Context Navigation

Is In Role

This section provides developers with information on how to determine if a particular role is active for an authenticated user. Documentation for the REST protocol, as well as code samples for Java, PHP, and cURL, are provided below.

REST

The REST noun for determining if a particular role is "active" for an authenticated session is as follows:

Relative Noun: /AuthenticatedSession/$sessionID/ActiveRoles/$roleID. This is the relative path of the URL that should appear after the OTIS server application name. The $sessionID variable identifies the authenticated session that is to be queried, and the $roleID variable specifies the role that is being asked about. For example:
```
https://wag.bandit-project.org/otis/AuthenticatedSession/AB6745EDF9A32BCEAB6745EDF9A32BCE/ActiveRoles/AdminRole
```
HTTP Method: GET.
Request/Response message details: click here
Description: Queries if a particular role (specified by the $roleID variable) is currently active in the authenticated session (specified by the $sessionID variable).

Java

The following is example Java code that demonstrates how to determine if a particular role is active for an authenticated session:

// See if a particular role is active for a session.

// Print out whether or not the specified role is activated.

System.out.println(session.isInRole(“RandomRole2”);

To view the complete Java sample code for Authentication and Roles-based nouns, see the Authentication and Roles Java Sample Code page.

PHP

The following is example PHP code that demonstrates how to determine if a particular role is active for an authenticated session:

Note: The following code is part of the overlaying showAssumableRoles function. To see the complete PHP sample code of the showAssumableRoles function, see Get Assumable Roles.

while ($propertyElement)
{
	$strPropertyName = $propertyElement->nodeName;
	$propertyValue = array();
	switch ($strPropertyName)
	{
		//If the node  is "RoleID", print out whether it is active.
		case "otis:RoleID":
			$propertyValue = $propertyElement->nodeValue;
			//See if the role is active.
                        $role = $propertyElement->getAttribute( "isInRole");
                        if($role == "true") echo "--Active\n";
			break;
		default:
			break;
        }
	$propertyElement = $propertyElement->nextSibling;
}

To view the complete PHP sample code for Authentication and Roles-based nouns, see the Authentication and Roles PHP Sample Code page.

The OTIS client Java library may be downloaded from the OTIS download page.

cURL

The following is example cURL code that demonstrates how to determine if a particular role is active for an authenticated user. This is the same cURL code as is on the Get Assumable Roles page. To determine if a role is active for an authenticated user, call the following code:

if [ -e secret.hdr ] ; then secret=`cat secret.hdr` ; else secret="nosecret: none" ; fi
curl -b cookies.txt -H "${secret}" https://wag.bandit-project.org/otis/AssumableRoles

This assumes you have already set up an authenticated session and are using a cookies.txt file to store/retrieve the otisSessionID cookie and that the session secret has been stored in a file called secret.hdr (See AuthenticateUser for details).

Following is the expected response. Look at the tag attribute "isInRole" in the following code. If it is "true", then the role is active; if it is "false", then the role is not active:

<otis:AuthSession xmlns:otis="http://code.bandit-project.org/schemas/2008/otis">
        <otis:sessionURL>https://wag.bandit-project.org/otis/AssumableRoles/B9D8711A5EA7E1A9B75B122058401105</otis:sessionURL>
        <otis:RoleList>
                <otis:Role>
                        <otis:RoleID isInRole="true">RandomRole2</otis:RoleID>


        <otis:Property Name="RoleActivationMethod" Type="string">
                                <otis:PropertyValue>Authentication</otis:PropertyValue>
        </otis:Property>
        <otis:Property Name="RoleTypes" Type="string">
                                <otis:PropertyValue>Computed Role</otis:PropertyValue>
        </otis:Property>
                </otis:Role>
                <otis:Role>
                        <otis:RoleID isInRole="false">Top</otis:RoleID>


        <otis:Property Name="Token Association" Type="string">
                                <otis:PropertyValue>1</otis:PropertyValue>
        </otis:Property>
        <otis:Property Name="RoleTypes" Type="string">
                                <otis:PropertyValue>http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectclass</otis:PropertyValue>
        </otis:Property>
                </otis:Role>
                <otis:Role>
                        <otis:RoleID isInRole="false">inetOrgPerson</otis:RoleID>


        <otis:Property Name="Token Association" Type="string">
                                <otis:PropertyValue>1</otis:PropertyValue>
        </otis:Property>
        <otis:Property Name="RoleTypes" Type="string">
                                <otis:PropertyValue>http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectclass</otis:PropertyValue>
        </otis:Property>
                </otis:Role>
                <otis:Role>
                        <otis:RoleID isInRole="true">RandomRole1</otis:RoleID>


        <otis:Property Name="RoleActivationMethod" Type="string">
                                <otis:PropertyValue>Authentication</otis:PropertyValue>
        </otis:Property>
        <otis:Property Name="RoleTypes" Type="string">
                                <otis:PropertyValue>Computed Role</otis:PropertyValue>
        </otis:Property>
                </otis:Role>
                <otis:Role>
                        <otis:RoleID isInRole="false">Person</otis:RoleID>


        <otis:Property Name="Token Association" Type="string">
                                <otis:PropertyValue>1</otis:PropertyValue>
        </otis:Property>
        <otis:Property Name="RoleTypes" Type="string">
                                <otis:PropertyValue>http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectclass</otis:PropertyValue>
        </otis:Property>
                </otis:Role>
                <otis:Role>
                        <otis:RoleID isInRole="false">ndsLoginProperties</otis:RoleID>


        <otis:Property Name="Token Association" Type="string">
                                <otis:PropertyValue>1</otis:PropertyValue>
        </otis:Property>
        <otis:Property Name="RoleTypes" Type="string">
                                <otis:PropertyValue>http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectclass</otis:PropertyValue>
        </otis:Property>
                </otis:Role>
                <otis:Role>
                        <otis:RoleID isInRole="false">organizationalPerson</otis:RoleID>


        <otis:Property Name="Token Association" Type="string">
                                <otis:PropertyValue>1</otis:PropertyValue>
        </otis:Property>
        <otis:Property Name="RoleTypes" Type="string">
                                <otis:PropertyValue>http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_objectclass</otis:PropertyValue>
        </otis:Property>
                </otis:Role>
                <otis:Role>
                        <otis:RoleID isInRole="false">RandomRole3</otis:RoleID>


        <otis:Property Name="RoleTypes" Type="string">
                                <otis:PropertyValue>Computed Role</otis:PropertyValue>
        </otis:Property>
                </otis:Role>
        </otis:RoleList>
</otis:AuthSession>

Download in other formats:

Plain Text