JP2007140854A - Image forming apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent performance degradation with respect to an access to a Web page due to overlapping of authentication logs or authentication performed several times. <P>SOLUTION: When a request is accepted from a client PC at S1, a current time of day A at the time of accepting the request is acquired at S2; a last access time of day B is acquired at S3; a valid duration (valid time) C is acquired at S4; and when a time after the last access time of day B is subtracted by the current time of day A is equal to the valid duration (valid time) C or shorter at S5, a valid duration decision is OK (within the valid duration) at S6 and an access time of day is updated at S7 to complete the processing. On the other hand, when B-A > C at S5, the valid duration decision becomes NG at S8, expired stored authentication information is deleted from an authentication information storage part at S9 to complete the processing. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an image forming apparatus including a facsimile machine, a copying machine, and a printer capable of exchanging data with the outside via a network.

Conventionally, in a Web system that restricts access to a Web page, authentication is performed every time a request to the Web page is received. This is because the ID password (ID Password) specified at the time of login does not always remain valid when an arbitrary page is accessed.
It also includes an authentication server shared by multiple different applications that provide services using the WWW, and the authentication server authenticates the user at the request of the application, and if the authentication is successful, the authentication is successful. It is determined whether or not the authentication ID related to the user is already stored in the authentication database that stores the authentication ID and the usage status information of the user in association with each other. There has been a system for notifying an application that has requested user authentication of user usage status information associated with an ID (see, for example, Patent Document 1).
JP 2003-233545 A

However, if multiple requests occur in one operation, or if the validity of the ID password is guaranteed, authentication for each request may not be required. In such a case, multiple authentications are required. If this is done, there is a problem that the performance for accessing the Web page deteriorates.
The present invention has been made in view of the above points, and it is an object of the present invention to prevent performance degradation due to duplication of authentication logs and Web page access due to multiple authentications.

In order to achieve the above object, the present invention provides the following image forming apparatus.
(1) Authentication is performed every time a request for a web page is received, and in an image forming apparatus that controls the screen according to the authentication result, an authentication information storage unit that stores authentication information acquired at the time of authentication, and the web page An image forming apparatus provided with means for reusing the authentication information stored in the authentication information storage means and sharing the authentication information among a plurality of requests when the next request is received.
(2) In the image forming apparatus of (1), an effective period is set for the stored authentication information in the authentication information storage unit, and the stored authentication information that has passed the effective period is deleted from the authentication information storage unit. An image forming apparatus provided with means for performing.

(3) In the image forming apparatus of (1), a valid number is set for the stored authentication information in the authentication information storage unit, and the stored authentication information used from the authentication information storage unit to the valid number is stored. An image forming apparatus provided with means for deleting.
(4) The image forming apparatus according to (1), further comprising means for restricting the range of shared use of authentication information stored in the authentication information storage means in association with the URL of the Web page.
(5) The image forming apparatus according to (4), wherein a means for dynamically registering or deleting the association of the URL that restricts the range to be shared is provided when a request is received.
(6) In the image forming apparatus of (4), there is provided means for deleting stored authentication information in the authentication information storage means when a request for a Web page other than a URL that restricts the range of shared use is received. Image forming apparatus.

  The image forming apparatus according to the present invention can prevent performance degradation due to duplication of authentication logs and Web page access due to multiple authentications.

Hereinafter, the best mode for carrying out the present invention will be specifically described with reference to the drawings.
〔Example〕
FIG. 1 is a block diagram showing the configuration of a system including an image forming apparatus according to an embodiment of the present invention.
This system includes an image forming apparatus 1 including a facsimile machine, a copier, and a printer, and a client PC 8 and an external authentication server 9 that can exchange data with the image forming apparatus 1 via a network 7.
The image forming apparatus 1 includes a web system 2, an authentication information management data storage unit 3, an authentication information storage unit 4, an authentication system 5, and a user data storage unit 6 that are realized by a microcomputer including a CPU, a ROM, and a RAM. Become.

The Web system 2 includes an authentication information management unit 11, a screen control unit 12, and an authentication unit 13. The authentication information management unit 11 includes an authentication information management data acquisition unit 14, an authentication information management data registration unit 15, and an authentication. The authentication information management data storage area of the authentication information management data storage unit is accessed by the information management data deletion unit 16, and the authentication information in the authentication information storage unit 4 is accessed by the authentication information acquisition unit 17, the authentication information registration unit 18, and the authentication information deletion unit 19. Access the storage area.
The authentication system 5 is either user data held in the user data storage unit 6 inside the image forming apparatus 1 or is held in the user data storage unit 10 outside the image forming apparatus 1 by communicating with the external authentication server 9. Authentication processing is performed using user data.
The client PC 8 displays and operates the Web system 2 via the network 7. Usually, since a plurality of client PCs 8 can be used simultaneously, the authentication information is stored in units of sessions.

FIG. 2 is a block diagram showing a functional configuration of the image forming apparatus 1 shown in FIG.
The image forming apparatus 1 includes an application layer 20, a platform layer 21, and an engine unit 22.
The GW-API interface (I / F) 23 is an interface provided by the platform layer 21 for the application layer 20, and the engine interface (I / F) 24 is an interface between the platform layer 21 and the engine unit 22.
The application layer 20 is a software group that performs individual processing in the image forming apparatus 1, and includes a copy application 30 that is a copy application, a fax application 31 that is a fax application, and a printer. A printer application 32 that is a network application, and a net file (NetFile) application 33 that is a network file application for exchanging files via a network.

  The web application 34 is a group of applications that perform web services based on the HTTP protocol. A web system application 35 that uses a browser to view the state of the device, configure network settings of the device, and the like, and a net file application 33 A web dock box application 36 that performs document collection and document management using a browser, and a GPS web (GPS-web) application 37 that displays a job history (spool status) of the printer, etc. And a fax-web application 38 that can view fax initial settings and fax communication management reports (communication history) in a tabular format.

  On the other hand, the platform layer 21 is a software group that provides a common service function to each application of the application layer 20 via the GW-API interface 23, and is divided into a service layer 25 and an OS layer 26.

  The service layer 25 includes a system control service (SCS) 40 having a plurality of functions such as application management, operation unit control, system screen display, LED display, resource management, and interrupt control, and an API for a fax function. Control service (FAC Control Service: FCS) 41, an engine control service (ECS) 42 that controls the engine unit 22, and a memory control service (MCS) that performs memory control 43 is included.

In addition, the operation panel control service (OCS) 44 that controls the operation unit (operation panel) that serves as an interface with the operator (operator) is common to applications that require network input / output. A network control service (Network Control Service: NCS) 45 that provides usable services and a user control service (User Control Service) 46 that manages and controls user information are included.
The OS layer 26 includes LPUX 47.
On the other hand, the engine unit 22 includes a plotter engine 48, a scanner engine 49, and an engine control board 50 that controls these engines.

FIG. 3 is a block diagram showing a module configuration of the web system application of the image forming apparatus 1 shown in FIG.
The Web application 34 is an HTTP daemon (httpd) that distributes HTTP requests received via the network 7 from a client PC 8 that is an HTTP client such as a Web browser and returns processing results (HTML, XML, TEXT) in the Web application. 60 (part of the functions of the NCS 45), and includes a web application library 61 and a web page library 62, which are web application development frameworks that provide various common functions.

  In addition, a web page handler 63 that performs web page operations, a web page function 64 that performs specific processing related to web page display, and processing result data are described in XML. A type library 65 that performs data conversion and serialization, an XML (extensible Markup Language) library 66 that interprets and describes XML, and an XSLT (XSLTransformations) processor 67 that converts processing results described in XML into HTML descriptions Also included.

Here, the web page handler 63 and the web page function 64 constitute a processing function for realizing a web page. The web page function 64 communicates with each module including the SCS 40, the NCS 45, and the UCS 46 via the GW-API interface 23 when executing the processing.
Further, the web application 34, the web application library 61, and the web page library 62 are integrated to substantially constitute a web application.
Furthermore, serializing in the type library 65 is to describe the processing result notified from the web page function 64 in XML.

FIG. 4 is a diagram showing an example of authentication information management data stored in the authentication information management data storage unit 3 shown in FIG.
As the authentication information management data, the URL of the Web page, the shared use range restricted URL list, the validity period (valid time, minutes) of the authentication information, and the number of validity (times) are set, and the shared use of the authentication information is controlled. Used for.
This data content can be set in advance at the time of program construction, or can be registered dynamically at the time of program execution.

FIG. 5 is a diagram illustrating an example of authentication information and authentication information attribute value data stored in the authentication information storage unit 4 illustrated in FIG. 1.
The authentication information storage unit 4 manages authentication information, authentication information remaining effective time (minutes), and authentication information remaining effective times (times) using a session identification ID (SessionID: SesID) assigned for each session as a key. ing.

FIG. 6 is a diagram illustrating a sequence when a frame configuration acquisition request is received, which is an example in which one operation in the image forming apparatus illustrated in FIG. 1 generates a plurality of requests.
First, the screens constituting the frames are the frames A and B, and the URLs of the frames A and B are registered in advance in the shared use range restricted URL list that restricts the shared use. In addition, the effective number of shared use is set to 2 times.
In the case of a user request frame configuration acquisition request from the client PC 8, the authentication unit 13 instructs the authentication information management unit 11 to acquire authentication information management data. When the authentication information management unit 11 refers to the authentication information management data in the authentication information management data storage unit 3 by the authentication information management data acquisition unit 14 and confirms that no authentication information is stored in the authentication information storage unit 4, the authentication unit 13 Notify

Based on the notification that the authentication information is not stored in the authentication information storage unit 4, the authentication unit 13 determines that authentication is necessary, and requests the authentication system 5 to perform authentication.
The authentication system 5 performs authentication using the user data storage unit 6 or the external authentication server 9 based on the authentication request from the authentication unit 13, and sends authentication information obtained as a result of the authentication to the authentication unit 13.
When the authentication unit 13 acquires the authentication information from the authentication system 5, the authentication information management unit 11 instructs the authentication information management unit 11 to register authentication information. The authentication information management unit 11 uses the authentication information registration unit 18 to acquire the authentication information acquired from the authentication unit 13 as the authentication information. Store in the storage unit 4. After the registration, the authentication unit 13 dispatches the authentication information to the screen control unit 12 and sends the same authentication information. The screen control unit 12 makes a frame structure of the web page according to the acquired authentication information and responds the web page to the client PC 8.

Next, in the case of a frame A request automatically requested by the client PC 8 from the frame configuration response, the authentication unit 13 instructs the authentication information management unit 11 to acquire authentication information management data. When the authentication information management unit 11 refers to the authentication information management data in the authentication information management data storage unit 3 by the authentication information management data acquisition unit 14 and confirms that the authentication information is stored in the authentication information storage unit 4, the authentication unit 13 Notify
Based on the notification that the authentication information is stored in the authentication information storage unit 4, the authentication unit 13 has registered a URL that matches the shared use range restricted URL list. Then, the authentication information management unit 11 is instructed to acquire authentication information, and the authentication information management unit 11 acquires authentication information from the authentication information storage unit 4 by the authentication information acquisition unit 17 and sends it to the authentication unit 13.

The authentication unit 13 dispatches authentication information to the screen control unit 12 and sends the authentication information. The screen control unit 12 responds to the client PC 8 with the frame A of the web page according to the acquired authentication information.
Subsequently, in the case of a frame B request automatically requested by the client PC 8 from the frame configuration response, the authentication unit 13 instructs the authentication information management unit 11 to acquire authentication information management data. When the authentication information management unit 11 refers to the authentication information management data in the authentication information management data storage unit 3 by the authentication information management data acquisition unit 14 and confirms that the authentication information is stored in the authentication information storage unit 4, the authentication unit 13 Notify

Based on the notification that the authentication information is stored in the authentication information storage unit 4, the authentication unit 13 has registered a URL that matches the shared use range restricted URL list. To do. As described above, similarly to the frame A, since the URL that matches the shared use range restricted URL list is registered, it is determined that the authentication is unnecessary.
The authentication unit 13 instructs the authentication information management unit 11 to acquire authentication information, and the authentication information management unit 11 acquires authentication information from the authentication information storage unit 4 by the authentication information acquisition unit 17 and sends the authentication information to the authentication unit 13.
The authentication unit 13 dispatches authentication information to the screen control unit 12 and sends the authentication information. The screen control unit 12 responds to the client PC 8 with the frame A of the web page according to the acquired authentication information. Thereafter, the authentication unit 13 instructs the authentication information management unit 11 to delete the authentication information, and the authentication information management unit 11 deletes the authentication information in the authentication information storage unit 4 by the authentication information deletion unit 19.

As described above, since the number of times the authentication information is used is two times set in advance, the stored authentication information is deleted after being passed to the screen control unit.
Accordingly, since the authentication information does not exist inside the image forming apparatus 1 when the display of the frame configuration is completed, there is no risk of leakage of the authentication information.
In addition, when the authentication system 5 outputs a log each time authentication is performed, the authentication process is performed only once, so that only one log is output. Performance degradation can be prevented.

FIG. 7 is a diagram showing a sequence for automatically jumping by assigning screen transition destinations according to a processing result as an example in which one operation in the image forming apparatus shown in FIG. 1 generates a plurality of requests. Description of the parts common to FIG. 6 is omitted.
Here, since the URL for shared use is determined at the time of execution, the jump destination URL is not registered in the shared use range restricted URL list.
First, in the case of a setting process request from the client PC 8, since authentication information is not stored in the authentication information storage unit 4, the authentication unit 13 determines that authentication is necessary, and authentication obtained as a result of authentication with the authentication system 5. After storing the information in the authentication information storage unit 4, the information is transferred to the screen control unit 12.

The screen control unit 12 determines the next jump (transition) destination based on the result of the setting process, and instructs the authentication information management unit 11 to register authentication information management data. The authentication information management unit 11 registers the jump destination URL in the authentication information management data storage unit 3 by the authentication information management data registration unit 15 in the URL. Thereafter, the screen control unit 12 transmits a jump response to the client PC 8.
Next, in the case of a jump request automatically requested by the client PC 8, since a URL that matches the URL list is registered, it is determined that authentication is not necessary, and the authentication system 5 is stored without requesting authentication. The completed authentication information is passed to the screen control unit 12.
Thereafter, when an arbitrary screen acquisition request is requested by the user, the URL that matches the URL list is not registered, and thus the authentication system 5 is requested for authentication after deleting the authentication information.

In this way, even if a jump request is suppressed by a malicious user and an unexpected request is requested, the authentication information has already been deleted, so there is no risk of leakage of the authentication information.
Further, since the authentication log output for each operation is realized in the same manner as when the frame configuration is requested (FIG. 4), it is possible to prevent the performance degradation with respect to the access to the Web page.
Since authentication information can be shared and used in this way, unnecessary authentication processing can be suppressed.

FIG. 8 is a flowchart showing processing for deleting authentication information whose validity period has expired.
When the authentication unit 13 receives a request from the client PC in step (indicated by “S” in FIG. 1), the authentication unit 13 acquires the current time A when the request is received in step 2, acquires the final access time B in step 3, In step 4, an effective period (effective time) C is acquired. In step 5, the time of last access time B-current time A is calculated, and the time of last access time B-current time A is less than the effective period (effective time) C. If B−A ≦ C, it is within the valid period set for the stored authentication information, so that the valid period determination is OK (within the valid period) in step 6, and in step 7. The access time is updated, and this process ends.
On the other hand, if B-A> C in step 5, the valid period set for the stored authentication information has been exceeded, so the validity period is determined to be NG (exceeded the valid period) in step 8, and the authentication information in step 9 The stored authentication information whose validity period has passed is deleted from the storage unit, and this process is terminated.

FIG. 9 is a flowchart showing another example of processing for deleting authentication information whose validity period has expired.
By a thread for determining the validity period of the authentication information prepared in the authentication unit 13, 1 is subtracted from the validity period of the authentication information every minute in step (indicated by “S” in the figure) 11 to obtain the validity remaining period in the recognition information. It is memorized, and it is determined whether or not the effective period is 1 or more at Step 12, and if it is 1 or more, the process is put to sleep for 1 minute, the process returns to Step 11 and the above process is repeated, and the effective period is determined to be 0 at Step 12 Then, it is determined that the valid period set for the stored authentication information has been exceeded, and in step 14, the stored authentication information whose valid period has expired is deleted from the authentication information storage unit, and this process ends.

FIG. 10 is a flowchart showing another example of processing for deleting authentication information whose validity period has passed.
When receiving the first request from the client PC 8, the authentication unit 13 subtracts 1 every minute from the validity period of the authentication information management data in the authentication information management data storage unit 3 and remains in the recognition information in the authentication information storage unit 4. Remember the period.
Thereafter, when a request from the client PC is received in step (indicated by “S” in the figure) 21, the effective remaining period of the authentication information is acquired from the authentication information storage unit in step 22, and the effective remaining period is 1 or more in step 23. Determine whether or not.
If it is determined in step 23 that it is 1 or more, it is determined that the validity period set for the stored authentication information is not exceeded, the validity period determination is OK in step 24, and the validity remaining period of the authentication information storage unit is determined in step 25. It resets and updates to an initial value (valid period of authentication information management data), and ends this processing.

On the other hand, if it is determined in step 23 that the remaining effective period is 0, it is determined that the effective period set for the stored authentication information has been exceeded, the effective period determination is NG in step 26, and the authentication information storage unit is determined in step 27. The stored authentication information that has passed the validity period is deleted, and this process is terminated.
In this way, the valid time is set for the stored authentication information in the authentication information storage unit, the remaining validity period of the authentication information is determined when the request is received, and the valid time is subtracted from the request time to the Web page to become zero. In this case, the stored authentication information whose valid time becomes 0 is deleted from the authentication information storage unit.

When the processing shown in FIG. 9 and the processing shown in FIG. 10 are combined in the above-described validity period determination processing, unlike the processing shown in FIG. The validity period can be normally determined even when the is changed.
In this way, it is possible to reduce the risk of authentication information leakage by setting an expiration date for authentication information to be shared.

FIG. 11 is a flowchart illustrating processing for deleting authentication information that has been used a valid number of times.
When the authentication unit 13 receives the first request from the client PC 8, the authentication unit 13 subtracts one time from the valid number (valid number attribute value) of the authentication information management data in the authentication information management data storage unit 3 to recognize information in the authentication information storage unit 4. The effective remaining number is stored in.
Thereafter, when a request from the client PC is received at step (indicated by “S”) 31, the remaining effective number of authentication information is acquired from the authentication information storage unit at step 32, and the remaining effective number is 1 or more at step 33. Determine whether or not.
If it is determined in step 33 that the number is 1 or more, it is determined that the number of valid times set for the stored authentication information is not exceeded, the number of valid times is determined to be OK in step 34, and the number of valid remaining times in the authentication information storage unit is determined in step Reset to update to the initial value (valid number of authentication information management data), and the process ends.

On the other hand, if it is determined in step 33 that the number of remaining effective times is 0, it is determined that the number of effective times set for the stored authentication information has been completed, the number of effective times is determined to be NG in step 36, and authentication information is stored in step 37. The stored authentication information that has passed the valid count is deleted from the section, and this process is terminated.
In this way, the effective number is set for the stored authentication information in the authentication information storage unit, and when the request is accepted, the effective number of the authentication information is decremented by 1 every time the authentication information is shared and used, and is effective from the request to the Web page. When the number of times is subtracted to be 0, the stored authentication information whose effective number is 0 is deleted from the authentication information storage unit.
Thus, the risk of authentication information leakage can be reduced by setting the effective number of times for the authentication information to be shared and used.

FIG. 12 is a flowchart showing processing for deleting authentication information when the range of authentication information sharing and use is limited in association with the URL of the Web page.
In this process, URLs of web pages that are permitted to be shared are stored in advance in the authentication information management data storage unit as a shared use range restricted URL list. When a web page request is received, the URL of the requested web page is shared and used. It is determined whether or not it is included in the range-restricted URL list. If it is not included, it is determined that the shared use is NG, and the authentication information is deleted.
When the authentication unit 13 receives a request from the client PC in step (indicated by “S”) 41, the authentication unit 13 acquires the URL (A) of the web page requested in step 42, and in step 43 authentication information management data The shared use range restricted URL list (B) is acquired from the storage unit, and it is determined whether or not the URL (A) of the web page requested in step 44 is included in the shared use range restricted URL list (B).

If it is determined that the URL is included in step 44, it is determined that the URL of the requested web page can be shared, and in step 45, the shared usage range restriction URL determination is OK, and this process ends.
On the other hand, if it is determined in step 44 that the URL (A) of the requested web page is not included in the shared use range restricted URL list (B), it is determined that the requested web page URL is not shared, and step In 46, the shared use range restricted URL determination is NG. In step 47, the authentication information for the URL request not included in the shared use range restricted URL is deleted from the authentication information storage unit, and this process is terminated.
In this way, it is possible to limit the range in which authentication information stored in the authentication information storage unit is shared and used in association with the URL of the Web page.

FIG. 13 is a flowchart illustrating processing for determining whether or not authentication is required for determining whether or not shared use of authentication information is possible.
In this process, when there is stored authentication information and the determination of the valid period, the valid count, and the shared use range restriction URL described above is all OK, it is determined that authentication is not necessary (shared use is possible).
When the authentication unit 13 receives a request from the client PC in step 51 (indicated by “S” in the figure), the authentication information existence determination process determines whether the authentication information has been stored in the authentication information storage unit in step 52. If there is stored authentication information, a shared use range restriction URL determination process is executed to determine whether the shared use range restriction URL determination is OK or not in step 53. In 54, an effective period determination process is performed to determine whether the effective period determination is OK or NG. If the effective period determination is OK, an effective number determination process is performed in step 55 to determine whether the effective number determination is OK or NG. If the determination is OK, it is determined in step 56 that the authentication information can be shared and used and authentication is not required, and this process is terminated.

  On the other hand, when it is determined in step 52 that the authentication information is not stored in the authentication information storage unit, when it is determined as NG in the shared use range restriction URL determination process in step 53, it is determined as NG in the validity period determination process in step 54. When it is determined that it is NG in the effective number determination process of step 55, it is determined that authentication is required in step 57, the authentication to the authentication system is requested, and this process ends.

In this way, by providing means for limiting the range of shared use, it is possible to control the case of performing authentication and the case of using shared authentication information.
In addition, by providing means for dynamically registering and deleting information that restricts the scope of shared use, it is possible to control the authentication case and the shared use case of authentication information according to the conditions at the time of execution. become.
Furthermore, the risk of leakage of authentication information can be reduced by deleting the authentication information when an unexpected request is received.

  The image forming apparatus according to the present invention can be applied not only to an image forming apparatus including a facsimile machine, a copying machine, and a printer, but also to all devices capable of exchanging data with the outside via a network.

1 is a block diagram illustrating a configuration of a system including an image forming apparatus according to an embodiment of the present invention. FIG. 2 is a block diagram illustrating a functional configuration of the image forming apparatus 1 illustrated in FIG. 1. FIG. 2 is a block diagram illustrating a module configuration of a web system application of the image forming apparatus 1 illustrated in FIG. 1. It is a figure which shows an example of the authentication information management data memorize | stored in the authentication information management data memory | storage part shown in FIG.

It is a figure which shows an example of the authentication information memorize | stored in the authentication information storage part 4 shown in FIG. 1, and the data of an authentication information attribute value. FIG. 2 is a diagram illustrating a sequence when a frame configuration acquisition request is received, which is an example in which one operation in the image forming apparatus illustrated in FIG. 1 generates a plurality of requests. FIG. 2 is a diagram illustrating a sequence when an image jump is automatically made by assigning screen transition destinations according to a processing result which is an example in which one operation in the image forming apparatus shown in FIG. 1 generates a plurality of requests.

It is a flowchart figure which shows the process which deletes the authentication information which passed the valid period by the authentication part shown in FIG. It is a flowchart figure which shows the other process example which deletes the authentication information which passed the valid period by the authentication part shown in FIG. It is a flowchart figure which shows the other process example which deletes the authentication information which passed the valid period by the authentication part shown in FIG.

It is a flowchart figure which shows the process which deletes the authentication information used by effective number by the authentication part shown in FIG. It is a flowchart figure which shows the process which deletes authentication information when the authentication part shown in FIG. 1 is linked | related with URL of the web page, and the range which shares and uses authentication information is restrict | limited. It is a flowchart figure which shows the process which determines the necessity of authentication for determining the sharing use of authentication information by the authentication part shown in FIG.

Explanation of symbols

1: Image forming apparatus 2: Web system 3: Authentication information management data storage unit 4: Authentication information storage unit 5: Authentication system 6, 10: User data storage unit 7: Network 8: Client PC 9: External authentication server 11: Authentication Information management unit 12: Screen control unit 13: Authentication unit 14: Authentication information management data acquisition unit 15: Authentication information management data registration unit 16: Authentication information management data deletion unit 17: Authentication information acquisition unit 18: Authentication information registration unit 19: Authentication information deletion unit 20: Application layer 21: Platform layer 22: Engine unit 23: GW-API interface (I / F) 24: Engine interface (I / F) 25: Service layer 26: OS layer 30: Copy Application 31: Fax (FAX) application 32: Printer application Application 33: Net file application 34: Web application 35: Web system application 36: Web dockbox application 37: GPS-web application 38: Fax web (Fax-web) application 40: System Control Service (SCS) 41: Fax Control Service (FCS) 42: Engine Control Service (ECS) 43: Memory Control Service (Memory Control MC) 44: Operation panel control service (OCS 45): Network control service (Network Control Service: NCS) 46: User control service (UCS) 47: LPUX 48: Scanner plotter engine 49: Engine control board 60: HTTP daemon (httpd) 61: Web application library 62: Web page library 63: Web page handler 64: Web page function 65: Type library 66: XML (EX ensibleMarkupLanguage) library 67: XSLT (XSLTransformations) processor

Claims (6)

In an image forming apparatus that performs authentication every time a request for a web page is received and controls the screen according to the authentication result,
Authentication information storage means for storing authentication information acquired at the time of authentication, and authentication information stored in the authentication information storage means at the time of accepting a next request to the Web page, and authentication information between a plurality of requests. An image forming apparatus provided with means for shared use.   2. A means for setting a valid period for stored authentication information in the authentication information storage means and deleting stored authentication information that has passed the valid period from the authentication information storage means. The image forming apparatus described.   A means for setting a valid number for stored authentication information in the authentication information storage means and deleting stored authentication information used up to the valid number from the authentication information storage means is provided. The image forming apparatus according to 1.   2. The image forming apparatus according to claim 1, further comprising means for restricting a range in which authentication information stored in the authentication information storage means is shared and used in association with a URL of the Web page.   5. The image forming apparatus according to claim 4, further comprising means for dynamically registering or deleting the association of the URL that limits the shared use range when a request is received. 5. The image forming apparatus according to claim 4, further comprising means for deleting authentication information stored in the authentication information storage means when a request for a Web page other than a URL that limits the shared use range is received. .

Images