Reauthenticate User

This section provides developers with information on how to reauthenticate a user. Documentation for the REST protocol, as well as code samples for Java, PHP, and cURL, are provided below.

REST

The REST noun (and associated message content) for authenticating a user and creating a new session is as follows:

• Relative Noun: /AuthenticatedSession/$sessionID. This is the relative path of the URL that should appear after the OTIS server application name. The $sessionID variable identifies the authenticated session that is to be reauthenticated. For example:

  https://wag.bandit-project.org/otis/AuthenticatedSession/AB6745EDF9A32BCEAB6745EDF9A32BCE
  

• HTTP Method: PUT.
• Request/Response message details: click here
• Description: Reauthenticates a session. The authentication method and associated authentication materials are provided in the content of the request (see details here). Current authentication methods include:
  • Username/Password
  • Infocard
  • Anonymous
  • SAML Assertion

Java

The following is example Java code that demonstrates how to reauthenticate a user. The user is first authenticated with a username and password:

try
{
    // Get the auth session manager, configuration should be a java.util.Map - see {provide a link here} for documentation on the configuration

    AuthSessionManager AM = new AuthSessionManager(configuration);

    // Get an auth session

    IAuthSession   session = AM.getAuthSession(); 

    // Authenticate using UsernamePassword

    session.authenticate( "urn:bandit-project:otis:authmethod:1.0:usernamePassword",
         UsernamePasswordAuthMethod.getMaterialResponse( "otisTest", "otisTest"));

    ...

    // Later in the code, reauthenticate.  In this case, it will reauthenticate the
    // name and password that were originally authenticated.

    session.reauthenticate();
}
catch (AuthSessionException exception)
{
    System.out.println("AuthSessionException: " + exception);
}

To view the complete Java sample code for Authentication and Roles-based nouns, see the Authentication and Roles Java Sample Code page.

The OTIS client Java library may be downloaded from the OTIS download page.

PHP

The following is PHP example code of how to reauthenticate a user:

$xml = '<otis:Reauthenticate xmlns:otis="http://code.bandit-project.org/schemas/2008/otis" />';
 
$length = strlen( $xml);
$Host = "wag.bandit-project.org";

// Generate the request header using an xml 
$ReqHeader =
"PUT /otis/AuthenticatedSession/" . $sessionID . " HTTP/1.1\n".
"Host: $Host\n".
(($sessionSecret) ? ("SessionSecret: " . $sessionSecret . "\n") : "") .
"Content-Type: application/x-www-form-urlencoded\n".
"Content-Length: $length\n".
"Connection: Close\n\n".
$xml . "\n";

// Open the connection to the host
$socket = fsockopen("wag.bandit-project.org", 80);

// Do the PUT; store in "Result".  "Result" can be looked at to see what the session ID is.
fputs($socket, $ReqHeader);
while (!feof($socket)) 
{
	$tmp = fgets($socket, 128);
        //if the line contains an xml tag, add it
	if(strpos($tmp, ">"))
	{
		$Result .= $tmp;
	}
}

To view the complete PHP sample code for Authentication and Roles-based nouns, see the Authentication and Roles PHP Sample Code page.

cURL

The following sample code authenticates a user by using a username and password. This code includes line continuations that work on Linux.

if [ -e secret.hdr ] ; then secret=`cat secret.hdr` ; else secret="nosecret: none" ; fi
curl -b cookies.txt -H "${secret}" -X PUT \
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\
<otis:Reauthenticate xmlns:otis=\"http://code.bandit-project.org/schemas/2008/otis\">\
</otis:Reauthenticate>" \
https://wag.bandit-project.org/otis/AuthenticatedSession

This assumes you have already set up an authenticated session and are using a cookies.txt file to store/retrieve the otisSessionID cookie and that the session secret has been stored in a file called secret.hdr (See AuthenticateUser for details).

No response body is returned for the Reauthenticate message.