CaseViewerApp - Installation And Usage

COMPASS Version 6.2, 6.3, 6.4 © General Re Corporation 2021 - 2026. All Rights Reserved (created: 2026-07-02 generated: 2026-07-10)

Please note that this document is still under revision, so slight changes still might occur before the final version of this draft.

Introduction

CaseViewerApp is a new Angular-based web client for managing, capturing and assessing applications. It requires a running instance of CompassService (see CompassService 6.2 or CompassService 6.3) and may be deployed in an HTTP webserver, but it’s also possible to deploy it in the same server environment as the backend.
With CaseViewerApp, users can manage COMPASS cases, i.e. capture, copy, delete, print a case or display the assessment of a case. As such, CaseViewerApp is recommended for underwriters to test,evaluate and manage COMPASS cases.

For data capturing only, the Capture app can be used: With this app, the capturing process can be initiated independently from the administration view: Functions like copy, delete, print or display a result are not available with this app.
If no own Screenbuilder - client (see Screenbuilder 2.0) is developed, Capture app therefore can be used to capture data from the applicant.

This document describes the installation and configuration of both CaseViewerApp and Capture app.

CaseViewer App

Functionality of the CaseViewer App

CaseViewerApp offers the following services:

service / operation Description

capture

starts the risk data capturing process for one application

show result

displays the assessment result

assess

assesses an application

print application

prints the application form to file

print result

prints the assessment result to file

edit application

modify risk details of an application

copy application

copies an existing application to a new one

delete application

deletes an application

new application

creates a new application

Prerequisites

To deploy CaseViewerApp, you need:

  • A web server supporting the HTTP(S) - protocol

  • CompassService 6.2 (see CompassService 6.2).

The following picture shows the communication between CompassService, the webServer(CaseViewerApp) and an internet browser: image

Installation

CaseViewerApp comes as a compressed WAR file, which can be directly used in Servlet containers (such as Apache Tomcat), or otherwise need to be manually extracted to a webserver of your choice.

File Structure

File / Directory Description

index.html

The only HTML file. Every URL path must resolve to this file. When it’s opened, all styles and Angular runtime files (*.js) are loaded and Angular resolves the URL. Note that the "base href" needs to be set in this file if you use Tomcat.

main.js (and others)

Minified Angular files. Do not change the content of these!

appConfig.json

The main configuration file (see Configuration CaseViewerApp.)

appConfig-override.json

This file can be used to override properties from appConfig.json, without having to edit it. (See Configuration CaseViewerApp.)

Configuration CaseViewerApp

CaseViewerApp’s configuration is located in appConfig.json. If you wish to change any of the properties, you may either

  • edit the file directly, or

  • (recommended) write the properties you wish to change with their new values into appConfig-override.json.

The json may look like this:

{
  "CompassService": "https://www.example.genre.com/CompassService/",
  "searchMaxResults": 100,
  "searchMinQuality": 900,
  "sb2InvalidInputConfirm": true,
  "maximumNumberOfYearsPast": 50,
  "maximumNumberOfYearsFuture": 50,
  "disableOverallResult": false,
  "hideDontAnswerButton": false,
  "baseHref": "/CaseViewerApp/",
  "idleTimeout": {
    "showDialogAfterMs": 1200000,
    "timerMs": 600000
  }
}

The properties are described here:

Property Name Type Mandatory Default Description

CompassService

String

yes

"http://localhost:8080/CompassService"

URL to the COMPASS Service.

debug

true | false

no

(omitted)

If true, error messages get displayed in the browser console.

searchMaxResults

Number (positive)

no

(omitted - App defaults to 300)

Internal value which should not be changed. In case of performance problems, Gen Re might ask you to adapt this value.

searchMinQuality

Number (between 0 and 1000)

no

(omitted - App defaults to 300)

A search result with a quality of 1000 is an exact match. If the minQuality is set too high, then the results might be too few.

sb2InvalidInputConfirm

true | false

no

false

If true and, in SB2, the user made invalid inputs in the current page, shows a confirmation dialog before changing that page.

maximumNumberOfYearsPast

Number (positive)

no

100

In a date dialog, only allow dates beginning in the past from the current year minus this number.
Example:
maximumNumberOfYearsPast=100
current year = 2023
Earliest year allowed in the past = 1923

maximumNumberOfYearsFuture

Number (positive)

no

100

In a date dialog, only allow dates starting from the current year plus this number.
Example:
maximumNumberOfYearsFuture=100
current year = 2023
Maximum year allowed in the future = 2123

caseIdMax

Number (positive)

no

20

Internal value which should not be changed. Maximum number of allowed characters a caseId should have.

subIdMax

Number (positive)

no

4

Internal value which should not be changed. Maximum number of allowed characters a subId should have.

disableOverallResult

true | false

no

false

If true, hides a line that contains "Overall result" at the top of the assessment result page.

hideDontAnswerButton

true | false

no

false

If true, hides the ability to click "Don’t answer" in capture. image

baseHref

String

only relevant for Keycloak

"/CaseViewerApp"

The name of the app. Keycloak uses this as the redirect URI.

idleTimeout

Nested object with two number properties

only relevant for Keycloak

{ "showDialogAfterMs": 1200000, "timerMs": 600000 }

When to show the "Session about to expire" dialog ("showDialogAfterMs") and how much time the user is given to react in the dialog. If this object is missing in appConfig.json, the dialog will never show up, and there will be no auto-logout after a period of inactivity.

Integration of CompassService with Keycloak is described in detail here: CompassService 6.2: Integration with Keycloak or CompassService 6.3: Integration with Keycloak.

Capture app

Functionality of Capture app

Capture app offers the following services:

service / operation Description

capture

starts the risk data capturing process for one application

Prerequisites

To deploy Capture app, you need:

The following picture shows the communication between CompassService, the webServer(Capture) and an internet browser: image

Installation

Capture app comes as a compressed WAR file, which can be directly used in Servlet containers (such as Apache Tomcat), or otherwise need to be manually extracted to a webserver of your choice.

File Structure

File / Directory Description

index.html

The only HTML file. Every URL path must resolve to this file. When it’s opened, all styles and Angular runtime files (*.js) are loaded and Angular resolves the URL. Note that the "base href" needs to be set in this file if you use Tomcat.

main.js (and others)

Minified Angular files. Do not change the content of these!

appConfig.json

The configuration file (see Configuration Capture app.

Configuration Capture app

Capture app’s configuration is located in appConfig.json.

Below is an example:

{
  "CompassService": "http://localhost:8086/CompassService/",
  "searchMaxResults": 100,
  "searchMinQuality": 900,
  "sb2InvalidInputConfirm": true,
  "maximumNumberOfYearsPast": 50,
  "maximumNumberOfYearsFuture": 50,
  "hideDontAnswerButton": false,
  "redirectSuccess": "http://www.genre.com/capturesuccess.html?caseid={{caseId}}&subid={{subId}}&status={{status}}",
  "redirectError": "http://www.genre.com/captureerror.html?caseid={{caseId}}&subid={{subId}}&status={{status}}&error={{error}}"
}

The properties are described here:

Property Name Type Mandatory Default Description

CompassService

String

yes

"http://localhost:8080/CompassService"

URL to the COMPASS Service.

debug

true | false

no

(omitted)

If true, error messages get displayed in the browser console.

searchMaxResults

Number (positive)

no

(omitted - App defaults to 300)

Internal value which should not be changed. In case of performance problems, Gen Re might ask you to adapt this value.

searchMinQuality

Number (between 0 and 1000)

no

(omitted - App defaults to 300)

A search result with a quality of 1000 is an exact match. If the minQuality is set too high, then the results might be too few.

sb2InvalidInputConfirm

true | false

no

false

If true and, in SB2, the user made invalid inputs in the current page, shows a confirmation dialog before changing that page.

maximumNumberOfYearsPast

Number (positive)

no

100

In a date dialog, only allow dates beginning in the past from the current year minus this number.
Example:
maximumNumberOfYearsPast=100
current year = 2023
Earliest year allowed in the past = 1923

maximumNumberOfYearsFuture

Number (positive)

no

100

In a date dialog, only allow dates starting from the current year plus this number.
Example:
maximumNumberOfYearsFuture=100
current year = 2023
Maximum year allowed in the future = 2123

hideDontAnswerButton

true | false

no

false

If true, hides the ability to click "Don’t answer" in capture. image

redirectError

String

no

none

Used in Capture-only variant of the app only. When the user exits from Capture (by finishing or aborting), redirect to this URL in case COMPASS throws an error.
Result information may be added to the URL through formatted placeholders:
{{caseId}} contains the CaseID of the Case
{{subId}} contains the SubID of the Case
{{status}} contains a status number (0=OK, 1=Warning, 2=Error, 3=Fatal Error)
{{error}} contains a list of error numbers, concatenated by comma.
Example:
http://www.genre.com/captureerror.html?caseid={{caseId}}&subid={{subId}}&status={{status}}&error={{error}} in appConfig lets the app redirect to:
http://www.genre.com/captureerror.html?caseid=TEST_001&subid=DEMO&status=2&error=578,581

redirectSuccess

String

no

none

Used in Capture-only variant of the app only. When the user exits from Capture (by finishing or aborting), redirect to this URL in case COMPASS returns a successful OperationResult resulting in a status of 0 or 1.
Result information may be added to the URL through formatted placeholders:
{{caseId}} contains the CaseID of the Case
{{subId}} contains the SubID of the Case
{{status}} contains a status number (0=OK, 1=Warning, 2=Error, 3=Fatal Error)
Example:
http://www.genre.com/capturesuccess.html?caseid={{caseId}}&subid={{subId}}&status={{status}} in appConfig lets the app redirect to:
http://www.genre.com/capturesuccess.html?caseid=TEST_001&subid=DEMO&status=0

When using Capture app, CompassService must be configured without authorization (see CompassService 6.2 or CompassService 6.3).

Securing the URL

To prevent the URL of Capture app from being tampered with, the URL of CaseViewer app can be secured by an SHA3-256 hash.
To use this feature, CompassService must be configured accordingly. However, CompassService can also be configured in such a way that Capture app does not require a timestamp / hash.

The workflow is depicted below.

Explanation:

  1. The Workflow Administration Manager (Workflow ADM) calls the endpoint getHashForCase from CompassService (see CompassService.getHashForCase) to retrieve a SHA3-256 hash for the URL securing SubID, CaseID, SourceType and the timestamp.
    The End Point will return the corresponding SHA3-256 hash (see step 1 in picture below).) For details about format of the URL and parameters, see Verfying the installation of Capture app .Details about End Points and their parameters

  2. The Workflow ADM creates a Case with the technical data and calls Capture app with the parameters subID, caseID, srcType, timestamp and hash (see step 2 in picture below).

  3. Capture app will capture the case data and pass them to the backend CompassService (see step 3 in picture below)

  4. When capturing is finished, Capture app will either call a pre-defined URL in case of an error (redirectError) or in case of success (redirectSuccess). Both calls are GET calls and contain the following parameters for further evaluation of the Workflow ADM (see step 4 in picture below):

Parameter Content

status

0 = OK
1 = Warning
2 = Error
3 = Critical Failure

subid

the SubID of the case

caseid

the ID of the Case (CaseID)

errorcodes

a list of specific error codes

image

1. Retrieving a hash from CompassService

Explanation of URL-format and parameters:

The URL of the End Point CompassService.getHashForCase has the following format:

[GET] http://[host]:[port]/CompassService/getHashForCase?subId=[subID]&caseId=[caseID]&srcType=[sourceType]&timestamp=[timestamp]

i.e.

http://localhost:8086/CompassService/getHashForCase?subId=DEMO&caseId=TEST_001&srctype=4&timestamp=2023-12-11T08:08:07.336156900Z
Parameter Name Explanation

subID

The SubID of the Case

caseID

The CaseID of the Case

srcType

The SourceType of the Case

timeStamp

A timestamp defining the exact time until the returning hash is valid.

Format:

YYYY-MM-DDThh:mm:ss.MMMµµµZ

YYYY = Year
MM = Month
DD = Day
hh = Hour
mm = Minute
ss = Second
MMM = Millisecond
µµµ = Microsecond
Z = Indicator for Zulu time

After calling the End Point CompassService.getHashForCase, a JSON body containing potential error messages or - if no errors occurred - the SHA3-256 hash:

{
    "path": "/getHashForCase",
    "status": 0,
    "statusText": "OK",
    "errorDescriptions": [],
    "jsonContent": {
        "Hash": "a583c1fc473a82342e3b594d31b8fb8619374ab4b987a403c9f46762a21308c5"
    },
    "byteContent": null,
    "textContent": null
}

2. Calling Capture app with secured URL

After retrieving the hash for the parameters described above, Capture app can be called with the appropriate SubID, CaseID,SourceType, timestamp and hash.

Please note that the parameters must be exactly the same as used for the End Point CompassService.getHashForCase before (see above).

For a description of the End Points and their parameters. see Verfying the installation of Capture app.

3. If you want to create your own SHA3-256 hash

If you want to use your own tools rather than the End Point CompassService.getHash4Case to create an SHA3-256 hash, you can do so.

Algorithm:

The SubID, CaseID, SourceType, the timestamp and a salt are concatenated as a String. The salt is defined in the configuration of CompassService (see CompassService 6.2: Security Related Properties or CompassService 6.3: Security Related Properties): This is necessary since the validity of the URL is validated by CompassService (not by Capture app).

Example:

Parameter Name Explanation

subID

DEMO

caseID

TEST001

srcType

4

timestamp

2023-12-11T08:08:07.336156900Z

salt

5r55/KpVpBSk1YIXDobP

Resulting String to be hashed:

DEMOTEST00145r55/KpVpBSk1YIXDobP

SHA3-256-hash:

a583c1fc473a82342e3b594d31b8fb8619374ab4b987a403c9f46762a21308c5

Sample code (Java);

String toEncrypt = aSubID + aCaseID + sourceType + aTimestamp + salt;
String sha3Hex = new DigestUtils("SHA3-256").digestAsHex(toEncrypt);

Verifying the installation

After installing CompassService (see CompassService 6.2 or CompassService 6.3) and CaseViewerApp, we recommend a smoke test to verify the installation:

Verfying the installation of CaseViewerApp

Open a web browser and point it to the following URL:

http(s)://[host]:[port]/CaseViewerApp/index.html

Example:

http://localhost:8080/CaseViewerApp/index.html

CaseViewerApp should open and display a list of cases stored in the COMPASS case-tables:

CaseViewerApp

Verfying the installation of Capture app

  • Ensure that the CaseID, SubID and SourceType exist. In this example, we’ll assume the CaseID "TEST_001", SubID "DEMO" and SourceType 4.

    There are two different options to call Capture app:

For SourceTypes conforming to the Screenbuilder 2 - protocol (see Screenbuilder Introduction), the format is

http(s)://[host]:[port]/Capture/[SubID]/[CaseID]/[SourceType]/[Timestamp]/[Hash]/

Example:

http://localhost:8080/Capture/DEMO/TEST_001/4/1/2023-10-05T09:18:47.938414600Z/52ed578bb62c6a054a3bcac834e28ee24671754452b59d8127697accdafe9783

For SourceTypes conforming to the Screenbuilder 1 - protocol (see Screenbuilder Introduction), the format is

http(s)://[host]:[port]/Capture/sb1/[SubID]/[CaseID]/[SourceType]/[Timestamp]/[Hash]

Example:

http://localhost:8080/Capture/sb1/DEMO/TEST_001/4/1/2023-10-05T09:18:47.938414600Z/52ed578bb62c6a054a3bcac834e28ee24671754452b59d8127697accdafe9783

Capture app should open and display the starting screen to capture the data of the chosen case.

Capture

Format of the timestamp

The timestamp needs to be formatted as Zulu-Time (see Standard Date and Time Formats):

Syntax:

YYYY-MM-DDThh:mm:ss.MMMµµµZ

String Description

YYYY

Year

MM

Month

DD

Day

T

Separator

hh

Hour

mm

Minute

ss

Second

MMM

Millisecond

µµµ

Microsecond

Z

Indicator for Zulu time

i.e.
2023-10-05T09:18:47.938414600Z
2023-10-05T09:18:47.000000000Z

Possible Errors if URL has wrong format

In case of an error, Capture app will redirect to the URL specified in the CompassService property redirectError containing status, SubID, CaseID, and error numbers as URL-parameters.

Error Error message

576

Hash incorrect

577

Timestamp expired

578

Timestamp: Wrong format

579

Hash missing

580

Timestamp missing

581

SubID missing

582

CaseID missing

583

SrcType no Integer

584

GroupScreens missing

Securing the End Points

It’s obvious that all End Points of CompassService must not be exposed to the public Internet but remain in the DMZ or accept connections from dedicated IPs only. There are, however, two exceptions, as you can see in the picture below:

Since Capture app needs to communicate with the backend CompassService and resides on a web-server outside the DMZ, both the End Points CompassService.captureWithHash (which starts the capturing process) and CompassService.userAction (which accepts user input) need to be exposed; however, it is recommended to limit access to these End Points from outside the DMZ to Capture app and a possible customer portal only:

Securing End Points

After exiting

When you exit from Capture (by finishing or aborting),

  • if both properties redirectSuccess / redirectError are specified in appConfig.json (see Configuration Capture app), you will be redirected to one of these exact URL.

  • both properties must be set and are mandatory properties.