Abstract: A frames-based Web browser is used with existing distributed computing environment (DCE) interfaces to facilitate and simplify management of DCE cells. In the preferred embodiment, administration may be performed from any secure Web browser acting as a client. Management data is typically supported on a target Web server. at the browser, CGI scripts are used to dynamic generate HTML (hypertext markup language) pages based on the network administrator's selections and the current state and defined objects in the DCE cell. The result is a robust and efficient Web-based DCE management scheme.

Abstract: A method of executing Common Gateway Interface (CGI) programs in a computer network having a Web client and a Web server, the server connectable to a secure distributed file system of a distributed computing environment. If a Web client user request requires CGI processing, the requested CGI program is run in a new process spawned from the Web server thread and executing within the context of the temporary user identity set up with the proper DCE credentials. This function is effected by saving the name and path of the user-requested CGI program and then substituting the name and path of an encapsulation CGI program. The encapsulation CGI program starts the user-requested CGI program in a new process (i.e. a desktop) within the context of the temporary user identity (having proper DCE credentials). The encapsulation program thus ensures that the CGI program being executed cannot harm the default Web server desktop.

Abstract: A test page including a statement invoking an executable periodically reloading the test page is placed on a Web server having a security plug-in to be tested. The test page may include multiple frames, each containing a reference requesting access to the same test page or each performing a different testing function. The test page may be placed in a protected directory, may include an attempt to access the contents of a file within a different protected directory, and may include attempts to access protected CGI executables or other programs or modules which may be run on the Web server. A remote browser is employed to attempt to access the test page using the userid and password employed to login to the browser. Successful or unsuccessful access to the test page verifies proper operation of the security plug-in.

Abstract: An account manager plug-in for a Web server having an application programming interface (API). The plug-in is preferably a computer program product comprising a set of instructions (program code) encoded on a computer-readable substrate. This plug-in includes program code for establishing a set of one or more monitored resources (e.g., UrlCounter, ByteCounter, PageCounter and FailedLoginCounter) and for defining a threshold rule for at least one of the set of monitored resources. As Web transactions occur at the Web server, the account manager is responsive to a monitored resource exceeding a condition of a threshold rule for triggering one of a set of threshold actions. The set of threshold actions, for example, include clearing a record counter, running a given program, sending an e-mail note and disabling or enabling a user account.

Abstract: Filter rules on a firewall between a secure computer network and a nonsecure computer network are validated from a user interface. A user interface is presented in which a test packet can be defined. The user interface includes controls for defining values for attributes of the test packet, wherein the attributes of the test packet are selected from a set of attributes of normal packets normally sent between the secure and nonsecure computer networks. A defined test packet is validated against a set of filter rules in the firewall or matched against the filter rules to determine those filter rules with matching attributes to the defined packet. When validating, responsive to the failure of the test packet in the validating step, the filter rule in the set of filter rules which denied the test packet is displayed.

Abstract: A method of enabling persistent access by a Web server to files stored in a distributed file system of a distributed computing environment that includes a security service. A session manager is used to perform a proxy login to the security service on behalf of the Web server. Persistent operation of the session manager is ensured by periodically spawning new instances of the session manager process. Each new instance preferably initializes itself against a binding file. A prior instance of the session manager is maintained in an active state for at least a period of time during which the new instance of the session manager initializes itself. Upon receipt of a given transaction request from a Web client to the Web server, a determination is made regarding whether a new instance of the session manager process has been spawned while the Web server was otherwise idle.

Abstract: A method of enabling a Web server to impersonate a Web client to thereby obtain access to files stored in a distributed file system of a distributed computing environment. The distributed computing environment includes a security service for returning a credential to a user authenticated to access the distributed file system. In response to receipt of a transaction request from the Web client, a determination is made whether the transaction request has originated from a user authenticated to access the distributed file system. If so, the Web server is controlled to reuse the credential of the user across multiple file accesses in the distributed file system on behalf of the Web client.

Abstract: A method, system and program for transforming one or more icons in an object-oriented, graphical environment. The icon transformations entail the changing of an icon from one state to another using drag and drop techniques. The user drops an input object icon onto the transformer object icon. The transformer object removes the input object from the graphical environment, changes its contents and/or attributes, and places the new output icon on the desktop. Icon transformers convert objects in a one-to-one, many-to-one, one-to-many, or many-to-many fashion.

Abstract: A method of authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment. The distributed computing environment includes a security service for returning a credential to a user authenticated to access the distributed file system. In response to receipt by the Web server of a user id and password from the Web client, a login protocol is executed with the security service. If the user can be authenticated, a credential is stored in a database of credentials associated with authenticated users. The Web server then returns to the Web client a persistent client state object having a unique identifier therein. This object, sometimes referred to as a cookie, is then used to enable the Web client to browse Web documents in the distributed file system.

Abstract: An installation plan object is built for installing an application in a network. The empty installation plan object is first created from a template of a prototypical installation plan object. Next, from a workspace container object containing potential child objects of the installation plan object, objects are selected for inclusion in the installation plan object. The selected objects are transformed into child objects of the installation plan object. The objects which are selected to populate an install plan object include an application object and a group object which respectively represent an application to be installed over the network and a group of workstations upon which the application is to be installed. After transformation, these objects are converted into an application-in-plan object and a group-in-plan object respectively.

Abstract: Committing an installation plan object for installing applications in a network. The installation plan object includes an application-in-plan object which represents an application program and a group-in-plan object which represents a group of workstations on which the application program is to be installed. As part of the commit process, the installation plan object is prevalidated by examining its child objects and adding additional child objects to the installation plan object if required, validated by examining data in the installation plan object and its child objects for errors in the data and transformed into data structures usable for a network installation engine which installs applications across a network. The installation plan further includes a response file object if the application's installation requires a response file and a customization file object which contains data to customize the response file object data for particular workstations.

Abstract: Administering tunneling on a firewall computer between a secure computer network and a nonsecure computer network in a web based interface is disclosed. Tunnels are displayed in graphical depictions as lines connecting icons representing network addresses. User selection of a line, will bring up a selected tunnel definition represented by the first line is displayed in another pane in the interface or a list of filter rules applicable to the tunnel. At this point, an action on the selected tunnel definition may be performed responsive to user input. Queries can be run on a tunnel definition to determine whether any existing tunnel definitions match the entered tunnel definition, or whether there are any filter rules in effect for a given tunnel definition. The results of the query are displayed in a scatter bar in another pane in the user interface, wherein locations of matches are indicated by lines through the scatter bar.

Abstract: An installation plan object including application objects representing applications to be installed during an installation process and workstation objects representing the workstation on which the applications are to be installed is validated prior to executing the installation plan. According to the invention, multiple sets of communication modules, that is redirector and transport modules are capable of installing the applications on the workstations over a computer network. Therefore, the availability and compatibility of the redirectors and transports at the workstations must be assured. After the installation plan object is built by the user of application objects and workstation objects, the attributes of the application objects are examined for the communication modules which may be used for installation of the applications on the workstations. Next, the validation process determines whether the communication modules are available during the installation process at the workstations.

Abstract: A technique for transferring a graphical object in a graphical user interface on a computer display from a source window to a target window. It is determined that a graphical object from the source window has entered the target window during a drag and drop operation. Next, it is determined that the graphical object has hit an interior boundary of the target window. The target window is scrolled so long as the graphical object continues to hit the interior boundary. Once the target location is visible in the target window, the graphical object is located at the target location at conclusion of the drag and drop operation. The invention contemplates a graphical user interface in which some target windows are scrollable during a drag and drop operation with a graphical object from a foreign window, while some windows are not. Thus, in a mixed graphical user interface, it must be determined whether the target window is scrollable during a drag and drop operation.