Because requests for extended services come by way of EPM Workspace servlets, EPM Workspace performs user authentication and session creation and management for an extended service. The extended service does not need to re-authenticate the user; however, the extended service may require information about the user’s session to manage local resources associated with the session.
When forwarding a request to an extended service, a EPM Workspace servlet passes a serialized session token artifact containing secure information about the user’s session. The string from the session token may be retrieved from the com.brio.one.client.SessionToken attribute of the javax.servlet.http.HttpSession artifact. After the session token is obtained in its string format, it can be used to join the session through the EPM Workspace API.
To use a serialized session token artifact to get an API session, include <EPM_ORACLE_HOME>/common/raframeworkrt/<version>/lib/rmapi.jar in the Web application or Application server classpath.