Get Assumable Roles
This section provides developers with information on how to search for roles that can be activated after a user has authenticated. Documentation for the REST protocol, as well as code samples for Java, PHP, and cURL, are provided below.
REST
The REST noun for querying an authenticated session's assumable roles is as follows:
- Relative Noun: /AuthenticatedSession/$sessionID/AssumableRoles. This is the relative path of the URL that should appear after the OTIS server application name. The $sessionID variable identifies the authenticated session that is to be queried. For example:
https://wag.bandit-project.org/otis/AuthenticatedSession/AB6745EDF9A32BCEAB6745EDF9A32BCE/AssumableRoles
- HTTP Method: GET.
- Request/Response message details: click here
- Description: Queries the roles which COULD be activated (assumed) by the authenticated session (specified by the $sessionID variable).
Java
The following is example Java code that demonstrates how to query assumable roles that could be activated (or may already be activated) after a user authenticates:
// Returns an iterator that contains all of the assumable roles.
Iterator assumeRoles = session.getAssumeableRoles();
// While the iterator has objects...
while(assumeRoles.hasNext())
{
// Get the next role from the iterator.
IRole role = (IRole)assumeRoles.next();
// Get an iterator from the next role. This iterator contains the properties.
Iterator properties = role.getRoleProperties();
// While the "property" iterator has properties...
while(properties.hasNext())
{
// Print out the properties.
System.out.print(properties.next().toString() + "\t");
}
//New line.
System.out.print("\n");
}
To view the complete Java sample code for Authentication and Roles-based nouns, see the Authentication and Roles Java Sample Code page.
The OTIS client Java library may be downloaded from the OTIS download page.
PHP
The following is example PHP code that demonstrates how to query assumable roles that could be activated (or may already be activated) after a user authenticates:
//FUNCTIONS
function showAssumableRoles($Host, $secret, $URI){
//Get the xml that contains the assumable roles.
$getHeader =
"GET $URI/AssumableRoles HTTP/1.1\n".
"Host: $Host\n".
(($secret) ? ("SessionSecret: " . $secret . "\n") : "") .
"Connection: Close\n\n";
$socket = fsockopen($Host, 80);
fputs($socket, $getHeader);
$content = "";
while (!feof($socket))
{
$tmp = fgets($socket, 128);
if(strpos($tmp, ">"))
{
$content .= $tmp;
}
}
//NOTE: This section of the code goes through each tag of the xml file,
// prints out each role individually, and states if they are active. If you
// just want the xml, you only need to print out "$content".
//-----------------------------------------------------------------------------------
//Load the assumable roles xml.
$responseDoc = new DOMDocument();
if ($responseDoc->loadXML( $content) == FALSE)
{
echo ERROR;
return(null);
}
$sessionElement = $responseDoc->documentElement;
//Parse each node.
$childNode = $sessionElement->firstChild;
while ($childNode)
{
if ($childNode->nodeName != "otis:RoleList")
{
$childNode = $childNode->nextSibling;
}
else
{
$roleElement = $childNode->firstChild;
while ($roleElement)
{
//If the node is a role, parse it.
if ($roleElement->nodeName == "otis:Role")
{
$strRoleID = null;
$role = array();
$propertyElement = $roleElement->firstChild;
while ($propertyElement)
{
$strPropertyName = $propertyElement->nodeName;
$propertyValue = array();
switch ($strPropertyName)
{
//If the node is "RoleID", print out whether or not it is active.
case "otis:RoleID":
$propertyValue = $propertyElement->nodeValue;
$strRoleID = $propertyValue;
echo $strRoleID. "\n";
//See if the role is active.
$role = $propertyElement->getAttribute( "isInRole");
if($role == "true") echo "--Active\n";
break;
default:
break;
}
$propertyElement = $propertyElement->nextSibling;
}
}
$roleElement = $roleElement->nextSibling;
}
return( null);
}
}
}
To view the complete PHP sample code for Authentication and Roles-based nouns, see the Authentication and Roles PHP Sample Code page.
cURL
The following command reads the "otistest" entity:
if [ -e secret.hdr ] ; then secret=`cat secret.hdr` ; else secret="nosecret: none" ; fi
curl -b cookies.txt -H "${secret}" https://wag.bandit-project.org/otis/AssumableRoles
This assumes you have already set up an authenticated session and are using a cookies.txt file to store/retrieve the otisSessionID cookie and that the session secret has been stored in a file called secret.hdr (See AuthenticateUser for details).
Expected response:
<otis:AuthSession xmlns:otis="http://code.bandit-project.org/schemas/2008/otis">
<otis:sessionURL>https://wag.bandit-project.org/otis/AssumableRoles/B9D8711A5EA7E1A9B75B122058401105</otis:sessionURL>
<otis:RoleList>
<otis:Role>
<otis:RoleID isInRole="true">RandomRole2</otis:RoleID>
<otis:Property Name="RoleActivationMethod" Type="string">
<otis:PropertyValue>Authentication</otis:PropertyValue>
</otis:Property>
<otis:Property Name="RoleTypes" Type="string">
<otis:PropertyValue>Computed Role</otis:PropertyValue>
</otis:Property>
</otis:Role>
<otis:Role>
<otis:RoleID isInRole="false">Top</otis:RoleID>
<otis:Property Name="Token Association" Type="string">
<otis:PropertyValue>1</otis:PropertyValue>
</otis:Property>
<otis:Property Name="RoleTypes" Type="string">
<otis:PropertyValue>http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectclass</otis:PropertyValue>
</otis:Property>
</otis:Role>
<otis:Role>
<otis:RoleID isInRole="false">inetOrgPerson</otis:RoleID>
<otis:Property Name="Token Association" Type="string">
<otis:PropertyValue>1</otis:PropertyValue>
</otis:Property>
<otis:Property Name="RoleTypes" Type="string">
<otis:PropertyValue>http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectclass</otis:PropertyValue>
</otis:Property>
</otis:Role>
<otis:Role>
<otis:RoleID isInRole="true">RandomRole1</otis:RoleID>
<otis:Property Name="RoleActivationMethod" Type="string">
<otis:PropertyValue>Authentication</otis:PropertyValue>
</otis:Property>
<otis:Property Name="RoleTypes" Type="string">
<otis:PropertyValue>Computed Role</otis:PropertyValue>
</otis:Property>
</otis:Role>
<otis:Role>
<otis:RoleID isInRole="false">Person</otis:RoleID>
<otis:Property Name="Token Association" Type="string">
<otis:PropertyValue>1</otis:PropertyValue>
</otis:Property>
<otis:Property Name="RoleTypes" Type="string">
<otis:PropertyValue>http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectclass</otis:PropertyValue>
</otis:Property>
</otis:Role>
<otis:Role>
<otis:RoleID isInRole="false">ndsLoginProperties</otis:RoleID>
<otis:Property Name="Token Association" Type="string">
<otis:PropertyValue>1</otis:PropertyValue>
</otis:Property>
<otis:Property Name="RoleTypes" Type="string">
<otis:PropertyValue>http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectclass</otis:PropertyValue>
</otis:Property>
</otis:Role>
<otis:Role>
<otis:RoleID isInRole="false">organizationalPerson</otis:RoleID>
<otis:Property Name="Token Association" Type="string">
<otis:PropertyValue>1</otis:PropertyValue>
</otis:Property>
<otis:Property Name="RoleTypes" Type="string">
<otis:PropertyValue>http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectclass</otis:PropertyValue>
</otis:Property>
</otis:Role>
<otis:Role>
<otis:RoleID isInRole="false">RandomRole3</otis:RoleID>
<otis:Property Name="RoleTypes" Type="string">
<otis:PropertyValue>Computed Role</otis:PropertyValue>
</otis:Property>
</otis:Role>
</otis:RoleList>
</otis:AuthSession>
