RuleManagerApp Installation

COMPASS Version 6.2, 6.3, 6.4 © General Re Corporation 2021 - 2026. All Rights Reserved (created: 2025-05-05 generated: 2026-07-10)

Please note that this document is still under revision, so slight changes still might occur before the final version of this draft.

Introduction

COMPASS 6 provides a new web application for editing the COMPASS rules. Since version 6.2 it is called RuleManagerApp and requires the RuleManagerService as backend component. This document covers the installation and configuration of RuleManagerApp.

RuleManagerApp - Installation and Configuration

RuleManagerApp: is a pure web application based on Angular. It requires a running instance of RuleManagerService (see RuleManagerApp 6.2) and may be deployed in an HTTP webserver, but it’s also possible to deploy it in the same server environment as the backend.

RuleManagerService can be secured either via OAuth2 using COMPASS' AuthorizationServer (see Authorization-Server; configuration springAuthorization) or via your own Keycloak - installation (see Keycloak documentation; configuration keycloakAuthorization). The configuration of RuleManagerService to work with Keycloak is described here: RuleManagerService).

It is also possible not secure the RuleManagerService: its configuration allows the values dbAuthorization and noAuthorization with the following effect on the RuleManagerApp:

In case of dbAuthorization the RuleManagerApp will ask for a user/password login. This combination is sent to the backend for confirmation. If successful, this user is allowed to start working without further authorization.

In the case of noAuthorization, the RuleManagerApp will allow work with the default user defined by the property disabledAuthUser. The RuleManagerService is not protected.

A schematic representation of the secured architecture looks as follows:

rulmanager app flow

We recommend using the most recent version of Google Chrome to view RuleManagerApp.

Note that, server-wide, it is not possible to access RuleManager with more than one user at the same time. After a certain period of inactivity, a timeout logs a user out automatically and a re-login is necessary to continue their work.

File Structure

File / Directory Description

index.html

The only HTML file. Every URL path must resolve to this file. When it’s opened, all styles and Angular runtime files (*.js) are loaded and Angular resolves the URL. Note that the "base href" needs to be set in this file if you use Tomcat.

main.js (and others)

Minified Angular files. Do not change the content of these!

config/appConfig.json

The configuration file (see below.)

Installation and configuration

This document describes the installation of the server side of the RuleManager on an Apache Tomcat web server/web container version 9 as an example:

Install your servlet container (i.e. Apache Tomcat) and start it. Make sure that the welcome page of Apache Tomcat appears on the installed machine at localhost:8080/index.html.

image 2021 12 23 18 28 20 964

Port 8080 is the default port of the Apache Tomcat installation. It may differ for your installation.

The file RuleManagerApp.war is an archive that may be unpacked if deployed in a conventional HTTP server. If a servlet container such as Apache Tomcat is used, the WAR file can be copied to the webapps folder as-is, and is then accessible via localhost:8080/RuleManagerApp:.

If you would like to access RuleManagerApp: under a different URL:

  • Rename the war file and

  • Edit the base-href in index.html within that war file: <base href="/[New name]/">

Configuration

The RuleManagerApp>'s configuration is located in appConfig.json, which looks like this:

{
  "RuleManagerServiceUrl": "http://localhost:8080/RuleManagerService/",
  "CompassAuthorizationBase": "/CompassAuthorization/",
  "disabledAuthUser": "UW_POS",
  "KeycloakAuthorization": {
      "baseHref": "/RuleManagerApp/",
      "moduleConfig": {
        "clientId": "rulemanager-client",
        "requireHttps": true,
        "issuer": "https://www.example-auth.genre.com/realms/Compass",
        "sessionCheckIntervall": 15000,
        "showDebugInformation": false
      }
  },
  "conditionDeletionConfirmation": true,
  "onlySB1Editor": true
}

The properties are described here:

Property Name Type Mandatory Default Description

"RuleManagerServiceUrl"

String

yes

"http://localhost:8080/RuleManagerService"

URL to the RuleManager Service.

"CompassAuthorizationBase"

String

only for springAuthorization

"/CompassAuthorization/"

URL to CompassAuthorization.

"disabledAuthUser"

String

only for noAuthorization

"UW_POS"

The user which is used for logging changes to the database if auth is deactivated.

"baseHref"

String

only for Keycloak

"/RuleManagerApp/"

The name of the app. Keycloak uses this as the redirect URI.

"silentTokenRefreshEnabled"

true | false

no

(omitted)

If true, will disable the token refresh dialog and instead auto-refresh every time.

"moduleConfig"

JSON

only for Keycloak

Parameters for setting up Keycloak. See table below.

"conditionDeletionConfirmation"

true | false

yes

true

If true, shows a confirm dialog before deleting a rule in DB editor.

"onlySB1Editor"

true | false

yes

true

If true, disables experimental SB2 editor.

Keycloak (openid)

Note that all properties below are mandatory within "moduleConfig".

Property Name Type Default Description

"clientId"

string

"caseviewer-client"

The id Keycloak uses to identify received tokens by.

"requireHttps"

true | false

true

True if https should be used for Keycloak.

"issuer"

String

"http://localhost:8080/realms/Compass"

URL to the Keycloak realm.

"sessionCheckIntervall"

Number (positive)

15000

How often the token should be checked for validity. Number in milliseconds. See notes below

"showDebugInformation"

true | false

false

Show debug information from Keycloak.

Notes on sessionCheckIntervall

  1. The two ls in 'intervall' is a "required typo" due to the module being used.

  2. The interval does NOT specify the session / login duration of a user, this can be configured in the Keycloak administration console itself.

A comprehensive overview about configuring RuleManagerService with property parameter can be found here.