Abstract: A method, computer system, and computer program product for protecting user data while performing third-party account registration. The method may include receiving, from a third party, a request for personal data of a user. The method may request the user to authenticate the request for personal data. In response to receiving from the user the authentication, the method may include providing the third party the personal data of the user. A portion of the personal data of the user that is provided to the third party may be altered and may be mapped to the user. The method may store identifying information about the third party. The method may also include receiving, from the user, a parameter respecting use of the portion of the personal data that is altered. The parameter may limit the third party from obtaining information from the portion of the personal data that is altered.

Abstract: Transaction information management is provided. A request for a transaction identifier is received from a first entity to perform a transaction with a user. Transaction information for the transaction determined with the transaction information including authorized entities and sets of personal information of the user available to each of the authorized entities. The transaction information is stored. The transaction identifier linked to the transaction is generated. The transaction identifier is provided to the first entity.

Abstract: A method, computer system, and computer program product for protecting user data while performing third-party account registration. The method may include receiving, from a third party, a request for personal data of a user. The method may request the user to authenticate the request for personal data. In response to receiving from the user the authentication, the method may include providing the third party the personal data of the user. A portion of the personal data of the user that is provided to the third party may be altered and may be mapped to the user. The method may store identifying information about the third party. The method may also include receiving, from the user, a parameter respecting use of the portion of the personal data that is altered. The parameter may limit the third party from obtaining information from the portion of the personal data that is altered.

Abstract: A method for dynamically assigning a displayable realm name begins upon receipt of an authentication request to an application, such as a web application, being executed by an application server. In response, a determination is made whether an application realm name has been set in a configuration file associated with the application. If not, a custom display property is then evaluated. If the custom display property is set true, a realm name associated with an active authentication mechanism is retrieved and provided for display in an authentication panel. If the custom display property is set false, a default string is provided for display in the authentication panel. In this manner, an application server administrator can control what realm name is displayed to an end user in the event an application developer has not specified the realm name in the application configuration.

Abstract: A method for selectively refreshing group membership for an identifier associated with an authenticated user. The identifier represents an application server security context, and it is generated to enable a user credential associated with the authenticated user to be persisted. Following such authentication, the client is provided with a time-bounded, renewable security token. The method begins by configuring an option whether group membership information is refreshed during renewal of an expired security token. During renewal of an expired security token, the method determines whether the option is set. If so, an attempt is made to refresh information. This attempt performs a set of checks to verify certain conditions. If these checks are valid, the identifier is refreshed and the security token renewed with updated group membership information. If any check is not valid, the identifier is refreshed and the security token renewed with existing information.

Abstract: A method is described for merging security constraints associated with an application when using security annotations. The application comprises one or more servlets, such as a Java servlet. During application deployment, a list of role names is generated by merging static security constraints, for example, identified in a deployment descriptor, and in a static security annotation that defines a list containing the names of authorized roles for a servlet. Later, during application runtime in an application server, security constraints are retrieved from a plurality of sources, including both dynamic and static security annotations. Using the list of role names and the security constraints retrieved, a set of merged security constraints having a defined and proper order of precedence is generated. In particular, preferably one or more dynamic security annotations are first merged with one or more static security annotations to generate a set of runtime constraints.

Abstract: A method for selectively refreshing group membership for an identifier associated with an authenticated user. The identifier represents an application server security context, and it is generated to enable a user credential associated with the authenticated user to be persisted. Following such authentication, the client is provided with a time-bounded, renewable security token. The method begins by configuring an option whether group membership information is refreshed during renewal of an expired security token. During renewal of an expired security token, the method determines whether the option is set. If so, an attempt is made to refresh information. This attempt performs a set of checks to verify certain conditions. If these checks are valid, the identifier is refreshed and the security token renewed with updated group membership information. If any check is not valid, the identifier is refreshed and the security token renewed with existing information.

Abstract: A method is described for merging security constraints associated with an application when using security annotations. The application comprises one or more servlets, such as a Java servlet. During application deployment, a list of role names is generated by merging static security constraints, for example, identified in a deployment descriptor, and in a static security annotation that defines a list containing the names of authorized roles for a servlet. Later, during application runtime in an application server, security constraints are retrieved from a plurality of sources, including both dynamic and static security annotations. Using the list of role names and the security constraints retrieved, a set of merged security constraints having a defined and proper order of precedence is generated. In particular, preferably one or more dynamic security annotations are first merged with one or more static security annotations to generate a set of runtime constraints.

Abstract: A method for dynamically assigning a displayable realm name begins upon receipt of an authentication request to an application, such as a web application, being executed by an application server. In response, a determination is made whether an application realm name has been set in a configuration file associated with the application. If not, a custom display property is then evaluated. If the custom display property is set true, a realm name associated with an active authentication mechanism is retrieved and provided for display in an authentication panel. If the custom display property is set false, a default string is provided for display in the authentication panel. In this manner, an application server administrator can control what realm name is displayed to an end user in the event an application developer has not specified the realm name in the application configuration.

Abstract: A method of and system for implementing dynamic translucent windows in a graphical user interface. Each translucent window has associated therewith a foreground buffer and a background buffer. Whenever a translucent window is updated, the system, starting with the lowest z-order updated translucent window, combines the updated translucent window's foreground and background buffers into a translucent image. If the translucent image is in a clip region, the system displays the portion of the translucent image in the clip region and turns off the update marker. If the translucent image is in a deferred clip region, the system copies the portion of the translucent image in any deferred clip region into the background buffer or buffers of the translucent window or windows that define the deferred clip region and marks the translucent window updated.