Authenticating Access to a TIBCO ActiveMatrix BPM Web Client Service
At runtime, security policies are enforced on the endpoint of every TIBCO ActiveMatrix BPM web client service to ensure that access is restricted to authenticated users. Every API call to a TIBCO ActiveMatrix BPM service must be made using the identity of a user who is registered in the BPM organization model. An API call that does not meet this requirement will be rejected.
To execute a web client service a user must have a valid session. If there is no valid session, a SessionTimedOutException is thrown. The web client service checks whether or not this exception has been thrown and if it has been thrown, a SessionInvalidEvent is fired. This means that before executing any web client services, a user must subscribe to the SessionInvalidEvent event.
Procedure
- A user from the BPM organization model must be logged in using the LoginAction. See Login Services.
- Once the user has logged in, they must subscribe to the SessionInvalidEvent.