Get Active Roles
This section provides developers with information on how to view which roles are currently active for a user. Documentation for the REST protocol, as well as code samples for Java, PHP, and cURL, are provided below.
REST
The REST noun (and associated message content) for viewing the active roles of an authenticated session is as follows:
- Relative Noun: AuthenticatedSession/$sessionID/ActiveRoles[/$roleID] . This is the relative path of the URL that should appear after the OTIS server application name. For example:
this URL queries all of the active roles of the specified session:
AuthenticatedSession/78BD660E0E5F673378BD660E0E5F6733/ActiveRoles
this URL queries whether the Admin role is currently active for the specified session:
AuthenticatedSession/78BD660E0E5F673378BD660E0E5F6733/ActiveRoles/Admin
- HTTP Method: GET.
- Request/Response message details: details.
- Description: Queries the currently active roles in the authenticated session specified by the $sessionID variable. If the $roleID variable is specified, this is an "is in role" query to determine if the specified role is currently active for the session.
Java
The following is example Java code that demonstrates how to view which roles are currently active for a user:
// Returns an iterator, which goes through every role that the session has.
Iterator activeRoles = session.getActiveRoles();
// While the iterator contains objects that the session has.
while(activeRoles.hasNext())
{
// Make a new IRole from the next item in the iterator.
IRole role = (IRole)activeRoles.next();
// Make another iterator from the first role in the role Iterator. This new iterator contains the properties.
Iterator properties = role.getRoleProperties();
// While that "properties" iterator contains values.
while(properties.hasNext())
{
// Print out the properties.
System.out.print(properties.next().toString() + " ");
}
//New line.
System.out.print("\n");
}
To view the complete Java sample code for Authentication and Roles-based nouns, see the Authentication and Roles Java Sample Code page.
The OTIS client Java library may be downloaded from the OTIS download page.
PHP
The following is example PHP code that demonstrates how to view which roles are currently active for a user:
//The Host is the IdP provider (e.g. wag.bandit-project.org). The URI is the noun that represents the authenticated session.
function showActiveRoles($Host, $secret, $URI){
//Get the xml that contains the assumable roles. Store it in "content".
$getHeader =
"GET $URI/ActiveRoles HTTP/1.1\n".
"Host: $Host\n".
(($secret) ? ("SessionSecret: " . $secret . "\n") : "") .
"Connection: Close\n\n";
$socket = fsockopen($Host, 80);
fputs($socket, $getHeader);
$content = "";
while (!feof($socket))
{
$tmp = fgets($socket, 128);
if(strpos($tmp, ">"))
{
$content .= $tmp;
}
}
//NOTE: This section of the code goes through each tag of the xml file
// and prints out each role individually. If you just want
// the xml, all you need to do is print out "$content".
//-----------------------------------------------------------------------------------
//Load the Active Roles xml.
$responseDoc = new DOMDocument();
if ($responseDoc->loadXML( $content) == FALSE)
{
echo ERROR;
}
$sessionElement = $responseDoc->documentElement;
$childNode = $sessionElement->firstChild;
//Parse each node.
while ($childNode)
{
if ($childNode->nodeName != "otis:RoleList")
{
$childNode = $childNode->nextSibling;
}
else
{
$roleElement = $childNode->firstChild;
while ($roleElement)
{
//If the node is a role, parse it.
if ($roleElement->nodeName == "otis:Role")
{
$strRoleID = null;
$role = array();
$propertyElement = $roleElement->firstChild;
while ($propertyElement)
{
$strPropertyName = $propertyElement->nodeName;
$propertyValue = array();
switch ($strPropertyName)
{
//If the node is "RoleID" print out its name.
case "otis:RoleID":
$propertyValue = $propertyElement->nodeValue; //Here you get the Role ID.
$strRoleID = $propertyValue;
echo $strRoleID. "\n";
break;
default:
break;
}
$propertyElement = $propertyElement->nextSibling;
}
}
$roleElement = $roleElement->nextSibling;
}
return( null);
}
}
}
To view the complete PHP sample code for Authentication and Roles-based nouns, see the Authentication and Roles PHP Sample Code page.
cURL
The following is example cURL code that demonstrates how to view which roles are currently active for a user:
if [ -e secret.hdr ] ; then secret=`cat secret.hdr` ; else secret="nosecret: none" ; fi
curl -b cookies.txt -H "${secret}" https://wag.bandit-project.org/otis/ActiveRoles
This assumes you have already set up an authenticated session and are using a cookies.txt file to store/retrieve the otisSessionID cookie and that the session secret has been stored in a file called secret.hdr (See AuthenticateUser for details).
Expected response:
<otis:AuthSession xmlns:otis="http://code.bandit-project.org/schemas/2008/otis">
<otis:sessionURL>https://wag.bandit-project.org/otis/ActiveRoles/B9D8711A5EA7E1A9B75B122058401105</otis:sessionURL>
<otis:RoleList>
<otis:Role>
<otis:RoleID isInRole="true">RandomRole2</otis:RoleID>
<otis:Property Name="RoleActivationMethod" Type="string">
<otis:PropertyValue>Authentication</otis:PropertyValue>
</otis:Property>
<otis:Property Name="RoleTypes" Type="string">
<otis:PropertyValue>Computed Role</otis:PropertyValue>
</otis:Property>
</otis:Role>
<otis:Role>
<otis:RoleID isInRole="true">RandomRole1</otis:RoleID>
<otis:Property Name="RoleActivationMethod" Type="string">
<otis:PropertyValue>Authentication</otis:PropertyValue>
</otis:Property>
<otis:Property Name="RoleTypes" Type="string">
<otis:PropertyValue>Computed Role</otis:PropertyValue>
</otis:Property>
</otis:Role>
</otis:RoleList>
</otis:AuthSession>
