Abstract: A method, apparatus and computer program product provide mechanisms for improved error handling in workflow management systems. An example of the method includes receiving a first content item in an electronic workflow management system, the first content item comprising an electronic document and a set of document metadata, validating the first content item to determine that an error exists within the first content item, the validation performed according to a set of validation rules, in response to determining that an error exists within the first content item, identifying the first content item as an erroneous content item, determining error metadata associated with the first content item, generating a packaged erroneous content item comprising the first content item and the error metadata, and processing the packaged erroneous content item by a workflow engine of the electronic workflow management system.

Abstract: A method, apparatus and computer program product provide an application server implementing configurable security models. An example of the method includes receiving a first access request from a first client application, determining a first client identifier for the first client application based at least in part on the first access request, using the first client identifier to identify one or more first security models associated with the first client application from a database, the database comprising a plurality of client identifiers and a plurality of indications of security models associated with each of the plurality of client identifiers, executing an application instance providing functionality in accordance with the one or more first security models, and processing the first access request using the application instance.

Abstract: Embodiments are disclosed for managing interactions between a server application and an external environment while limiting an attack surface of the server application. An example method includes receiving, by communications circuitry of a gateway integration server (GIS) and from a source device in the external environment, a message including an application programming interface (API) call. The example method further includes evaluating, by authentication circuitry of the GIS, whether the API call is authorized. If so, the example method further includes generating, by response circuitry of the GIS, a response to the API call, and transmitting, by the communications circuitry of the GIS and to the source device, the response to the API call. However, if not, the example method includes transmitting, by the communications circuitry of the GIS, an error message to the source device. Corresponding apparatuses and computer program products are also provided.

Abstract: Embodiments are disclosed for limiting an attack surface of a server application by enforcing integrity of a message transmitted to the server application. An example method includes receiving, by communications circuitry of a receiving system hosting the server application, a message including specific message content and a token. The example method further includes determining, by authentication circuitry of the receiving system and using the specific message content, whether the token comprises a valid message integrity secure token. If the token comprises a valid message integrity secure token, the example method further includes performing, by response circuitry of the receiving system, an operation in response to the message. If not, the method may include generating, by the authentication circuitry of the receiving system, an error message. Corresponding apparatuses and computer program products are also provided.

Abstract: Embodiments are disclosed for limiting an attack surface of a server application by enforcing integrity of a message transmitted to the server application. An example method includes receiving, by communications circuitry of a receiving system hosting the server application, a message including specific message content and a token. The example method further includes determining, by authentication circuitry of the receiving system and using the specific message content, whether the token comprises a valid message integrity secure token. If the token comprises a valid message integrity secure token, the example method further includes performing, by response circuitry of the receiving system, an operation in response to the message. If not, the method may include generating, by the authentication circuitry of the receiving system, an error message. Corresponding apparatuses and computer program products are also provided.

Abstract: Embodiments are disclosed for managing interactions between a server application and an external environment while limiting an attack surface of the server application. An example method includes receiving, by communications circuitry of a gateway integration server (GIS) and from a source device in the external environment, a message including an application programming interface (API) call. The example method further includes evaluating, by authentication circuitry of the GIS, whether the API call is authorized. If so, the example method further includes generating, by response circuitry of the GIS, a response to the API call, and transmitting, by the communications circuitry of the GIS and to the source device, the response to the API call. However, if not, the example method includes transmitting, by the communications circuitry of the GIS, an error message to the source device. Corresponding apparatuses and computer program products are also provided.

Abstract: A method, apparatus and computer program product are provided for implementing a location-based records access system. An example of the method includes providing, in a browser sandbox environment executing on a processor, a client interface for interacting with a records server, receiving an indication of an occurrence of an event within the client interface, the indication comprising electronic data sufficient to identify a particular protocol handler application, executing the particular protocol handler application outside of the browser sandbox environment, wherein executing the particular protocol handler application results in execution of a listener, performing a call, by the client interface, to the listener to request a device identifier from the listener, receiving, by the client interface, the device identifier from the listener; and transmitting the device identifier to the records server.

Abstract: A method, apparatus and computer program product provide an application server implementing configurable security models. An example of the method includes receiving a first access request from a first client application, determining a first client identifier for the first client application based at least in part on the first access request, using the first client identifier to identify one or more first security models associated with the first client application from a database, the database comprising a plurality of client identifiers and a plurality of indications of security models associated with each of the plurality of client identifiers, executing an application instance providing functionality in accordance with the one or more first security models, and processing the first access request using the application instance.

Abstract: A method, apparatus and computer program product provide mechanisms for improved error handling in workflow management systems. An example of the method includes receiving a first content item in an electronic workflow management system, the first content item comprising an electronic document and a set of document metadata, validating the first content item to determine that an error exists within the first content item, the validation performed according to a set of validation rules, in response to determining that an error exists within the first content item, identifying the first content item as an erroneous content item, determining error metadata associated with the first content item, generating a packaged erroneous content item comprising the first content item and the error metadata, and processing the packaged erroneous content item by a workflow engine of the electronic workflow management system.

Abstract: A method, apparatus and computer program product are provided for implementing a location-based records access system. An example of the method includes providing, in a browser sandbox environment executing on a processor, a client interface for interacting with a records server, receiving an indication of an occurrence of an event within the client interface, the indication comprising electronic data sufficient to identify a particular protocol handler application, executing the particular protocol handler application outside of the browser sandbox environment, wherein executing the particular protocol handler application results in execution of a listener, performing a call, by the client interface, to the listener to request a device identifier from the listener, receiving, by the client interface, the device identifier from the listener; and transmitting the device identifier to the records server.