authentic. code comprising: ck ck ck ck ck