JP6364160B2 - Menu control method, menu control apparatus, and menu control program - Google Patents

Description

  The present invention relates to a menu control method, a menu control device, and a menu control program.

  2. Description of the Related Art Conventionally, a technique is known in which an employee outside the company uses an in-house system from the outside using a terminal device such as a smartphone or a tablet terminal. For example, an employee's terminal device accesses an in-house system via a network such as a VPN (Virtual Private Network). Then, when the login to the in-house system is completed, the terminal device displays an available menu screen and uses the in-house system.

“Industry's first! Web business screens for PCs can be used easily and smoothly on smart devices simply by placing a gateway”, [online], [Search July 5, 2013], Internet <URL: http: // pr.fujitsu.com/jp/news/2013/06/18-1.html> “FUJITSU Thin Client Solution Moba Camel for Smart Devices”, [online], [Search July 5, 2013], Internet <URL: http://jp.fujitsu.com/group/fnets/services/ictinfra/m -smartdevice.html>

  However, in the above technique, the displayed menu screen is uniform regardless of the user type, access time, and access location, and is not convenient. Further, since the menu screen is uniform, security is also lowered. Further, even if the menu screen is registered for each user, when the menu screen is changed, the registration work is performed for each user every time, which is complicated.

  An object of one aspect is to provide a menu control method, a menu control device, and a menu control program that can display a highly convenient menu screen.

  In one aspect, a computer performs the process which receives an access request from a terminal device. The computer executes a login process for logging in based on the received access request. The computer executes a process of acquiring access information of the terminal device logged in in the login process. A process in which a computer identifies a menu item to be displayed associated with the access information acquired in the acquisition process with reference to a storage unit that stores the correspondence between the access information and the menu item to be displayed. Run.

  As one aspect of the present invention, a highly convenient menu screen can be displayed.

FIG. 1 is a diagram schematically showing an example of the overall configuration of a thin client gateway system. FIG. 2 is a diagram illustrating an example of a functional configuration of the management server. FIG. 3 is a diagram illustrating an example of a data configuration of the relay server information. FIG. 4 is a diagram illustrating an example of a data configuration of session information. FIG. 5 is a diagram illustrating an example of a system management screen. FIG. 6 is a diagram schematically illustrating an example of a communication flow when establishing a session and transferring an image. FIG. 7 is a flowchart illustrating an exemplary procedure of session management processing. FIG. 8 is a diagram illustrating a computer that executes a session management program. FIG. 9 is a diagram illustrating an example of a functional configuration of the menu display server. FIG. 10 is a diagram illustrating an example of information stored in the authentication information DB. FIG. 11 is a diagram illustrating an example of information stored in the connection destination DB. FIG. 12 is a diagram illustrating an example of information stored in the policy DB. FIG. 13 is a diagram illustrating a specific example of a menu. FIG. 14 is a diagram illustrating an example of a menu screen. FIG. 15 is a diagram illustrating an example of a menu screen. FIG. 16 is a flowchart showing the flow of the menu specifying process. FIG. 17 is a diagram illustrating registration of a connection destination Web. FIG. 18 is a diagram for explaining registration of menu items and policies. FIG. 19 is a diagram illustrating a computer that executes a menu control program.

  Hereinafter, embodiments of a menu control method, a menu control apparatus, and a menu control program disclosed in the present application will be described in detail with reference to the drawings. Note that the present invention is not limited to the embodiments. And each Example can be suitably combined in the range which does not contradict a process content.

[overall structure]
The overall configuration of the thin client gateway system 10 according to the first embodiment will be described. FIG. 1 is a diagram schematically showing an example of the overall configuration of a thin client gateway system. The thin client gateway system 10 is a system that enables access to a secure network from the outside. In the present embodiment, a case will be described as an example in which an in-house Web system 13 provided in an internal network such as a company is accessed from the outside.

  The thin client gateway system 10 includes a management server 20, an image relay server 21, a virtual browser server 22, and a menu display server 70. The management server 20, the image relay server 21, and the virtual browser server 22 are server computers provided in a data center or a company, for example. The image relay server 21 and the virtual browser server 22 can be set to an arbitrary number, and the number corresponding to the maximum number of simultaneous accesses is installed.

  The thin client gateway system 10 is connected to the external network 12 and is accessible from the terminal device 11. Examples of the external network 12 include any communication network such as the Internet, a LAN (Local Area Network), a VPN (Virtual Private Network), and a mobile communication network regardless of wired or wireless.

  The terminal device 11 is a device used by a user to access an internal network. Examples of the terminal device 11 include mobile terminals such as smartphones, tablet terminals, and PDAs (Personal Digital Assistants). The terminal device 11 may be an information processing device such as a desktop PC (personal computer) or a notebook PC. The user accesses the thin client gateway system 10 using the terminal device 11 when using the in-house Web system 13 from the outside. For example, when accessing the in-house Web system 13, the terminal device 11 first accesses the management server 20 and requests assignment of a session to the image relay server 21. In the example of FIG. 1, the case where the number of the terminal devices 11 is two is illustrated, but the disclosed system is not limited to this, and the number of the terminal devices 11 can be an arbitrary number.

  The management server 20 is a physical server that manages a session with the terminal device 11. Here, as will be described later, the image relay server 21 transfers the screen to the terminal device 11, but there is a limit to the number of sessions that can be connected to the terminal device 11 because a load is imposed on processing such as image transfer. Therefore, the management server 20 manages the number of sessions connectable to each image relay server 21. For example, the management server 20 periodically inquires each image relay server 21 about the connection status of the session and manages the currently connected session. When the management server 20 is requested to assign a session from the terminal device 11 to the image relay server 21 and there is an image relay server 21 to which a session can be assigned, the management server 20 displays information regarding the image relay server 21 to which the session can be assigned. To notify. The terminal device 11 accesses the notified image relay server 21.

  The image relay server 21 is a physical server that relays access to the internal network. For example, the image relay server 21 relays access from the terminal device 11 to the in-house Web system 13. When accessed from the terminal device 11, the image relay server 21 accesses the virtual browser server 22 to activate the virtual browser and establishes a session with the terminal device 11 and the virtual browser server 22. The virtual browser server 22 accessed by the image relay server 21 may be associated with the image relay server 21 in advance. The image relay server 21 may collect information indicating the load state of each virtual browser server 22 and access the virtual browser server 22 having a low load. Alternatively, the image relay server 21 may collect information indicating the connection status of each virtual browser server 22 with the image relay server 21 and access the virtual browser server 22 having the smallest number of connections.

  When the session is established, the image relay server 21 transfers information on the screen of the virtual browser operating on the virtual browser server 22 to the terminal device 11 as needed. In addition, the image relay server 21 receives operation information for the virtual browser from the terminal device 11. When receiving the operation information, the image relay server 21 performs an operation based on the operation information with respect to the virtual browser operating on the virtual browser server 22 using, for example, a remote desktop function. Further, when the image relay server 21 receives an inquiry about the connection status of the session from the management server 20, the image relay server 21 returns information regarding the connection status of the connected session to the management server 20.

  The virtual browser server 22 is a physical server that operates the virtual browser. For example, the virtual browser server 22 operates the browser in response to a request from the image relay server 21 using a remote desktop function. Then, the virtual browser server 22 causes the browser to operate as a virtual browser, for example, by transferring the screen of the browser portion to the image relay server 21 using the RemoteApp function. Further, when the session with the image relay server 21 is disconnected, the virtual browser server 22 notifies the management server 20 of the disconnection of the session. For example, in the virtual browser server 22, when the access to the in-house Web system 13 from the terminal device 11 is completed and the virtual browser is terminated, the virtual browser notifies the management server 20 of session disconnection. When the virtual browser is terminated, unlike the virtual browser, a program for monitoring the state of the virtual browser may notify the management server 20 of the disconnection of the session.

  The menu display server 70 is a server that responds a menu screen to the terminal device 11 when receiving an access request from the terminal device 11. For example, the menu display server 70 stores a menu item used by the terminal device 11 and a policy indicating a condition for displaying the menu item in association with each other. And the menu display server 70 extracts the conditions when the terminal device 11 accessed from the access request. Thereafter, the menu display server 70 specifies the menu item to be displayed that is associated with the policy that matches the access condition from the stored menu items. Then, the menu display server 70 responds to the terminal device 11 with the specified menu item to be displayed.

  As described above, the thin client gateway system 10 according to the present embodiment, when access from the terminal device 11 to the in-house Web system 13 is requested, causes the virtual Web browser to access the in-house Web system 13 on behalf of the virtual browser. The screen is transferred to the terminal device 11. That is, the screen of the virtual browser is transferred to the terminal device 11, but the data of the internal network is not transferred. For this reason, the security of the internal network can be maintained. Further, since the data of the internal network is not transferred to the terminal device 11, data leakage can be suppressed.

[Management server configuration]
Next, the configuration of the management server 20 according to the first embodiment will be described. FIG. 2 is a diagram illustrating an example of a functional configuration of the management server. As illustrated in FIG. 2, the management server 20 includes a communication I / F (interface) unit 30, a display unit 31, an input unit 32, a storage unit 33, and a control unit 34.

  The communication I / F unit 30 is an interface that controls communication with other devices. The communication I / F unit 30 transmits / receives various information to / from other devices. For example, the communication I / F unit 30 receives a session assignment request from the terminal device 11 to the image relay server 21 via the external network 12. Further, the communication I / F unit 30 is notified of the disconnection of the session from the virtual browser server 22. As an aspect of the communication I / F unit 30, a network interface card such as a LAN card can be employed.

  The display unit 31 is a display device that displays various types of information. Examples of the display unit 31 include display devices such as an LCD (Liquid Crystal Display) and a CRT (Cathode Ray Tube). The display unit 31 displays various information.

  The input unit 32 is an input device that inputs various types of information. For example, examples of the input unit 32 include input devices such as a mouse and a keyboard. The input unit 32 receives an operation input from an administrator or the like, and inputs operation information indicating the received operation content to the control unit 34.

  The storage unit 33 is a storage device such as a hard disk, an SSD (Solid State Drive), or an optical disk. Note that the storage unit 33 may be a semiconductor memory that can rewrite data, such as a random access memory (RAM), a flash memory, and a non-volatile static random access memory (NVSRAM).

  The storage unit 33 stores an OS (Operating System) executed by the control unit 34 and various programs used for session management. Furthermore, the storage unit 33 stores various data used in the program executed by the control unit 34. For example, the storage unit 33 stores relay server information 40 and session information 41.

  The relay server information 40 is data that stores information related to the image relay server 21. FIG. 3 is a diagram illustrating an example of a data configuration of the relay server information. As illustrated in FIG. 3, the relay server information 40 includes items of “server name”, “IP address”, and “session upper limit”. The server name item is an area for storing the computer name of the image relay server 21 as identification information for identifying the image relay server 21. The IP address item is an area for storing the IP (Internet Protocol) address of the image relay server 21. The session upper limit item is an area for storing an upper limit value of the number of sessions connectable to the image relay server 21.

  In the example of FIG. 3, the image relay server 21 whose server name is “RVEC_A” indicates that the IP address is “192.168.20.185” and the session upper limit is “10”.

  The session information 41 is data that stores information related to a session managed by the management server 20. FIG. 4 is a diagram illustrating an example of a data configuration of session information. As shown in FIG. 4, the session information 41 includes “session ID”, “connection date / time”, “login ID”, “state”, “connection source IP address”, “image relay SV”, “virtual browser SV”, It has each item of "cutting date". In addition to these, a terminal ID for identifying the terminal device 11 may be included.

  The item of session ID is an area for storing identification information for identifying a session. Each session is given a unique session ID by combining numbers and characters as identification information for identifying each. In the session ID item, a session ID assigned to the session is stored. The item of connection date and time is an area for storing the date and time when connection of the session is started. In this embodiment, the date and time when the session allocation request is received from the terminal device 11 is stored in the connection date and time item. The login ID item is an area for storing the user ID of the user of the terminal device 11. In this embodiment, when requesting session assignment, user authentication is first performed by inputting a user ID and password. The login ID field stores a user ID input by user authentication. The status item is an area for storing the session status. In this embodiment, connected, connected, released, and abnormal are used as the session state. The connected state indicates that a session is allocated but a session is not established. The connection state indicates that a session is established and image transfer is possible. The releasing state indicates that the session is being released. The abnormal state indicates that the session cannot be released and an abnormality has occurred. The status item is updated as needed according to the session status. The connection source IP address field is an area for storing the IP address of the terminal device 11 that has requested session assignment. The item of image relay SV is an area for storing the IP address of the image relay server 21 connected by the session. The item of the virtual browser SV is an area for storing the IP address of the virtual browser server 22 connected by the session. The item of disconnection date / time is an area for storing the date / time when session disconnection is started. The disconnect date / time item is left blank while the session is connected, and the date / time is set when the session is disconnected.

  In the example of FIG. 4, the session with the session ID “0001” has the connection date and time “2013/10/10 20:30:40”, the login ID “A”, and the status “connected”. It shows that there is. The session with the session ID “0001” indicates that the connection source IP address is “10.53.147.137” and the image relay SV is “192.168.20.185”. Also, the session with the session ID “0001” has the virtual browser SV “192.168.20.181” and the disconnection date / time is blank, so the session disconnection is not started and the session is connected. Indicates that it is inside.

  Returning to FIG. 2, the control unit 34 is a device that controls the management server 20. As the control unit 34, an electronic circuit such as a central processing unit (CPU) or a micro processing unit (MPU), or an integrated circuit such as an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA) can be employed. The control unit 34 has an internal memory for storing programs defining various processing procedures and control data, and executes various processes using these. The control unit 34 functions as various processing units by operating various programs. For example, the control unit 34 includes a reception unit 50, an allocation unit 51, a management unit 52, and a release unit 53.

  The receiving unit 50 receives various types of information. For example, the reception unit 50 receives a session allocation request from the terminal device 11 to the image relay server 21.

  The assignment unit 51 assigns a session to the image relay server 21. For example, when the allocation unit 51 receives a session allocation request from the reception unit 50, the allocation unit 51 generates a new session ID. Further, the allocating unit 51 obtains the number of sessions in use and scheduled to be used for each image relay server 21. For example, based on the session information 41, the number of sessions whose state is not released is determined for each image relay server 21. In the present embodiment, the allocating unit 51 obtains the number of sessions whose status is either connected, connected, or abnormal for each image relay server 21. The session whose state is connected is a session that is assigned to the image relay server 21 and establishes communication from now on. A session whose state is connection is a session in use after communication is established. A session in an abnormal state is a session that cannot be released for some reason and remains. For this reason, in this embodiment, the number of sessions in which the state is connected, connected, or abnormal is obtained as the number of sessions in use or scheduled to be used.

  The allocating unit 51 identifies the image relay server 21 whose number of sessions has not reached the session upper limit stored in the relay server information 40. When there is no image relay server 21 whose number of sessions has not reached the session upper limit, the allocating unit 51 notifies the terminal device 11 that the number of sessions is not available and cannot be connected.

  When there is an image relay server 21 in which the number of sessions has not reached the session upper limit, the allocating unit 51 determines the image relay server 21 to be connected from among the image relay servers 21. The method for determining the image relay server 21 to be connected may be any method. For example, the allocating unit 51 may determine the image relay server 21 having the smallest number of sessions as the connection target image relay server 21 from the image relay servers 21 having the number of sessions less than the session upper limit. For example, the allocating unit 51 may determine the image relay server 21 having the largest number of sessions as the image relay server 21 to be connected from the image relay servers 21 having the number of sessions less than the session upper limit. That is, the allocating unit 51 may operate the image relay server 21 in a concentrated manner with the image relay server 21 having a large number of sessions as a connection target until the number of sessions reaches the session upper limit.

  The assignment unit 51 notifies the terminal device 11 that has requested assignment of the session ID and the IP address of the connection target image relay server 21.

  The terminal device 11 performs access by notifying the notified session ID to the image relay server 21 of the notified IP address. As a result, the image relay server 21 establishes a session with the terminal device 11 and the virtual browser server 22 and transfers information on the screen of the virtual browser operating on the virtual browser server 22 to the terminal device 11 as needed.

  The allocating unit 51 registers a record storing information related to the session allocated to the session information 41. For example, the assigning unit 51 sets the session ID as a new session ID, the connection date and time as the current date and time, the login ID as the user ID of the requesting user, the state as being connected, and the connection source IP address as the requesting source IP address. A record having the IP address of the terminal device 11 is registered.

  The management unit 52 manages the state of the session currently connected to each image relay server 21. For example, the management unit 52 periodically inquires each image relay server 21 about the connection status of the session. The period for inquiring the connection status is, for example, a value ranging from several seconds to several minutes, but may be set from the outside by an administrator or the like.

  When the image relay server 21 receives an inquiry about the connection status of the session from the management server 20, the image relay server 21 replies to the management server 20 with information regarding the currently connected session. For example, the image relay server 21 replies to the management server 20 with the session ID of the session being connected and the IP address of the virtual browser being connected in the session. In this way, the image relay server 21 replies information regarding the currently connected session to the management server 20. For example, when the connection from the terminal device 11 is terminated and the session is released, information regarding the released session is provided. Is not notified to the management server 20.

  The management unit 52 updates the session information 41 according to the answer from the image relay server 21. For example, the management unit 52 registers the virtual browser IP address of the session for which the session ID is notified in the session information 41. In addition, the management unit 52 updates the state of the session information 41 of the session for which the session ID is notified to connection. In addition, the management unit 52 deletes from the session information 41 the record of the session for which the session ID is no longer notified. As a result, when the connection from the terminal device 11 is terminated and released, the session ID is not notified from the image relay server 21, and the session record is deleted from the session information 41.

  In addition, the management unit 52 displays the state of the session currently connected to each image relay server 21 on the screen so that the administrator can check it. For example, when a predetermined operation is performed, the management unit 52 displays a system management screen for confirming the session state. The management unit 52 may receive an operation from another management terminal device connected to the management server 20 and display a system management screen on the terminal device, or may receive an operation from the input unit 32 and display it. The unit 31 may display a system management screen.

  FIG. 5 is a diagram illustrating an example of a system management screen. The system management screen 60 has a display area 61 for displaying various information related to a session for each session. In the example of FIG. 5, session connection date and time, login ID, state, connection source IP address, image relay SV, and virtual browser SV are displayed in the display area 61. The system management screen 60 is provided with a disconnect button 62 for instructing disconnection of a session for each session.

  Returning to FIG. 2, the release unit 53 releases the session. For example, when the disconnect button 62 is selected on the system management screen 60, the release unit 53 instructs the image relay server 21 connected by the session instructed to disconnect to disconnect the session instructed to disconnect. . Then, the release unit 53 updates the state of the session information 41 of the session instructed to be disconnected while being released, and stores the current date and time in the date and time of disconnection.

  On the other hand, in the virtual browser server 22, when the access to the in-house Web system 13 from the terminal device 11 is completed and the virtual browser is terminated, the virtual browser notifies the management server 20 of session disconnection. For example, the management server 20 is notified of the session ID of the session to be disconnected.

  When the disconnection of the session is notified, the release unit 53 updates the state of the session information 41 of the session notified of the disconnection while releasing, and stores the current date and time in the disconnection date.

[Communication flow]
Next, an example of a communication flow when the thin client gateway system 10 according to the present embodiment establishes a session and transfers an image will be described. FIG. 6 is a diagram schematically illustrating an example of a communication flow when establishing a session and transferring an image.

  When accessing the in-house Web system 13, the terminal device 11 accesses the management server 20 and requests assignment of a session to the image relay server 21 (FIG. 6 (1)).

  The management server 20 periodically inquires the connection status of the session to the image relay server 21, and manages the currently connected session by the session information 41 based on the answer to the inquiry (FIG. 6 (2) (3)). .

  When the management server 20 is requested to allocate a session from the terminal device 11 to the image relay server 21, the management server 20 notifies the terminal device 11 that is the allocation request source of the session ID and the IP address of the allocated image relay server 21 (FIG. 6 (4)).

  The terminal device 11 performs access by notifying the notified session ID to the image relay server 21 of the notified IP address ((5) in FIG. 6). The image relay server 21 accesses the virtual browser server 22 to establish a session ((6) in FIG. 6). The virtual browser server 22 activates the virtual browser and accesses the in-house Web system 13 by access from the image relay server 21 (FIGS. 6 (7) and (8)).

  The image relay server 21 acquires information on the screen of the virtual browser operating on the virtual browser server 22 (FIG. 6 (9)), and transfers the information on the screen of the virtual browser to the terminal device 11 as needed (FIG. 6 (10)). )).

  In the virtual browser server 22, when the access to the in-house Web system 13 from the terminal device 11 is completed and the virtual browser is terminated, the virtual browser notifies the management server 20 of disconnection of the session ((11) in FIG. 6).

  When the session disconnection is notified from the virtual browser server 22 in this manner, the management server 20 releases the session assignment (FIG. 6 (12)). For example, the management server 20 updates the state of the session information 41 of the session for which the disconnection has been notified during release. Then, the management server 20 instructs the image relay server 21 connected by the session notified of disconnection to release the session notified of disconnection (FIG. 6 (13)).

  Thus, the management server 20 according to the present embodiment releases the session assignment when the session disconnection is notified. As a result, the management server 20 can effectively use the connectable session because the session notified of disconnection is released earlier.

[Process flow]
Next, a flow of session management processing in which the management server 20 according to the present embodiment manages a session will be described. FIG. 7 is a flowchart illustrating an exemplary procedure of session management processing. This session management process is executed, for example, at a timing when a request for assigning a session from the terminal device 11 to the image relay server 21 is received.

  As shown in FIG. 7, the assigning unit 51 generates a new session ID (S10). Also, the allocating unit 51 determines the connection target image relay server 21 based on the session information 41 and the relay server information 40 (S11). The allocating unit 51 returns the session ID and the IP address of the connection target image relay server 21 as connection destination information to the terminal device 11 that is the allocation request source (S12). The allocating unit 51 registers a record storing information related to the session allocated by the session ID in the session information 41 (S13).

  The management unit 52 periodically inquires each image relay server 21 about the connection status of the session, and determines whether or not the session is established within a predetermined time (S14). If the session is not established within the predetermined time (No at S14), the process is terminated assuming that the session establishment has failed.

  On the other hand, when the session is established within the predetermined time (Yes in S14), the management unit 52 updates the state of the session information 41 of the session in which the session is established to connection (S15).

  The release unit 53 determines whether a session disconnection is notified from the virtual browser (S16). When the disconnection of the session is notified (Yes at S16), the release unit 53 updates the state of the session information 41 of the session notified of the disconnection while releasing (S17), and proceeds to S21 described later.

  On the other hand, when the session disconnection is not notified (No in S16), the release unit 53 determines whether any session disconnection is instructed on the system management screen 60 (S18). If session disconnection is not instructed (No at S18), the process proceeds to S16 described above. When the session disconnection is instructed (Yes in S18), the release unit 53 instructs the image relay server 21 connected by the session instructed to disconnect to disconnect the session instructed to disconnect (S19). . The release unit 53 updates the state of the session information 41 of the session instructed to be disconnected during release (S20).

  The management unit 52 periodically inquires the connection status of the session to each image relay server 21 (S21), and determines whether or not the session updated while releasing the state is released (S22). If the session is released (Yes at S22), the record of the session information 41 of the released session is deleted, and the process ends.

  On the other hand, when the session has not been released (No at S22), the management unit 52 determines whether or not a certain time required for releasing the session has elapsed since the state was updated during release (S23). If the predetermined time has not elapsed (No at S23), the process proceeds to S21 described above.

  On the other hand, when the predetermined time has elapsed (Yes in S23), the management unit 52 abnormally updates the state of the session information 41 of the session that is not released (S24). The release unit 53 instructs the image relay server 21 having a session with an abnormal state to release the session with an abnormal state (S25). The management unit 52 deletes the record of the session information 41 of the session whose state is abnormal (S26), and ends the process.

  The management server 20 allocates a session to the image relay server 21 when a session allocation to the image relay server 21 that manages the session is requested. Further, the management server 20 periodically inquires the connection status of the session to the image relay server 21 and manages the currently connected session. When the management server 20 is notified of information indicating that the session is disconnected from the virtual browser operating in the connected session, the management server 20 releases the allocation of the session. As a result, the management server 20 can immediately assign the session notified of the disconnection next, so that the connectable session can be effectively used.

  In addition, when the release of the session is instructed from the system management screen 60 for managing the session, the management server 20 manages the state of the session to be released as being released. This releasing session is a session to be released. Since the management server 20 manages a session that has not been released yet but is being released as being released, it can be allocated to the next session allocation request, so that a connectable session can be used effectively.

  When the released session remains in the image relay server 21, the management server 20 instructs the image relay server 21 to release the session. As a result, the management server 20 can release a session that has been released if it remains in the image relay server 21, so that a connectable session can be used effectively.

  Next, the management server 20 can execute various processes. Therefore, various different forms will be described.

  For example, in the thin client gateway system 10 described above, the case where the screen of the in-house Web system 13 is transferred by a virtual browser has been described, but the disclosed system is not limited thereto. For example, a PC screen used by the user in the company may be transferred.

  In the thin client gateway system 10 described above, the case where the image relay server 21 and the virtual browser server 22 are different physical servers has been described, but the disclosed apparatus is not limited thereto. For example, the same physical server may serve as the image relay server 21 and the virtual browser server 22. Any of the management server 20, the image relay server 21, and the virtual browser server 22 may be a virtual machine. For example, one or a plurality of VMs (Virtual Machines) may be operated on a physical server, and the VM may function as the management server 20, the image relay server 21, and the virtual browser server 22.

  Further, in the thin client gateway system 10 described above, a case has been described in which a session instructed to be released from the system management screen 60 and a session in which disconnection is notified from the virtual browser server 22 are managed as being released. The apparatus is not limited to this. For example, a record of a session instructed to be released from the system management screen 60 and a session in which disconnection is notified from the virtual browser server 22 may be deleted from the session information 41.

  Further, each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated. In other words, the specific state of distribution / integration of each device is not limited to the one shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured. For example, the processing units of the reception unit 50, the allocation unit 51, the management unit 52, and the release unit 53 of the management server 20 may be appropriately integrated. Further, the processing of each processing unit may be appropriately separated into a plurality of processing units. Further, all or any part of each processing function performed in each processing unit can be realized by a CPU and a program analyzed and executed by the CPU, or can be realized as hardware by wired logic. .

[Session management program]
The various processes described in the thin client gateway system 10 can also be realized by executing a program prepared in advance on a computer system such as a personal computer or a workstation. Therefore, in the following, an example of a computer system that executes a program having the same function as that of the thin client gateway system 10 will be described. FIG. 8 is a diagram illustrating a computer that executes a session management program.

  As illustrated in FIG. 8, the computer 300 includes a central processing unit (CPU) 310, a hard disk drive (HDD) 320, and a random access memory (RAM) 340. These units 310 to 340 are connected via a bus 400.

  The HDD 320 stores in advance a session management program 320a that exhibits the same functions as the reception unit 50, the allocation unit 51, the management unit 52, and the release unit 53 of the management server 20 described above. Note that the session management program 320a may be separated as appropriate.

  The HDD 320 stores various information. For example, the HDD 320 stores various data used for various controls including OS and session management.

  Then, the CPU 310 reads out and executes the session management program 320a from the HDD 320, thereby executing the same operation as each processing unit of the thin client gateway system 10. That is, the session management program 320a performs the same operations as the reception unit 50, the allocation unit 51, the management unit 52, and the release unit 53.

  Note that the session management program 320a is not necessarily stored in the HDD 320 from the beginning.

  For example, the program is stored in a “portable physical medium” such as a flexible disk (FD), a CD-ROM, a DVD disk, a magneto-optical disk, or an IC card inserted into the computer 300. Then, the computer 300 may read and execute the program from these.

  Furthermore, the program is stored in “another computer (or server)” connected to the computer 300 via a public line, the Internet, a LAN, a WAN, or the like. Then, the computer 300 may read and execute the program from these.

  Next, the menu display server shown in FIG. 1 will be specifically described. Here, the configuration of the menu display server, the flow of processing, and the like will be described.

[Menu display server configuration]
FIG. 9 is a diagram illustrating an example of a functional configuration of the menu display server. As illustrated in FIG. 9, the menu display server 70 includes a communication I / F unit 71, a display unit 72, an input unit 73, a storage unit 74, and a control unit 80.

  The communication I / F unit 71 is an interface that controls communication with other devices. The communication I / F unit 71 transmits / receives various information to / from other devices. For example, the communication I / F unit 71 receives a login request from the terminal device 11 via VPN or the like. Further, the communication I / F unit 71 transmits the login ID to the management server 20 and receives the IP address of the terminal device 11 having the corresponding login ID. In addition, the communication I / F unit 71 transmits a menu screen to the terminal device 11. As an aspect of the communication I / F unit 71, a network interface card such as a LAN card can be employed.

  The display unit 72 is a display device that displays various types of information. Examples of the display unit 72 include a display device such as an LCD. The input unit 73 is an input device that inputs various types of information. For example, examples of the input unit 73 include input devices such as a mouse and a keyboard. The input unit 73 receives an operation input from an administrator or the like, and inputs operation information indicating the received operation content to the control unit 80.

  The storage unit 74 is a storage device such as a hard disk, SSD, or optical disk. Note that the storage unit 74 may be a semiconductor memory that can rewrite data, such as a RAM, a flash memory, and an NVSRAM.

  The storage unit 74 also stores an OS executed by the control unit 80, various programs used for menu display control, and various data used by programs executed by the control unit 80. The storage unit 74 stores an authentication information DB 75, a connection destination DB 76, and a policy DB 77.

  FIG. 10 is a diagram illustrating an example of information stored in the authentication information DB. The authentication information DB 75 is a database that stores login information of a user who uses the terminal device 11. For example, the authentication information DB 75 stores a login ID for identifying a user, a user name for displaying the logged-in user, a password designated by the user, and a user group to which the user belongs in association with each other.

  The connection destination DB 76 is a database that stores information such as a connection destination Web server to which the terminal device 11 is connected. The Web server stored here is displayed on the menu screen with the designated icon. FIG. 11 is a diagram illustrating an example of information stored in the connection destination DB.

  As illustrated in FIG. 11, the connection destination DB 76 stores “connection destination Web name, authentication cooperation, URL (Uniform Resource Locator) or definition name” in association with each other. The “connection destination Web name” stored here is information indicating the connection destination. This connected Web name corresponds to an icon displayed on the menu screen, that is, a menu item. “Authentication linkage” is an authentication method executed when accessing a Web server or the like designated by the connection destination Web name. For example, SAML (Security Assertion Markup Language) or single sign-on is set. “URL or definition name” is the URL of the Web server corresponding to the connected Web name.

  In the case of FIG. 11, the Web server whose “connection destination Web name” is “aaa” is a server identified by “Cloud Service_Dev” and indicates that it can be used when authentication by SAML is permitted. In addition, a Web server whose “connection destination Web name” is “bbbb” is a server whose URL is “http: // bbbb”, and indicates that it can be used if authentication by the menu display server 70 is permitted.

  The policy DB 77 is a database that stores a menu item used by the terminal device 11 and a policy for displaying the menu item in association with each other. FIG. 12 is a diagram illustrating an example of information stored in the policy DB. As illustrated in FIG. 12, the policy DB 77 stores “state, application order, policy name, user group, target date and time, access source, connection destination Web” in association with each other.

  The “state” stored here is information indicating whether the policy is valid or invalid, and is set by the administrator. “Application order” is an operation button used when changing the application order of policies, and in this example, the priority of policies is assumed to be higher in order from the top. “Policy name” is information for identifying a policy. “User group” is information indicating a group of users permitted to display the menu item. “Target date and time” is information indicating a time zone in which display of the menu item is permitted. “Access source” is information indicating the position information of the terminal device 11 that is permitted to display the menu item. That is, “access source” indicates an IP address that is permitted to display a menu item among IP addresses set in the terminal device 11. “Connection destination Web” is information indicating a connection destination provided to the terminal device 11. A plurality of connection destinations may be set for one policy.

  That is, “user group, target date and time, access source” corresponds to the policy, and “connection destination Web” corresponds to the connection destination. Therefore, when “user group, target date and time, access source” is satisfied, “connection destination Web” is provided to the terminal device 11 as a connection destination.

  For example, the terminal device 11 belonging to the “product development department” logs in during “10 / 10-12 / 30” and the set IP address is “192.168.100.1 to 192.168.100”. .100 ”. In this case, it is determined that the policy name “222” is valid, and “aaa”, “hhhh”, and “gggg” are displayed on the display screen of the terminal device 11 as the names of the menu items.

  Returning to FIG. 9, the control unit 80 is a device that controls the menu display server 70. As the control unit 80, an electronic circuit such as a CPU or MPU, or an integrated circuit such as an ASIC or FPGA can be employed. The control unit 80 has an internal memory for storing programs defining various processing procedures and control data, and executes various processes using these.

  The control unit 80 functions as various processing units by operating various programs. For example, the control unit 80 includes a login authentication unit 81, a condition extraction unit 82, a policy determination unit 83, and a menu response unit 84. The login authentication unit 81 is an example of an authentication unit. The condition extraction unit 82 is an example of an acquisition unit. The policy determination unit 83 is an example of a specifying unit. The menu response unit 84 is an example of a providing unit.

  The login authentication unit 81 is a processing unit that executes a login process for the terminal device 11. Specifically, the login authentication unit 81 displays a login screen on the terminal device 11 when receiving an access request such as a login request from the terminal device 11 that is not logged in. Then, the login authentication unit 81 accepts the login ID and password via the displayed login screen. When the received combination is stored in the authentication information DB 75, the login authentication unit 81 permits login. Deny login. When the login authentication unit 81 permits the login, the login authentication unit 81 notifies the condition extraction unit 82 and the policy determination unit 83 that the login is permitted.

  The condition extraction unit 82 is a processing unit that extracts a condition when the terminal device 11 is accessed from an access request such as a login request. Specifically, when the login request is received by the login authentication unit 81, the condition extraction unit 82 extracts the access condition from the login request.

  For example, the condition extraction unit 82 extracts a login ID, an access time, an access source IP address, and the like from the login request. At this time, the condition extraction unit 82 determines whether the extracted IP address of the access source is not the IP address of the terminal device 11 but the IP address of the virtual browser server 22. For example, the condition extraction unit 82 stores the IP address of the virtual browser server 22 in advance, and determines whether or not the extracted IP address matches the stored IP address.

  Then, when the IP address of the virtual browser server 22 is used, the condition extraction unit 82 determines that the access source has accessed using the remote desktop function of the virtual browser server 22. Then, the condition extraction unit 82 transmits the login ID extracted from the login request to the management server 20. The management server 20 identifies a session from the login ID, refers to the connection source IP address of the identified session, and responds to the condition extraction unit 82 with the IP address set in the terminal device 11 that is the access request source. Here, the example in which the login ID of the user managed by the management server 20 and the login ID of the user managed by the menu display server 70 are shared is described. However, any information that can be managed in common by the management server 20 and the menu display server 70 may be used. For example, information such as the terminal ID of the terminal device 11 or a virtual browser server may be used. For example, when the terminal ID of the terminal device 11 can be specified and the terminal ID of the terminal device 11 connected in the session is stored in the session information 41, the condition extraction unit 82 sets the terminal ID of the terminal device 11 to the management server 20. May be sent to. In this case, the management server 20 identifies the session from the terminal ID, refers to the connection source IP address of the identified session, and responds to the condition extraction unit 82 with the IP address set in the terminal device 11 that is the access request source. .

  Thereafter, the condition extraction unit 82 outputs the extracted login ID, the time of access, and the access source IP address or the access source IP address acquired from the management server 20 to the policy determination unit 83.

  The policy determination unit 83 is a processing unit that determines a policy that matches the access condition of the terminal device 11 from the policies stored in the policy DB 77. Specifically, the policy determination unit 83 determines whether the policies stored in the policy DB 77 match the access conditions in order from the top. That is, the policy determination unit 83 determines in order from the policy with the highest priority. At this time, the policy determination unit 83 may determine a policy whose “state” is “valid” or may determine all of them.

  For example, the policy determination unit 83 acquires “login ID = C”, “time at access = 10/20 12:00”, and “IP address = 192.168.100.50” from the condition extraction unit 82. . Furthermore, the policy determination unit 83 specifies from the login authentication unit 81 or the authentication information DB 75 that the user group to which the logged-in user belongs is the “product development unit”. That is, the policy determination unit 83 specifies that the access condition is “time at access = 10/20 12:00, IP address = 192.168.100.50, user group = product development unit”. .

  Then, the policy determining unit 83 refers to FIG. 12 and determines whether or not the conditions match in the order of the policy names “222”, “223”, “planning and development management unit”, and “1”. Specifically, the policy determination unit 83 determines that the policy name “222” is the target policy because the user group, the target date and time, and the access source of the policy name “222” match the access conditions. In addition, the policy determination unit 83 determines that the policy name “223” is a non-target policy because the user group of the policy name “223” does not match the access condition.

  Further, the policy determination unit 83 determines that the policy name “planning and development management unit” is an out-of-target policy because the state is invalid. Further, the policy determination unit 83 determines that the policy name “1” is the target policy because the user group, the target date and time, and the access source of the policy name “1” match the access conditions. As a result, the policy determination unit 83 outputs the policy names “222” and “1” to the menu response unit 84 as the display target policies.

  The menu response unit 84 responds to the menu item associated with the policy identified as the display target by the policy determination unit 83 using the content stored in the connection destination DB 76 in the terminal device 11 permitted to log in. It is. Specifically, the menu response unit 84 deletes duplicate menu items and responds to the terminal device 11 with menu screens displayed in order from the menu item with the highest priority.

  In the above example, the menu response unit 84 displays the connection destination web “aaaa, hhhh, gggg” associated with the policy name “222” and “aaaa” associated with the policy name “1” as the menu items to be displayed. Identify. Then, the menu response unit 84 deletes one overlapping “aaaa” and displays a menu screen in which an icon corresponding to “aaaa”, an icon corresponding to “hhhh”, and an icon corresponding to “gggg” are sequentially displayed. Generate and respond to the terminal device 11.

  This will be specifically described with reference to FIG. FIG. 13 is a diagram illustrating a specific example of a menu. FIG. 13 shows a list of policies identified as display targets by the policy determination unit 83 and menu items set in the policies. In the case of FIG. 13, the menu response unit 84 first displays “menu (8), menu (4), menu (3), menu (1)” associated with the policy A having the highest priority. Is specified. Subsequently, the menu response unit 84 specifies “menu (5), menu (4), menu (3), menu (1)” ”associated with the policy D with the next highest priority as the display target menu. . Here, since “menu (4), menu (3), menu (1)” has already been specified as the display target, the menu response unit 84 excludes these overlapping menu items from the target.

  Further, the menu response unit 84 displays “menu (6), menu (7), menu (1), menu (2), menu (4)” ”associated with the policy C having the next highest priority. Identify menu items. Here, since “menu (1), menu (4)” has already been specified as a display target, the menu response unit 84 excludes duplicate menu items from the target. Further, the menu response unit 84 specifies “menu (8), menu (4), menu (3), menu (1)” ”associated with the policy E having the next highest priority as the menu item to be displayed. . Since the menu item specified here is already specified as the display target, it is excluded from the display target.

  Furthermore, the menu response unit 84 displays “menu (1), menu (2), menu (3), menu (4), menu (5)” associated with the policy F having the next highest priority. Identify menu items. Since the menu item specified here is already specified as the display target, it is excluded from the display target. Finally, the menu response unit 84 specifies “menu (5), menu (6), menu (11), menu (8)” ”associated with policy B as the menu item to be displayed. Here, the menu response unit 84 excludes “menu (5), menu (6), menu (8)” from the display target because it has already been specified as the display target.

  As a result of the above processing, the menu response unit 84 determines that “menu (8), menu (4), menu (3), menu (1), menu (5), menu (6), menu (7) in descending order of priority. ), Menu (2), menu (11) "are specified as display targets. And the menu response part 84 produces | generates the menu screen in which the specified menu item is displayed in order, and responds to the terminal device 11. As a result, the terminal device 11 can browse a menu screen suitable for the situation at the time of access.

  Here, an example of the menu screen will be described. 14 and 15 show examples of menu screens. As illustrated in FIG. 14, the menu screen generated by the menu response unit 84 includes “notification” on which notification information from an administrator or the like is displayed and the identified “menu”. Here, as an example, icons of “portal site for staff, OLWeb, sales information management, cloud service, purchase, man-hour management, schedule” are displayed in the “menu” column. This icon corresponds to each connection destination Web described above. In addition, menu items with higher priority are displayed in order from the upper left of the menu. Note that the SSO displayed at the upper right of the menu item indicates that, when the menu item is used, authentication cooperation described later is executed and single sign-on is realized.

  The menu displayed here is dynamically changed according to the access conditions. For example, in FIG. 15, icons of “portal site for staff, order entry system, cloud service, purchasing system” are displayed in the “menu” column. As described above, in FIG. 15, the menu items to be displayed are reduced compared to the state of FIG. This indicates that even for the same user, the displayed menu changes depending on the access state in FIG. 15 and the access state in FIG. 14. In this way, the menu display server 70 can dynamically change the display menu depending on the state at the time of access.

[Process flow]
FIG. 16 is a flowchart showing the flow of the menu specifying process. As illustrated in FIG. 16, when the login authentication unit 81 of the menu display server 70 receives a login request from the terminal device 11 (S101: Yes), the login authentication unit 81 displays a login screen and receives an input of a user ID and a password. Is executed (S102).

  Subsequently, when the login is permitted (S103: Yes), the condition extracting unit 82 extracts the access condition from the login request (S104). Note that the condition extraction unit 82 may extract the access conditions without waiting for the result of the login authentication. When the login is rejected (S103: No), the menu display server 70 ends the process.

  If the access source IP address extracted from the login request is the IP address of the virtual browser server 22 (S105: Yes), the condition extraction unit 82 acquires the IP address set in the terminal device 11 from the management server 20 (S106). Specifically, the condition extraction unit 82 transmits the login ID extracted from the login request to the management server 20, and acquires the IP address of the terminal device 11 associated with the login ID.

  The condition extracting unit 82 executes S106 when the access source IP address extracted from the login request is not the IP address of the virtual browser server 22 but the IP address of the terminal device 11 itself (S105: No). S107 is executed.

  Thereafter, the policy determination unit 83 selects one policy from the information stored in the policy DB 77, and determines whether it is a display target (S107). Specifically, the policy determination unit 83 determines whether or not the display condition set as the policy matches the access condition. Here, the policy determination unit 83 notifies the menu response unit 84 of the policy that matches the access condition.

  If there is an undetermined policy for each policy stored in the policy DB 77 (S108: Yes), the policy determination unit 83 repeats S107. When the determination by the policy determination unit 83 regarding whether or not each policy stored in the policy DB 77 is a display target is completed (S108: No), S109 is executed.

  Specifically, the menu response unit 84 rearranges the menu items associated with the policy identified as the display target in descending order of priority, and further deletes duplicate menu items (S109). Thereafter, the menu response unit 84 generates a menu screen on which the menu items to be displayed are displayed, and responds to the terminal device 11 (S110).

  In this way, the menu display server 70 manages each menu item in association with the policy, and responds to the terminal device 11 with a menu item associated with the policy that matches the condition when the terminal device 11 has accessed. Can do. Therefore, the menu display server 70 can dynamically change the display menu according to the conditions at the time of user access. As a result, a highly convenient menu screen can be displayed.

  In addition, since the menu display server 70 can incorporate not only the individual user of the terminal device 11 but also the department to which the user belongs, the conditions can be dynamically changed for each group. As a result, the menu display server 70 can easily change the display menu according to the policy without changing the setting for the individual employee even when the employee is changed, so that the management complexity can be reduced.

  In addition, since the menu display server 70 can change the menu items to be displayed depending on the access time and IP address, security can be kept high. For example, the menu display server 70 can limit access to important services by time or can be limited by position information such as an IP address. Furthermore, access to important services can be limited not only by the time at the time of access but also by dividing the time and position for each group, so that improvement in security can be expected.

  The menu display server can execute various processes in addition to the first embodiment. In the second embodiment, various different embodiments other than the first embodiment will be described.

(Registering the connection destination web)
The menu display server 70 can update the connection destination Web by an operation of an administrator or the like. FIG. 17 is a diagram illustrating registration of a connection destination Web. When the menu display server 70 receives an operation for requesting registration of a connection destination Web from an administrator or the like via the input unit 73, the menu display server 70 displays the management screen illustrated in FIG. 17 on the display unit 72.

  As illustrated in FIG. 17, the menu display server 70 receives an input of “connection destination Web name, icon image, authentication cooperation, URL”. The “connection destination Web name” is an item for setting the name of a menu item to be newly registered, and the “icon image” is an item for setting an icon displayed as a menu item. “Authentication linkage” is an item for setting an authentication method when using a connection destination corresponding to the menu item, and “URL” is an item for setting the URL of the menu item.

  As described above, the administrator can update the connection destination Web, that is, the menu item at any time on the screen shown in FIG. Although the new registration has been described here, the present invention is not limited to this, and the connection destination Web can be deleted or updated on the management screen.

(Register policy)
The menu display server 70 can update the policy by an operation of an administrator or the like. FIG. 18 is a diagram for explaining registration of menu items and policies. When the menu display server 70 receives an operation for requesting policy registration from the administrator or the like via the input unit 73, the menu display server 70 displays the management screen shown in FIG. 18 on the display unit 72.

  As shown in FIG. 18, the menu display server 70 displays “policy name, user group, date / time: month / day (range designation), date / time: time (range designation), date / time: day of week, access source (range designation), connection “Menu, connection destination web setting” input is accepted.

  The “policy name” is an item for setting a name of a policy to be newly registered, and the “user group” is an item for setting a group permitted to be displayed. “Date / time: month / day (range specification)” is an item for setting the range of the month and day for which display is permitted, and “date / time: time (range specification)” is an item for setting the time zone for which display is permitted. “Date and time: day of week” is an item for setting a day of the week for which display is permitted.

  “Access source (range designation)” is an item for setting a range of IP addresses permitted to be displayed, and “Connection menu” is an item for setting whether to enable or disable the policy. The “connection destination web setting” is an item for selecting a connection destination web, and is an item for setting a menu item associated with the policy. As a selection candidate of “connection destination web setting”, “connection destination web name” of “connection destination web” registered in FIG. 17 is displayed.

  As described above, the administrator can update the association between the policy and the menu item at any time on the screen shown in FIG. Although the new registration has been described here, the present invention is not limited to this, and the deletion and update of the policy and the associated menu item can also be executed on the management screen.

(Authentication)
Further, the terminal device 11 can access a Web server or the like specified by the menu item by selecting a menu item on the menu screen received from the menu display server 70. At this time, the terminal device 11 executes the authentication collaboration that is set when the authentication collaboration is set for the selected menu item.

  That is, when accessing the Web server or the like specified by the selected menu item, the terminal device 11 can access the Web server when the authentication method is executed by the SAML or the like and permitted. In this way, not only login authentication but also authentication can be executed on the Web server side, and a plurality of authentications can be arbitrarily executed according to the security level, so that the security level can be maintained high.

(Conditions for access)
In the above embodiment, the case where the user group, the time, and the access source are used as the policy or the access condition has been described. However, the present invention is not limited thereto. For example, any one or two or more may be used, and other information other than these may be used.

(system)
Further, each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated. In other words, the specific state of distribution / integration of each device is not limited to the one shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured. Further, the processing of each processing unit may be appropriately separated into a plurality of processing units. Further, all or any part of each processing function performed in each processing unit can be realized by a CPU and a program analyzed and executed by the CPU, or can be realized as hardware by wired logic. .

(program)
The various processes described in the above embodiments can also be realized by executing a program prepared in advance on a computer system such as a personal computer or a workstation. Therefore, in the following, an example of a computer system that executes a program having the same function as in the above embodiment will be described. FIG. 19 is a diagram illustrating a computer that executes a menu control program.

  As illustrated in FIG. 19, the computer 600 includes a CPU 610, an HDD (Hard Disk Drive) 620, and a RAM 640. These units 610 to 640 are connected via a bus 700.

  The HDD 620 stores in advance a menu control program 620a that performs the same functions as the login authentication unit 81, the condition extraction unit 82, the policy determination unit 83, and the menu response unit 84 of the menu display server 70. Note that the menu control program 620a may be separated as appropriate.

  The HDD 620 stores various information. For example, the HDD 620 stores the OS and various DBs shown in FIG.

  The CPU 610 reads the menu control program 620a from the HDD 620 and executes it, thereby executing the same operation as each processing unit of the embodiment. That is, the menu control program 620a performs the same operations as the login authentication unit 81, the condition extraction unit 82, the policy determination unit 83, and the menu response unit 84. The menu control program 620a is not necessarily stored in the HDD 620 from the beginning.

  For example, the program is stored in a “portable physical medium” such as a flexible disk (FD), a CD-ROM, a DVD disk, a magneto-optical disk, or an IC card inserted into the computer 600. Then, the computer 600 may read the program from these and execute it.

  Furthermore, the program is stored in “another computer (or server)” connected to the computer 600 via a public line, the Internet, a LAN, a WAN, or the like. Then, the computer 600 may read the program from these and execute it.

DESCRIPTION OF SYMBOLS 10 System 11 Terminal apparatus 12 External network 13 In-house Web system 20 Management server 21 Image relay server 22 Virtual browser server 30 Communication I / F part 31 Display part 32 Input part 33 Storage part 34 Control part 40 Relay server information 41 Session information 50 Reception Unit 51 Allocation unit 52 Management unit 53 Release unit 60 System management screen 70 Menu display server 71 Communication I / F unit 72 Display unit 73 Input unit 74 Storage unit 75 Authentication information DB
76 Connection DB
77 Policy DB
80 Control Unit 81 Login Authentication Unit 82 Condition Extraction Unit 83 Policy Determination Unit 84 Menu Response Unit

Claims (7)

To the computer that manages the relay between the internal system and the external device ,
A process of receiving an access request from a terminal device;
A login process for logging in based on the received access request;
An allocation process for allocating the terminal device to the image relay server according to the login process;
Session information processing for starting management of session information generated by the allocation process;
An establishment process for causing the image relay server to establish a session between the image relay server and the virtual browser server using the session information;
The session information processing manages a session between the terminal device logged in by the login process , the image relay server, and the virtual browser server based on information obtained by the assignment process and the establishment process. A process of acquiring login information obtained in the access environment of the terminal device and the login process according to the managed session information ;
A plurality of correspondence relationships associated with the access environment and the login information acquired in the acquisition processing with reference to a storage unit that stores a plurality of correspondence relationships in which an access environment and menu items to be displayed are associated Processing to identify
The display target menu associated with the corresponding relationship is specified as the display target so that the display menu is not displayed in order from the highest priority corresponding relationship among the plurality of identified relationships, and the specified order is A process of providing a menu to be displayed to the terminal device;
A menu control program for executing The process to obtain is
Based on the login information obtained in the login process, extract at least one of the group to which it belongs, the address information of the access request source, and the time information at the time of the access request,
The process to specify is
A display target menu item associated with the extracted information is specified from a policy read from a policy DB that stores a correspondence relationship between an access condition and a display target item stored in the storage unit. The menu control program according to claim 1. The process to obtain is
Extract the address information of the access request source that performed the login process,
Compare the extracted address information with the address information of the virtual device that provides the information to the terminal device,
If the extracted address information is the address information of the virtual device, obtain the set address information set in the terminal device from the management device that manages the connection of the terminal device,
The process to specify is
The menu control program according to claim 1 or 2, wherein the menu item to be displayed is specified using setting address information and the login information . The provided process is:
According to the presence or absence of authentication cooperation of the connection destination information registered in the specified display target menu item, changing the display of the menu item,
When a connection to a connection destination for which authentication cooperation is set is requested from the terminal device, a process for executing user authentication based on the authentication method set in the connection destination information is executed based on the login information. The menu control program according to claim 2. In the menu control device that manages the relay between the internal system and the external device,
A receiving unit for receiving an access request from the terminal device;
An authentication unit for executing a login process for performing login based on the access request received by the receiving unit;
An assigning unit that assigns the terminal device to the image relay server in accordance with the login process;
A session information processing unit that starts managing session information generated by the assigning unit;
An establishment unit that causes the image relay server to establish a session between the image relay server and the virtual browser server using the session information;
The session information processing unit manages a session between the terminal device logged in by the pre-authentication unit , the image relay server, and the virtual browser server based on information obtained by the allocating unit and the establishing unit. And, by the managed session information, an acquisition unit that acquires the access environment of the terminal device and login information obtained in the login process ,
A plurality of correspondence relationships associated with the access environment and the login information acquired by the acquisition unit are referred to with reference to a storage unit that stores a plurality of correspondence relationships in which an access environment and menu items to be displayed are associated with each other. A specific part to identify;
The display target menu associated with the corresponding relationship is specified as the display target so that the display menu is not repeatedly displayed in order from the higher priority correspondence among the plurality of corresponding relationships specified by the specifying unit, and specified. A providing unit that provides a menu to be displayed to the terminal device in the order in which they are displayed;
A menu control device comprising: A computer that manages the relay between the internal system and the external device
A process of receiving an access request from a terminal device;
A login process for logging in based on the received access request;
An allocation process for allocating the terminal device to the image relay server according to the login process;
Session information processing for starting management of session information generated by the allocation process;
An establishment process for causing the image relay server to establish a session between the image relay server and the virtual browser server using the session information;
The session information processing manages a session between the terminal device logged in by the login process , the image relay server, and the virtual browser server based on information obtained by the assignment process and the establishment process. A process of acquiring login information obtained in the access environment of the terminal device and the login process according to the managed session information ;
A plurality of correspondence relationships associated with the access environment and the login information acquired in the acquisition processing with reference to a storage unit that stores a plurality of correspondence relationships in which an access environment and menu items to be displayed are associated Processing to identify
The display target menu associated with the corresponding relationship is specified as the display target so that the display menu is not displayed in order from the highest priority corresponding relationship among the plurality of identified relationships, and the specified order is A process of providing a menu to be displayed to the terminal device;
A menu control method comprising: To the computer that manages the relay between the internal system and the external device ,
In a state in which a gateway system for relaying said internal systems and the external apparatus and an image relay server and the management server manages the session information of the session that the management server is connected to the internal system, the image relay server A process of receiving an access request from a terminal device that accesses the in-house system from outside using a virtual browser of the virtual server that is accessed and started and requests execution of the thin client system;
A login process for logging in based on the received access request;
An allocation process for allocating the terminal device to the image relay server according to the login process;
Session information processing for starting management of session information generated by the allocation process;
An establishment process for causing the image relay server to establish a session between the image relay server and the virtual browser server using the session information;
The session information processing manages a session between the terminal device logged in by the login process , the image relay server, and the virtual browser server based on information obtained by the assignment process and the establishment process. A process of acquiring login information obtained in the access environment of the terminal device and the login process according to the managed session information ;
When the address information included in the acquired access environment matches the address information of the virtual server stored in advance, a process of acquiring the address information of the terminal device based on the session information from the management server;
A plurality of correspondences associated with the access environment and the login information with reference to a storage unit that stores a plurality of correspondences in which an access environment including address information of the terminal device is associated with menu items to be displayed The process of identifying the relationship;
The display target menu associated with the corresponding relationship is specified as the display target so that the display menu is not displayed in order from the highest priority corresponding relationship among the plurality of identified relationships, and the specified order is A process of providing a menu to be displayed to the terminal device;
A menu control program for executing

Images