RuleManagerService - Installation & Configuration
COMPASS Version 6.2, 6.3, 6.4 © General Re Corporation 2021 - 2026. All Rights Reserved (created: 2026-06-16 generated: 2026-07-10)
| Please note that this document is still under revision, so slight changes still might occur before the final version of this draft. |
Version 6.3
Introduction
COMPASS 6.3 allows a client application to communicate with the COMPASS engine via REST Services. The COMPASS engine consists of the REST components CompassService and RuleManagerService.
From on COMPASS 6.3, the REST services have been split up into CompassService and RuleManagerService: CompassService is Compass' public API (described in detail here), RuleManagerService is the internal API used by RuleManagerApp and not meant for public usage.
Both CompassService and RuleManagerService are Web applications that need to be deployed in a Servlet Container or can run as a Spring Boot application. They work in a stateless manner, and as such it allows easy deployment and scalability including cloud architectures.
This document describes the installation and configuration of the RuleManagerService which is the backend for the RuleManagerApp and provides the necessary REST-services. Please note that this API should not be used by anyone but RuleManagerApp only. The publicly available REST methods provided by COMPASS are documented at REST-API
Prerequisites
RuleManagerService can be deployed in any Java servlet container that supports at least Servlet API 5.0. We recommend the lightweight Java web server Apache Tomcat.
From on version 6.3, RuleManagerService requires Java 17.
Functionality of the RuleManager Service
REST-Services provided by RuleManagerService and used by RuleManagerApp are for internal use only and therefore are not described here.
Installation
The RuleManagerService distribution consists of the archive RuleManagerService.war. It can be deployed
in a Servlet Container (see Deployment in a Servlet Container) or as a standalone application using Spring Boot (see Standalone Server (Spring Boot)).
Deployment in a Servlet Container
RuleManagerService.war containing the RuleManagerService should be deployed in your Servlet
Container (i.e. Tomcat: webapps directory, OpenLiberty: dropins directory). If required, restart the container.
Standalone Server (Spring Boot)
The RuleManagerService.war contains a runnable environment that can be started with the spring WarLauncher. For
quick testing, it is possible to start the WebApp without a third-party Servlet Container:
Copy RuleManagerService.war file to your Compass lib directory.
Make sure Java 17 is installed, and run the following command using Java 17:
java -cp lib\RuleManagerService.war;databaseDriver org.springframework.boot.loader.launch.WarLauncher --spring.configname=RuleManagerService
The delivery includes a batch file bin\startRuleManagerService.bat that starts RuleManagerService as a Spring Boot application.
Configuration
RuleManagerService needs configuration files which define the environment and the data to work with. This configuration-file may use one of the following formats:
| Format | File-Name |
|---|---|
Properties |
RuleManagerService.properties |
YAML |
RuleManagerService.yml |
JSON |
RuleManagerService.json |
Following, we will explain the configuration as properties. The difference between the formats mentioned above are explained in RuleManagerService.properties - application.properties
The main property file is called either RuleManagerService.properties (default file name) or RuleManagerService.yml; in Open Liberty, the file needs to be named application.properties. The contents of the files are described in detail in RuleManagerService.properties - application.properties. We strongly recommend using COMPASS’ ability to use DataSources instead of pure JDBC calls. Therefore, please create the appropriate DataSources (see Data Source properties).
Spring Boot
When the RuleManagerService is started as a Spring Boot application with the batch file bin\startRuleManagerService.bat, the path to the configuration-file is:
config\RuleManagerService.properties
The file name is defined by the --spring.config.name parameter in said file (see Standalone Server (Spring Boot)) and should be located in the [COMPASS-installation]/Config directory.
Apache Tomcat / Standard Servlet Container
The following instructions describe the standard procedure of a deployment within a Standard Servlet Container. As an example, deployment within Apache Tomcat is explained:
Please be aware that when running RuleManagerService from on version 6.3 on Apache Tomcat, you will need Apache Tomcat 10.0.0 or higher.
When the RuleManagerService is being deployed within a Standard Servlet Container, it is up to the administrator to place to file RuleManagerService.properties to any location and adapt the environment-entry in RuleManagerService/META-INF/context.xml accordingly, i.e.
$CATALINA_HOME/COMPASSConfig/RuleManagerService.properties
The location of the above mentioned file is defined in RuleManagerService/META-INF/context.xml, and can be adapted:
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/">
<Environment name="spring.config.location"
value="file:../COMPASSConfig/RuleManagerService.properties"
type="java.lang.String"/>
The file RuleManagerervice.properties is part of the installation package and will be delivered outside the WAR archive.
Open Liberty / WebSphere
The following instructions describe the procedure of a deployment within an IBM’s Open Liberty. It is also a template for deployment within IBM’s WebSphere. As an example, deployment within Open Liberty is explained:
When RuleManagerService is being deployed in Open Liberty, the file application.properties needs to be placed in $/{server.config.dir} i.e. /opt/wlp/usr/servers/defaultServer.
The default context name of RuleManagerService is "RuleManagerService". If this needs to be changed, the WAR archive of RuleManagerService needs to be unpacked and the file WEB-INF/classes/ibm-web-ext.xml needs to be adapted. The context name can be changed by editing the entry context-root:
<web-ext xmlns="http://websphere.ibm.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee
http://websphere.ibm.com/xml/ns/javaee/ibm-web-ext_1_0.xsd"
version="1.0">
<reload-interval value="0"/>
<context-root uri="/RuleManagerService"/>
<enable-file-serving value="true"/>
<enable-reloading value="true"/>
</web-ext>
After editing, the WAR archive needs to be re-packed and can be deployed.
Wildfly / JBoss
If you haven’t done so, deploy your database driver to JBoss / Wildfly and create the DataSources needed for COMPASS (see example below). You can also configure RuleManagerService in such a way that it uses pure JDBC connections (see Installation: Database), however, we strongly recommend to use DataSources when deploying RuleManagerService on JBoss / WildFly.
Since there are multiple options specifying DataSources in JBoss / WildFly, our example below shows one possible way to define the DataSources. We therefore adapt %JBOSS_HOME%/standalone/configuration/standalone.xml. If you want to configure the DataSources in a different way, please consult the documentation of your application server or talk to your database administrator.
<subsystem xmlns="urn:jboss:domain:datasources:6.0">
<datasources>
<datasource jndi-name="java:jboss/COMPASSKnowledge" pool-name="COMPASSKnowledge">
<connection-url>jdbc:mariadb://localhost:3306/dbname</connection-url>
<driver-class>org.mariadb.jdbc.Driver</driver-class>
<driver>mariadb-java-client-2.7.1.jar</driver>
<security>
<user-name>user</user-name>
<password>password</password>
</security>
<validation>
<valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker"/>
<validate-on-match>true</validate-on-match>
<background-validation>false</background-validation>
<exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter"/>
</validation>
</datasource>
<datasource jndi-name="java:jboss/COMPASSCache" pool-name="COMPASSCache">
<connection-url>jdbc:mariadb://localhost:3306/dbname</connection-url>
<driver-class>org.mariadb.jdbc.Driver</driver-class>
<driver>mariadb-java-client-2.7.1.jar</driver>
<security>
<user-name>user</user-name>
<password>password</password>
</security>
</datasource>
<datasource jndi-name="java:jboss/COMPASSCase" pool-name="COMPASSCase">
<connection-url>jdbc:mariadb://localhost:3306/dbname</connection-url>
<driver-class>org.mariadb.jdbc.Driver</driver-class>
<driver>mariadb-java-client-2.7.1.jar</driver>
<security>
<user-name>user</user-name>
<password>password</password>
</security>
</datasource>
</datasources>
</subsystem>
When RuleManagerService is being deployed within a Standard Servlet Container, it is up to the administrator to place to file RuleManagerService.properties to any location and adapt the environment-entry in the deployment descriptor WEB-INF/web.xml accordingly (reminder: you’ll have to re-package the war archive and re-deploy).
Let’s say the configuration file is in $JBOSS_HOME, the entry would look like
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<env-entry>
<env-entry-name>spring.config.location</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>file:../COMPASSConfig/RuleManagerService.properties</env-entry-value>
</env-entry>
</web-app>
|
In JBoss / WildFly, if running them with default logging configuration, the archive SL4J needs to be excluded from COMPASS' classpath. This has already been configured inside the web app at META-INF/jboss-deployment-structure.xml - so if this needs to be changed again, please adapt said file and re-package the war archive. |
<jboss-deployment-structure>
<deployment>
<!-- Exclusions allow you to prevent the server from automatically adding some dependencies -->
<exclusions>
<module name="org.slf4j" />
<module name="org.slf4j.impl" />
</exclusions>
</deployment>
</jboss-deployment-structure>
Profiles
RuleManagerService works with profiles regarding Authorization / Authentication.
Depending on the chosen profile, RuleManagerService will either use Spring Authorization (OAuth2) or Keycloak.
It is also possible to run RuleManagerService without any Authorization / Authentication.
The desired Authorization / Authentication option is to specified in the property spring.profiles.active in
the file RuleManagerService.properties or RuleManagerService.yml (see Configuration).
There are 5 profiles available to customize the type of Authorization / Authentication:
| Profile | Explanation |
|---|---|
|
Mandatory |
|
Activate the Keycloak Authorization Configuration |
|
Activate Spring Authorization Configuration |
|
Service Endpoints are not secured. RuleManagerApp does not ask for a user/password |
|
Service Endpoints are not secured. RuleManagerApp will ask for user/password, which will be confirmed by RuleManagerService |
2 profiles need to be specified - default plus the corresponding Authorization profile. The profile default always
needs to be specified plus either one of the profiles keycloakAuthorization, springAuthorization or noAuthorization .
| If not exactly 2 profiles are specified or if the profile default is missing, the application will not start. |
| Profiles | Explanation |
|---|---|
|
RuleManagerService secured by Spring Authorization |
|
RuleManagerService secured by Keycloak Authorization |
|
Endpoints are not secured |
|
Endpoints are not secured |
RuleManagerService.properties - application.properties
Usually, configuration properties are specified in the file RuleManagerService.properties. In Open Liberty (WebSphere), the file application.properties is used instead.
The content of both these files is identical and can be grouped into 4 sections: System properties, Spring Boot related properties, authorization properties and logging properties.
It is also possible to pass the configuration-properties as command-line-parameters to RuleManagerService.
System properties
RuleManagerService stores some information in the property-files mentioned below. Those properties are defined in the file [compass.server.home]/config/server/compass.properties.
In addition, RuleManagerService needs to know the system-name to work with and additional properties when being started.
After modification of any of above-mentioned parameters, the web server should be restarted for the changes to take effect.
The following 3 properties are used to configure these:
| Property Name | Description |
|---|---|
rulemanager.server.home |
Location where the 3 above mentioned files/directory are located. |
rulemanager.systemname |
Name of the system to be used, and which is defined in compass.properties |
rulemanager.fullloadsystem |
true or false: |
Viewname properties
Property Name |
Description |
rulemanager.database.knowledge.url |
Url of the knowledge database |
rulemanager.database.knowledge.user |
Username of the knowledge database |
rulemanager.database.knowledge.password |
Password of the knowledge database |
rulemanager.database.knowledge.driver |
Driver class of the knowledge database |
rulemanager.database.knowledge.reconnect |
Boolean. If this property is included with the value “true”, then the connection described by the parame-ters above will be reconnected, if it has been dropped or is otherwise unavailable. This feature can be used e.g. when the database server drops unused connections after a certain time (e.g. 30 minutes). Set this property only if required, as it slows down the database performance. When this property is not in included in the compass.properties-file, or its value is set to anything other than “true”, the reconnect is not attempted. |
rulemanager.database.knowledge.real |
java.lang.Float or java.lang.Double; responsible for the representation of decimal numbers |
rulemanager.database.knowledge.viewname.Author |
The Author table is known under this name |
rulemanager.database.knowledge.viewname.BoolOrInt |
The BoolOrInt table is known under this name |
rulemanager.database.knowledge.viewname.Double |
The Double table is known under this name |
rulemanager.database.knowledge.viewname.Group |
The GroupID table is known under this name |
rulemanager.database.knowledge.viewname.Index |
The Index table is known under this name |
rulemanager.database.knowledge.viewname.Keys |
The Keys table is known under this name |
rulemanager.database.knowledge.viewname.Name |
The Name table is known under this name |
rulemanager.database.knowledge.viewname.PersObj |
The PersObj table is known under this name |
rulemanager.database.knowledge.viewname.Relation |
The Relation table is known under this name |
rulemanager.database.knowledge.viewname.Search |
The Search table is known under this name |
rulemanager.database.knowledge.viewname.String |
The String table is known under this name |
Spring Boot properties
The following properties are used to configure RuleManagerService when started outside a Servlet Container but being run as a Spring Boot application.
When running in a Servlet Container, these values are typically defined within the Servlet Container and can be omitted (commented out).
| Property Name | Description |
|---|---|
server.port |
REST service is listening on this port, only relevant if the service is running stand-alone |
server.servlet.contextPath |
REST API prefix, only relevant if service is running stand-alone |
server.sessionTimeout |
timeout, only relevant if the service is running stand-alone |
spring.jmx.enabled |
Don’t expose management beans to the JMX domain |
Data Source properties
The next property allows the definition of a Java Datasource for the database connection to access the: Knowledge Ddta. Set value to "none", if you don’t want to use a DataSource but want to use the database configuration in ${compass.server.home}/config/server/compass.properties Set values to a JNDI Value, if you want to use Datasource of the servlet container. For Apache Tomcat, define <ResourceLink> in context.xml and <Resource> in server.xml needs to be defined..
| Property Name | Description |
|---|---|
knowledge.datasource.jndi |
Datasource for knowledge data |
Should the entry xxxxxx.datasource.jndi be set to none or to a value that has not really been defined in the servlet container, a JDBC database connection will be created using the system-properties from the file $\{compass.server.home}/config/server/compass.properties.
When defining the Datasource for the Knowledge Data, the corresponding connection-properties in the compass.properties-file can be omitted:
Knowledge Data:
[System-name].database.url
[System-name].database.driver
[System-name].database.user
[System-name].database.password
Authorization properties
This part is only required when the RuleManagerService is used together with the COMPASS Authorization Server (OAuth2), meaning the profiles default and `springAuthorization`are activated (see Profiles). The installation of COMPASS Authorization Server providing OAuth2-authorization is described in the document Authorization Server. The corresponding properties are described in the document REST-API-Security
| Property Name | Description |
|---|---|
rulemanager.security.cors,enabled |
define if CORS is enabled |
rulemanager.security.cors.crossOrigin.urls |
specify URLs for which CORS is allowed. URLs have to be entered incl. protocol (i.e. http / https) and port. Multiple URLs cam be entered as a list separated by comma |
rulemanager.security.clientId |
define the client id for the oauth server |
spring.security.oauth2.resourceserver.jwt.issuer-uri |
Used by Authorization Server. Please do not change the default value. default: ${compass.security.authServerUrl} |
springdoc.api-docs.version |
openapi_3_1 (constant - don’t change) |
rulemanager.security.authServerUrl |
define the new Authorization server URL / Keycloak Authorization server URL |
rulemanager.security.requireHttps |
If set to true, Authorization server URL needs to be https |
rulemanager.security.sessionCheckInterval |
tokens will be checked in the defined regular interval if it is valid (ms) |
rulemanager.security.roleBasedResourceAccessEnabled |
It is used to secure the REST API call. If enabled, only users with the role |
rulemanager.security.springAuthorization.tokenBlacklistingOnLogoutEnabled |
During login with SpringAuthorization server, the frontend uses JWT token so that users remain authorized for a certain period of time without having to log in again. This token has remained valid until expiration time even after explicit logout. When tokenBlacklistingOnLogoutEnabled property is set to true, then it will blacklist the token after logout so that the REST API cannot be accessed with this token. This Token blacklisting supports only springAuthorization profile (see Profiles). It is set to true by default |
Integration with Keycloak
In order to run RuleManagerService, the following profiles have to be activated in the file RuleManagerService.properties or RuleManagerService.yaml (see RuleManagerService.poperties / application.properties. A Customer Keycloak Realm Issuer URL needs to be configured.
Role based authentication configuration in Keycloak
If users should only access the REST API based on their role, please follow these steps to configure it in Keycloak:
-
Login to Keycloak admin console in a browser
-
Select the corresponding realm.
-
Go to Client scopes and click the
rolesclient scope link. -
Go to the
Mapperstab and click theclient roleslink. -
Change
Token Claim Nametoauthoritiesso that the user roles will be saved with this attribute name in the token.
Note: RuleManagerService will read the user roles from the authorities attribute in the token.
| The Issuer Url can be found if you open Keycloak Admin Console, select the corresponding Realm and click Realm Settings. On the right side, you will find the OpenID Endpoint Configuration link. Click the link, it will open a new tab and on the beginning, you will find the Issuer Url. |
"issuer":"http://localhost:8080/realms/RuleManagerApp"
spring.profiles.active=default,keycloakAuthorization
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/realms/RuleManagerApp
Logging
RuleManager Service
In RuleManagerService logging can be configured via properties in the file RuleManagerService.[properties | yaml | json]. For a full overview about properties and logging features in RuleManagerService (see Properties Overview of RuleManagerService).
Verifying the installation
After updating the configuration-file, the installation needs to be verified.
For both installation types (Spring Boot app - standalone - or deployment in a Servlet Container, please perform the following steps:
Deployment as Spring Boot app (stand-alone)
-
Start RuleManagerService as Spring Boot app (stand-alone):
[COMPASS-installation-directory]/bin/startRESTService.bat
-
Verify in your console, that RuleManagerService started:
In the CMD-window or the log-file specified, you should see a message like
2023-03-14 13:05:47,299 [INFO ] c.c.c.r.RuleManagerServiceApp:61 - Started RuleManagerServiceApp in 65.43 seconds (JVM running for 308.249)
Deployment in Servlet Container
Perform the following steps:
-
Start the Servlet Container if not already started and deploy the application
-
Check that the RuleManagerService was deployed correctly (using administration tools of your Web Server).
-
Alternatively, you can check the logfile you’ve specified: It should contain an entry like
2023-03-14 13:05:47,299 [INFO ] c.c.c.r.RuleManagerServiceApp:61 - Started RuleManagerServiceApp in 65.43 seconds (JVM running for 308.249)
Test connectivity (for both deployment methods)
-
RuleManagerService has integrated SWAGGER support to describe and document its RESTful API. To view this API documentation open the following URL in your browser:
http(s)://[host]:port/RuleManagerService/api.html
Example:
http://localhost:8080/RuleManagerService/api.html
If RuleManagerService has been installed successfully, your browser should display the SWAGGER representation of RuleManagerService RESTful API: