Step 7 - Clients Invoke Login and Logout Methods

When you call web services with a Java client, a required process is clients invoking login and logout methods for each web service. A typical process follows:
casm171
When you call web services with a Java client, a required process is clients invoking login and logout methods for each web service. A typical process follows:
  1. The client uses a method for login and authentication.
    Each web service has a set of login methods. The client applications can use several login methods for authentication. For example, the
    logIn
    method takes the same parameters as the Login window: User ID, Password, and Business Unit.
    To view the method parameter information, including signatures, use the following resources:
    • Web Services API documentation.
      To access the Web Services API documentation, log in to CA Service Catalog, click Administration, Tools, Links, Web Services API.
    • SOAP administration interface for deploying or undeploying web services
  2. The Catalog system authenticates the user and determines its role.
    Subsequent method calls operate within the scope of the access rights of the user.
  3. The client:
    • States the service that it is calling.
    • Provides the method name and its corresponding parameters before initiating the remote procedure call.
    • Checks the WSDL file for this information, if it is unknown.
      Typically, the client already has this information.
  4. The web service returns a session ID. This session ID is a required parameter that the client uses for the remaining web service calls. Because the underlying transport protocol can be either HTTP or non-HTTP, the authentication uses a common logIn web service.
    You can share the session ID across web services. For example, you can use the UserService logIn method to obtain a session ID. You can then use the session ID in a call to a Business Unit web service method.
  5. This session ends when one of the following events occurs:
    • The client calls the logOut web service method.
      Once you are finished using a session ID, you call the
      logOut
      web service to terminate the session. The
      logOut
      web service also invalidates the session ID. Managing the sessions efficiently in this manner helps you obtain the best product performance.
    • The client is idle for a period longer than the session timeout value.
      The client can use the session ID repeatedly within the timeout period. If the session times out, the session ID becomes invalid.
      To change the timeout value, update the administration configuration setting named User Default: Session Timeout.