Configuring Decision Central settings and properties
Abstract
Preface
As an administrator, you can customize Decision Central using the Admin Settings. You can use the Admin Settings to customize the following items:
-
Roles
: Set the home page, priority, and permissions of a role. -
Groups
: Set the home page, priority, and permissions of a group as well as create and delete groups. -
Users
: Create and delete users as well as add a group or role to a user and view its permissions. -
Artifacts
: View M2 repository artifacts, upload artifacts, view, and download JAR files. -
Data Source
: Add, update, or delete data sources and database drivers. -
Data Sets
: Create, modify, or delete data sets. -
Projects
: View and edit project preferences such as file export properties, space properties, default values, and advanced GAV properties. -
Artifact Repository
: Manage artifact repository properties. -
Languages
: Set the Decision Central language. -
Process Designer
: Set diagram editor properties.
Prerequisites
- Installed Red Hat JBoss Enterprise Application Platform 7.1.0. For more information, see Red Hat JBoss EAP 7.1.0 Installation Guide.
- Installed Red Hat Decision Manager. For more information, see Installing and configuring Red Hat Decision Manager on Red Hat JBoss EAP.
-
Red Hat Decision Manager is running and you can log in to Decision Central with the
admin
role.
Chapter 1. User and group management
Decision Central defines three types of entities for security management - users, groups, and roles. Permissions can be assigned to both roles and groups. Decision Central provides the following roles:
- process-admin
- manager
- admin
- analyst
- developer
- user
If a role’s identifier is present in the application’s Role Registry only then it is considered a role otherwise its a group.
You can use Decision Central to create and manage as many users and groups as you require. A user must be assigned at least one user-specific role to login to Decision Central. User privileges depends on permissions from the groups and roles the user is a member of. Note that role or group priority is taken into account in case a user has several roles or groups assigned to it.
1.1. Creating users
You can create as many Decision Central users as you require. User privileges and settings are controlled by the roles assigned to a user and the groups that a user belongs to.
Procedure
- Log in to Decision Central and click Admin → Users.
- Click New user, enter a user name, and then click Next.
- If desired, click the Groups tab, click Add to groups, and then select the groups that you want this user to belong to. Then click Add to selected groups.
- Click the Roles tab, click Add roles, and then select the roles that you want to give this user. Then click Add to selected roles.
- Click Create.
- Click Yes to set a password for the user and click Change.
The user must have at least one role to access Decision Central.
1.2. Editing users
You can edit the users of Decision Central according to your needs. From the Users option in Settings, you can change the group and role of a user. All user permissions are based on the group and role permissions of the user. You can view the user permissions from the Permissions tab.
Procedure
- Log in to Decision Central.
- Select Admin → Users.
- From All users, click the user you want to edit. All user details are displayed in the right pane.
Click Edit.
Complete the following steps to add groups to users:
- From Groups, click Add to groups. The Group selection for user window opens.
- Select or deselect the groups you want the user to be a part of.
- Click Add to selected groups.
Complete the following steps to add roles to users:
- From Roles tab, click Add roles. The Role selection for user window opens.
- Select or deselect the roles you want to assign to the user.
- Click Add to selected roles.
Complete the following step to view user permissions:
- Click the Permissions tab and expand the attributes to view user permissions.
Complete the following steps to change the user’s password,
- Click Change Password. The Change password for user window opens.
- Enter and confirm the new password and click Change.
Complete the following steps to delete the user,
- Click Delete and then click Yes to remove the user.
- Click Save to apply the changes.
1.3. Creating groups
In Decision Central, groups allow you to control permissions for a collection of users. You can create as many groups as you want but a group must have at least one user.
Procedure
- Log in to Decision Central.
- Select Admin → Groups.
- Click New group, enter a group name, and then click Next.
Select the users that you want to belong to this group, and then click Add selected users.
The newly created group is listed under All groups.
1.4. Editing groups
You can edit a group’s attributes such as home page, priority, and permissions according to your requirements. From the Groups option in Settings, you can modify or delete a group.
Procedure
- Log in to Decision Central.
- Select Admin → Groups.
- From All groups, click the group you want to edit. All user details are displayed in the right pane.
- Select the home page from the Home Page list.
- Select the priority from the Priority list.
In the Permissions section, expand the resource attribute and change its permission.
NoteYou can add exceptions to Pages, Editor, Spaces, and Projects permissions.
Click Save to apply the changes.
NoteUse Delete to remove a group from Decision Central.
Chapter 2. Security management
Security management is the process of managing users, groups, and permissions. You can control access to Decision Central resources and features from the Decision Central Security management page.
Decision Central defines three types of entities for security management: users, groups, and roles. You can assign permissions to both roles and groups. A user inherits permissions from the groups and roles that the user is a member of.
2.1. Security management providers
In the context of security management, a realm restricts access to different application resources. Realms contain information about users, groups, roles, and permissions. A concrete user and group management service implementation for a specific realm is called a security management provider.
If the built-in security management providers do not meet the requirements of your application security realm, then you can build and register your own security management provider.
If the security management provider is not installed, the user interface for managing the security realm is not available. After you install and configure a security management provider, the user and group management features are automatically enabled in the security management user interface.
Decision Central includes the Red Hat JBoss EAP security management provider which supports realm types based on the contents of the application-users.properties
or application-roles.properties
property file.
2.1.1. Configuring the Red Hat JBoss EAP security management provider based on property files
You can build and register your own Red Hat JBoss EAP security management provider. To use the Red Hat JBoss EAP security management provider based on property files, complete the steps in this procedure.
Prerequisites
- Red Hat JBoss EAP is installed.
Procedure
To use an existing users or roles property file from the Red Hat JBoss EAP instance, include the following system properties in the
EAP_HOME/standalone/configuration/application-users.properties
andEAP_HOME/standalone/configuration/application-roles.properties
files, as shown in the following example:<property name="org.uberfire.ext.security.management.wildfly.properties.realm" value="ApplicationRealm"/> <property name="org.uberfire.ext.security.management.wildfly.properties.users-file-path" value="/standalone/configuration/application-users.properties"/> <property name="org.uberfire.ext.security.management.wildfly.properties.groups-file-path" value="/standalone/configuration/application-roles.properties"/>
The following table provides a description and default value for these properties:
Table 2.1. Red Hat JBoss EAP security management provider based on property files Property Description Default value org.uberfire.ext.security.management.wildfly.properties.realm
The name of the realm. This property is not mandatory.
ApplicationRealm
org.uberfire.ext.security.management.wildfly.properties.users-file-path
The absolute file path for the users property file. This property is mandatory.
./standalone/configuration/application-users.properties
org.uberfire.ext.security.management.wildfly.properties.groups-file-path
The absolute file path for the groups property file. This property is mandatory.
./standalone/configuration/application-roles.properties
Create the
security-management.properties
file in the root directory of your application. For example, create the following file:src/main/resources/security-management.properties
Enter the following system property and security provider name as a value in the
security-management.properties
file:<property name="org.uberfire.ext.security.management.api.userManagementServices" value="WildflyUserManagementService"/>
2.1.2. Configuring the Red Hat JBoss EAP security management provider based on property files and CLI mode
To use the Red Hat JBoss EAP security management provider based on property files and CLI mode, complete the steps in this procedure.
Prerequisites
- Red Hat JBoss EAP is installed.
Procedure
To use an existing users or roles property file from the Red Hat JBoss EAP instance, include the following system properties in the
EAP_HOME/standalone/configuration/application-users.properties
andEAP_HOME/standalone/configuration/application-roles.properties
files, as shown in the following example:<property name="org.uberfire.ext.security.management.wildfly.cli.host" value="localhost"/> <property name="org.uberfire.ext.security.management.wildfly.cli.port" value="9990"/> <property name="org.uberfire.ext.security.management.wildfly.cli.user" value="<USERNAME>"/> <property name="org.uberfire.ext.security.management.wildfly.cli.password" value="<USER_PWD>"/> <property name="org.uberfire.ext.security.management.wildfly.cli.realm" value="ApplicationRealm"/>
The following table provides a description and default value for these properties:
Table 2.2. Red Hat JBoss EAP security management provider based on property files and CLI mode Property Description Default value org.uberfire.ext.security.management.wildfly.cli.host
The native administration interface host.
localhost
org.uberfire.ext.security.management.wildfly.cli.port
The native administration interface port.
9990
org.uberfire.ext.security.management.wildfly.cli.user
The native administration interface username.
NA
org.uberfire.ext.security.management.wildfly.cli.password
The native administration interface user’s password.
NA
org.uberfire.ext.security.management.wildfly.cli.realm
The realm used by the application’s security context.
ApplicationRealm
Create the
security-management.properties
file in the root directory of your application. For example, create the following file:src/main/resources/security-management.properties
Enter the following system property and security provider name as a value in the
security-management.properties
file:<property name="org.uberfire.ext.security.management.api.userManagementServices" value="WildflyCLIUserManagementService"/>
2.2. Permissions and settings
A permission is an authorization granted to a user to perform actions related to a specific resource within the application. For example, a user can have following permissions:
- View a page.
- Save the project.
- View a repository.
- Delete a dashboard.
You can grant or deny a permission and a permission can be global or resource specific. You can use permissions to protect access to resources and customize features within the application.
2.2.1. Changing permissions for groups and roles in Decision Central
In Decision Central, you cannot change permissions for an individual user. However, you can change permissions for groups and roles. The changed permissions apply to users with the role or that belong to a group that you changed.
Any changes that you make to roles or groups affect all of the users associated with that role or group.
Prerequisites
-
You are logged in to Decision Central with the
admin
user role.
Procedure
- To access the Security management page in Decision Central, select the Admin icon in the top-right corner of the screen.
Click Roles, Groups, or Users on the Decision Central Settings page.
The Security management page opens on the tab for the icon that you clicked.
- From the list, click the role or group you want to edit. All details are displayed in the right panel.
- Set the Home Page or Priority under the Settings section.
Set the Decision Central, page, editor, space, and project permissions under the Permissions section.
Figure 2.1. Setting the permissions
- Click the arrow next to a resource type to expand the resource type whose permissions you want to change.
Optional: To add an exception for a resource type, click Add Exception and then set the permissions as required.
NoteYou cannot add an exception to the Decision Central resource type.
- Click Save.
2.2.2. Changing the Decision Central home page
The home page is the page that appears after you log in to Decision Central. By default, the home page is set to Home
. You can specify a different home page for each role and group.
Procedure
- In Decision Central, select the Admin icon in the top-right corner of the screen and select Roles or Groups.
- Select a role or group.
- Select a page from the Home Page list.
Click Save.
NoteThe role or group must have read access to a page before you can make it the home page.
2.2.3. Setting priorities
A user can have multiple roles and belong to multiple groups. The Priority setting determines the order of precedence of a role or group.
Prerequisites
-
You are logged in to Decision Central with the
admin
user role.
Procedure
- In Decision Central, select the Admin icon in the top-right corner of the screen and select Roles or Groups.
- Select a role or group.
- Select a priority from the Priority menu, and then click Save.
If a user has a role or belongs to a group that has conflicting settings, the settings of the role or group with the highest priority applies.
Chapter 3. Managing artifacts
You can manage artifacts from the Artifacts page in Decision Central. The artifact repository is a local Maven repository and there is only one Maven repository for each installation. Decision Central recommends using Maven repository solutions like Sonatype Nexus™, Apache Archiva™, or JFrog Artifactory™.
The Artifacts page lists all the artifacts in the Maven repository. You can also upload a new artifact to the Maven repository using the Upload button.
Only *.jar, *.kjar, or pom.xml files can be uploaded to the Artifacts repository.
3.1. Viewing an artifact
You can view all the content of the local maven repository from the Artifacts page.
Procedure
- Log in to Decision Central.
- Select Admin → Artifacts.
- Click Open to view the artifact details.
- Click Ok to go back to the Artifacts page.
3.2. Downloading an artifact
You can download and save an artifact from Decision Central’s repository to a project’s local storage.
Procedure
- Log in to Decision Central.
- Select Admin → Artifacts.
- Click Download.
- Browse to the directory where you want to save the artifact and click Save.
3.3. Uploading an artifact
You can upload an artifact from the local storage to a project in Decision Central.
Procedure
- Log in to Decision Central.
- Select Admin → Artifacts.
- Click Upload.
- Click Choose File and browse to the directory from where you want to upload the artifact.
Click Upload.
NoteIn case you are using a non-maven artifact, first deploy the artifact to the maven repository using
mvn deploy
command and then refresh the artifact list in Decision Central.
Chapter 4. Managing data sources
Decision Central provides data source management which gives you the ability of defining data sources for accessing a database. These data sources are then used by other Decision Central components such as the data sets. A database driver, on the other hand, is used for enabling communication between a data source and the targeted database.
From the Data Source Authoring page you can add data sources and database drivers to Decision Central.
Decision Central provides a default data source that can can be used but can neither be edited nor deleted.
4.1. Adding a database driver
You can add a new database driver to Decision Central according to your requirements.
Procedure
- Log in to Decision Central.
- Select Admin → Data Sources. The Data Sources Authoring page opens.
- In the DataSource Explorer pane, click Add Driver. The New driver window opens.
- In the New driver window, enter the Name, Driver Class Name, Group Id, Artifact Id, and the Version of the database driver.
- Click Finish to add the driver to Decision Central.
4.2. Deleting a database driver
You can remove database drivers from the Data Source Definition pane of Decision Central.
Procedure
- Log in to Decision Central.
- Select Admin → Data Sources. The Data Sources Authoring page opens.
- In the DataSource Explorer pane, select the driver you want to delete. The Data Source Definition pane lists the driver details.
- Click Remove.
- Click Delete to delete the driver.
4.3. Adding a data source
You can add a new data source to Decision Central from the Data Sources Authoring page.
Procedure
- Log in to Decision Central.
- Select Admin → Data Sources. The Data Sources Authoring page opens.
- In the DataSource Explorer pane, click Add DataSource. The New data source window opens.
- In the New data source window, enter the data source Name, database Connection URL, User and Password, and Driver.
- Click Test Connection to verify the connection to the database.
- Click Finish to add the data source to Decision Central.
4.4. Editing a data source
You can edit the properties of a data source and also test its connection to the database in Decision Central.
Procedure
- Log in to Decision Central.
- Select Admin → Data Sources. The Data Sources Authoring page opens.
- In the DataSource Explorer pane, click the data source you want to edit. The Data Source Definition pane lists the data source details.
- In the Data Source Definition pane, make the necessary changes to the Name, Connection URL, User, Password, and the Driver fields.
- Click Test Connection to verify the connection to the database.
- Click Update.
- Click Save to confirm the changes to the data source.
4.5. Deleting a data source
You can delete an existing data source from the DataSource Explorer pane in Decision Central.
Procedure
- Log in to Decision Central.
- Select Admin → Data Sources. The Data Sources Authoring page opens.
- In the DataSource Explorer pane, click the data source you want to delete. The Data Source Definition pane lists the data source details.
- Click Remove.
- Click Delete to confirm the deletion of the data source.
Chapter 5. Data sets authoring
A data set is a collection of related sets of information. It can be stored in many ways, such as in a database, in a Microsoft Excel file, in memory, and so on. A data set definition instructs Decision Central how to access, read, and parse a data set. Decision Central does not store data. It enables you to define access to a data set regardless of where the data is stored.
For example, if data is stored in a database, a valid data set could contain the entire database or a subset of the database as a result of an SQL query. In both cases, the data is used as input for the reporting components of Decision Central which then displays the information.
To access a data set, you must create and register a data set definition, which will define where the data set is stored, how it can be accessed, read, and parsed, and what columns it contains.
The Data Sets page is visible only to users with admin role.
5.1. Adding data sets
You can create a new data set to fetch data from an external data source and use that data for the reporting components.
Procedure
- Log in to Decision Central and click the gear icon.
- Click Data Sets → Data Set Explorer → New Data Set.
Select one of the following the provider types:
- Bean: Use to generate a data set from a Java class
- CSV: Use to generate a data set from a remote or local CSV file
- SQL: Use to generate a data set from an ANSI-SQL compliant database
- Elastic Search: Use to generate a data set from Elastic Search nodes
Execution Server: Use to generate a data set using the custom query feature of an Execution Server
NoteKIE Server must be configured with this option.
Complete the Data Set Creation Wizard and click Test.
NoteDepending on the provider you chose, the configuration steps will differ.
- Click Save.
5.2. Editing data sets
You can edit existing data sets to ensure that the data fetched to the reporting components is up-to-date.
Procedure
- Log in to Decision Central, click the gear icon, and then click Data Sets.
- In the Data Set Explorer pane, search for the data set you want to edit and click Edit.
In the Data Set Editor pane, use the appropriate tab to edit the data as required. The tabs will differ based on the data set provider type you chose.
For example, the following changes are applicable for editing a CSV data provider.
- CSV Configuration: Enables you to change the name of the data set definition, the source file, the separator, and other properties.
Preview: Enables you to preview the data. After you click Test in the CSV Configuration tab, the system executes the data set lookup call and if the data is available, a preview appears. Note that the Preview tab has two sub-tabs:
- Data columns: Enables you to specify what columns are part of your data set definition.
- Filter: Enables you to add a new filter.
Advanced: Enables you to manage:
- Caching: See Section 5.4, “Caching” for more information.
- Cache life-cycle See Section 5.3, “Data refresh” for more information.
- After making the required changes, click Validate.
- Click Save.
5.3. Data refresh
The data refresh feature enables you to specify an interval of time after which a data set (or data) is refreshed. The Refresh on stale data feature refreshes the cached data when the back-end data changes.
5.4. Caching
Decision Central provides caching mechanisms for storing data sets and performing data operations using in-memory data. Caching data reduces network traffic, remote system payload, and processing time. To avoid performance issues, configure the cache settings in Decision Central.
For any data lookup call that result in a data set, the caching technique will determine where the data lookup call is executed and where the resulting data set is stored. An example of a data lookup call would be all the mortgage applications whose locale parameter is set as "Urban".
Decision Central data set functionality provides two cache levels:
- Client level
- Back end level
Client cache
When the cache is turned on, the data set is cached in a web browser during the lookup operation and further lookup operations do not perform requests to the back end. Data set operations like grouping, aggregations, filtering, and sorting are processed in the web browser. Enable client caching only if the data set size is small, for example, for data sets with less than 10 mb size. For large data sets, browser issues such as slow performance or intermittent freezing can occur. Client caching reduces the number of back end requests including requests to the storage system.
Back end cache
When the cache is enabled, the decision engine caches the data set. This reduces the number of requests to the remote storage system. All data set operations are performed in the decision engine using in-memory data. Enable back-end caching only if the data set size is not updated frequently and it can be stored and processed in memory. Using back-end caching is also useful in cases with low latency connectivity issues with the remote storage.
Back end cache settings are not always visible in the Advanced tab of the Data Set Editor because Java and CSV data providers rely on back end caching (data set must be in the memory) in order to resolve any data lookup operation using the in-memory decision engine.
Chapter 6. Customizing project preferences
A project stores assets and is part of a space. A space can hold multiple projects.
For example, an organization has many departments, such as HR, Payroll, Engineering, R&D, and so on. Each department maps to a space. And every department can have their own projects.
You can create a new Project from scratch or clone projects from an existing Git repository.
Procedure
- Log in to Decision Central.
- Select Admin → Projects. The Projects page opens.
Project Preferences has the following four options,
File exporting option. It has the following properties,
Table 6.1. File exporting properties Field Description PDF orientation
Determines whether the PDF orientation is portrait or landscape.
PDF units
Determines whether the PDF unit is PT, MM, CN or IN.
PDF page format
Determines whether the PDF page format is A[0-10], B[0-10], or C[0-10].
Spaces option. It has the following properties,
Table 6.2. Spaces properties Field Description Name
The default name of the space that is created automatically if none exists.
Owner
The default owner of the space that is created automatically if none exists.
Group ID
The default group id of the space that is created automatically if none exists.
Alias (in singular)
Determines the customized alias (singular) of the space.
Alias (in plural)
Determines the customized alias (plural) of the space.
Default values option. It has following properties,
Table 6.3. Default values properties Field Description Version
The default version number of a project when creating projects using the Quick setup option.
Description
The default description of a project when creating projects using the Quick setup option.
Branch
The default branch to be used when using a Git repository.
Default values option. It has following properties,
Table 6.4. Advanced GAV preference properties Field Description Disable GAV conflict check?
Determines whether to enable or disable the GAV conflict check. Disabling this feature will allow projects to have the same GAV(Group ID, Artifact, Version).
Allow child GAV edition?
Determines whether to allow child/sub-projects to have GAV edition.
- Click Save.
Chapter 7. Customizing artifact repository properties
In some cases, projects need to resolve external dependencies to build domain model Jars. A repository contains the needed artifacts which has the following features:
- It’s a Maven repository.
- All snapshots are time stamped.
- Mostly stored in the local hard drive
By default, the artifact repository is in $WORKING_DIRECTORY/repositories/kie
.
Procedure
- Log in to Decision Central.
- Select Admin → Artifact Repository. The Artifact Repository page opens.
- Make selections and enter information in the Properties section.
- Click Save.
Chapter 8. Customizing language settings
You can change the language settings of Decision Central from the Settings page. Decision Central supports seven languages - English, German, Spanish, French, Japanese, Portuguese, and Chinese(Simplified). The default language is English.
Procedure
- Log in to Decision Central.
- Select Admin → Languages. The Language Selector window opens.
- Select the desired language from the Language list.
- Click Ok.
Chapter 9. Customizing process administration
You can customize the default pagination option in Decision Central by editing the Default items per page property on the Process Administration page.
Procedure
- Log in to Decision Central.
- Select Admin → Process Administration.
From the Properties section, update the Default items per page property and click Save.
NoteYou can specify 10, 20, 50 or 100 items to display on each page.
Chapter 10. Customizing the process designer
You can customize the process designer in Decision Central by editing the properties of the diagram editor from the Settings page.
Procedure
- Log in to Decision Central.
- Go to Admin → Process Designer.
In the Properties section, update any of the following properties and click Save:
- Select the Auto hide category panel check box to automatically hide a category toolbar panel.
- In the Drawing area width field, enter an integer value between 2800 and 5600 to set the width of the drawing area.
- In the Drawing area height field, enter an integer value between 1400 and 2800 to set the height of the drawing area.
- Select the Enable HiDPI check box if you are using a high resolution display and are seeing blurry text and objects. This option is disabled by default.
Chapter 11. SSH Keys
Decision Central provides an SSH keystore service to enable user SSH authentication. It provides a configurable default SSH keystore, extensible APIs (for custom implementations), and support for multiple SSH public keys formats.
You can access the SSH Keys option from the Admin page to register your SSH public keys.
11.1. Default SSH keystore
The default SSH keystore included with Decision Central provides a file-based storage mechanism to store a user’s public keys. By default, Decision Central uses the *.security
folder as the root directory. However, it is possible to use a custom storage path by setting the value of the appformer.ssh.keys.storage.folder
system property point to a different folder.
The SSH public keys are stored in the {securityFolderPath}/pkeys/{userName}/
folder structure.
Each SSH public key consists of the following files, located in the storage folder:
{keyId}.pub
: This file contains the SSH public key content. As the file name determines the logic key ID on the system, ensure that the file name is not modified during runtime.For example:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmak4Wu23RZ6XmN94bOsqecZxuTa4RRhhQmHmTZjMB7HM57/90u/B/gB/GhsPEu1nAXL0npY56tT/MPQ8vRm2C2W9A7CzN5+z5yyL3W01YZy3kzslk77CjULjfhrcfQSL3b2sPG5jv5E5/nyC/swSytucwT/PE7aXTS9H6cHIKUdYPzIt94SHoBxWRIK7PJi9d+eLB+hmDzvbVa1ezu5a8yu2kcHi6NxxfI5iRj2rsceDTp0imC1jMoC6ZDfBvZSxL9FXTMwFdNnmTlJveBtv9nAbnAvIWlilS0VOkdj1s3GxBxeZYAcKbcsK9sJzusptk5dxGsG2Z8vInaglN6OaOQ7b7tcomzCYYwviGQ9gRX8sGsVrw39gsDIGYP2tA4bRr7ecHnlNg1b0HCchA5+QCDk4Hbz1UrnHmPA2Lg9c3WGm2qedvQdVJXuS3mlwYOqL40aXPs6890PvFJUlpiVSznF50djPnwsMxJZEf1HdTXgZD1Bh54ogZf7czyUNfkNkE69yJDbTHjpQd0cKUQnu9tVxqmBzhX31yF4VcsMeADcf2Z8wlA3n4LZnC/GwonYlq5+G93zJpFOkPhme8c2XuPuCXF795lsxyJ8SB/AlwPJAhEtm0y0s0l1l4eWqxsDxkBOgN+ivU0czrVMssHJEJb4o0FLf7iHhOW56/iMdD9w== userName
.{keyId}.pub.meta
: This file contains the key metadata in JSON format. A new metadata file is dynamically generated if a key has no metadata.For example:
{ "name":"Key", "creationDate":"Oct 10, 2018 10:10:50 PM", "lastTimeUsed":"Oct 11, 2018 12:11:23 PM" }
11.2. Custom SSH keystore
You can extend and customize the default SSH keystore according to your requirements. Use the appformer.ssh.keystore
system property to specify the Java class name of the SSH service to use. If this property is not defined or it contains an incorrect value then the default SSH keystore is loaded.
To create a custom implementation of the SSH keystore, your java class must implement the org.uberfire.ssh.service.backend.keystore.SSHKeyStore
class defined in the uberfire-ssh-api
module.
11.3. Creating an SSH key
Before you can add or register SSH keys to Decision Central, you must generate an SSH key on your system.
Procedure
- Open a terminal on your system.
Run the
ssh-keygen
command to create the SSH key as shown in the following example, where <user_login> is your user name.ssh-keygen -t rsa -b 4096 -C "<user_login>"
NoteThe SSH key formats supported by Decision Central keystore are
ssh-rsa
,ssh-dss
,ecdsa-sha2-nistp256
,ecdsa-sha2-nistp384
, andecdsa-sha2-nistp521
.When prompted, press the Enter key and accept the default key file location as shown in the following example, where <user_login> is your user name.
Enter a file in which to save the key (/home/<user_login>/.ssh/id_rsa): [Press enter]
At the command prompt, enter and confirm the passphrase.
Enter passphrase (empty for no passphrase): [Type a passphrase] Enter same passphrase again: [Type passphrase again]
Start the
ssh-agent
.eval "$(ssh-agent -s)" Agent pid <any-number-here>
Add the new SSH private key to the
ssh-agent
. If you have used a different key name, replace id_rsa in code.ssh-add ~/.ssh/id_rsa
11.4. Registering your SSH public key with the SSH keystore
You must register your newly created SSH public key with the Decision Central keystore.
Procedure
- Open a terminal on your system.
Run the
cat
command as shown in the following example, whereid_rsa
is your key name.cat ~/.ssh/id_rsa.pub
- Copy the contents of your SSH public key.
- Log in to Decision Central.
- Select Admin → SSH Keys.
- From the SSH Keys page, click Add SSH Keys.
In the Add SSH Key window, enter a name in the Name field and copy the contents of the SSH public key to the Keys field.
NoteThe Name and the Key fields are mandatory.
- Click Add SSH Key to register the key.
11.5. Deleting an SSH key
You can delete an SSH key from Decision Central by from the SSH Keys page.
Procedure
- Log in to Decision Central.
- Select Admin → SSH Keys.
- All of the SSH keys are listed on the SSH Keys page.
- To delete an SSH key, click the delete icon (trash can).
- Click the Delete SSH Key to confirm the deletion.
Chapter 12. LDAP connection
Decision Central provides a dedicated UserGroupCallback
implementation for LDAP servers with Red Hat Decision Manager to enable the user task service to retrieve information on users, groups, and roles directly from an LDAP service.
You can configure the following LDAP UserGroupCallback
implementation properties:
Property | Description |
---|---|
| User name for connecting to the LDAP server (optional if the LDAP server accepts anonymous access). |
| Password for connecting to the LDAP server (optional if the LDAP server accepts anonymous access). |
| Context in LDAP with user information (mandatory). |
| Context in LDAP with group and role information (mandatory). |
|
Context in LDAP with user group and role membership information (optional if not specified and |
| Filter for searching user information; usually contains substitution keys {0}, which are replaced with parameters (mandatory). |
| Filter for searching group and role information, usually contains substitution keys {0}, which are replaced with parameters (mandatory). |
| Filter for searching user group and role membership information, usually contains substitution keys {0}, which are replaced with parameters (mandatory). |
|
Attribute name of the user ID in LDAP (optional; if not specified, |
|
Attribute name of the group and role ID in LDAP (optional; if not specified, |
|
User ID in a DN, instructs the callback to query for user DN before searching for roles (optional; is |
|
Initial context factory class name; is |
|
Authentication type (possible values are |
|
Security protocol to be used, for example, |
|
LDAP url (by default |
12.1. LDAP UserGroupCallback implementation
You can use the LDAP UserGroupCallback
implementation by configuring the respective LDAP properties in one of the following ways:
Programatically: Build a properties object with the respective
LDAPUserGroupCallbackImpl
properties and createLDAPUserGroupCallbackImpl
with the properties object as its parameter.import org.kie.api.PropertiesConfiguration; import org.kie.api.task.UserGroupCallback; ... Properties properties = new Properties(); properties.setProperty(LDAPUserGroupCallbackImpl.USER_CTX, "ou=People,dc=my-domain,dc=com"); properties.setProperty(LDAPUserGroupCallbackImpl.ROLE_CTX, "ou=Roles,dc=my-domain,dc=com"); properties.setProperty(LDAPUserGroupCallbackImpl.USER_ROLES_CTX, "ou=Roles,dc=my-domain,dc=com"); properties.setProperty(LDAPUserGroupCallbackImpl.USER_FILTER, "(uid={0})"); properties.setProperty(LDAPUserGroupCallbackImpl.ROLE_FILTER, "(cn={0})"); properties.setProperty(LDAPUserGroupCallbackImpl.USER_ROLES_FILTER, "(member={0})"); UserGroupCallback ldapUserGroupCallback = new LDAPUserGroupCallbackImpl(properties); UserGroupCallbackManager.getInstance().setCallback(ldapUserGroupCallback);
Declaratively: Create the
jbpm.usergroup.callback.properties
file in the root of your application or specify the file location as a system property:-Djbpm.usergroup.callback.properties=FILE_LOCATION_ON_CLASSPATH
Ensure that you register the LDAP callback when starting the user task server.
#ldap.bind.user= #ldap.bind.pwd= ldap.user.ctx=ou\=People,dc\=my-domain,dc\=com ldap.role.ctx=ou\=Roles,dc\=my-domain,dc\=com ldap.user.roles.ctx=ou\=Roles,dc\=my-domain,dc\=com ldap.user.filter=(uid\={0}) ldap.role.filter=(cn\={0}) ldap.user.roles.filter=(member\={0}) #ldap.user.attr.id= #ldap.roles.attr.id=
Additional resources
Chapter 13. Database connection
Decision Central provides a dedicated UserGroupCallback
implementation for database server with Red Hat Decision Manager to enable the user task service. The user task service helps in retrieving information on users and groups (roles) directly from databases.
You can configure the following database UserGroupCallback
implementation properties:
Property | Description |
---|---|
| JNDI name of the data source used for connections |
| Verifies the user existence |
| Collects the groups for a given user |
| Verifies the group existence |
13.1. Database UserGroupCallback implementation
In database UserGroupCallback
implementation, you must create the required database. You can use this implementation by configuring the respective database properties in one of the following ways:
Programmatically: Build a properties object with the respective
DBUserGroupCallbackImpl
properties and createDBUserGroupCallbackImpl
using the same properties object as its parameter.For example:
import static org.jbpm.services.task.identity.DBUserGroupCallbackImpl.DS_JNDI_NAME; import static org.jbpm.services.task.identity.DBUserGroupCallbackImpl.PRINCIPAL_QUERY; import static org.jbpm.services.task.identity.DBUserGroupCallbackImpl.ROLES_QUERY; import static org.jbpm.services.task.identity.DBUserGroupCallbackImpl.USER_ROLES_QUERY; ... props = new Properties(); props.setProperty(DS_JNDI_NAME, "jdbc/jbpm-ds"); props.setProperty(PRINCIPAL_QUERY, "select userId from Users where userId = ?"); props.setProperty(ROLES_QUERY, "select groupId from UserGroups where groupId = ?"); props.setProperty(USER_ROLES_QUERY, "select groupId from UserGroups where userId = ?"); callback = new DBUserGroupCallbackImpl(props);
Declaratively: Create the
jbpm.usergroup.callback.properties
file in the root of your application or specify the file location as a system property.For example:
-Djbpm.usergroup.callback.properties=FILE_LOCATION_ON_CLASSPATH
Ensure that you register the database callback when starting the user task server.
For example:
System.setProperty("jbpm.usergroup.callback.properties", "/jbpm.usergroup.callback.db.properties"); callback = new DBUserGroupCallbackImpl(true); ... db.ds.jndi.name = jdbc/jbpm-ds db.user.query = select userId from Users where userId = ? db.roles.query = select groupId from UserGroups where groupId = ? db.user.roles.query = select groupId from UserGroups where userId = ?
Additional resources
Chapter 14. Configuring Maven using settings.xml file
Java application development uses the Apache Maven build automation tool to build and manage software projects. Maven uses Project Object Model (POM) configuration XML files to define both, the project properties and the build process.
Maven uses repositories to store Java libraries, plug-ins, and other build artifacts. Repositories can be either local or remote. A local repository is a download of artifacts from a remote repository cached on a local machine. A remote repository is any other repository accessed using common protocols, such as http://
when located on an HTTP server, or file://
when located on a file server. The default repository is the public remote Maven 2 Central Repository. Configuration of Maven is performed by modifying the settings.xml file. You can either configure global Maven settings in the M2_HOME/conf/settings.xml
file, or user-level settings in the USER_HOME/.m2/settings.xml
file.
Additional resources
- Configuring an external Maven repository for Decision Central
- Packaging and deploying a project in Maven
- Maven settings and repositories for Red Hat Decision Manager
- System integration with Maven
- Welcome to Apache Maven
- Apache Maven Project - Introduction to Repositories
- Apache Maven Parent POMs Reference.
Chapter 15. Managing GAV checks
In Decision Central, projects are identified using Maven naming convention or GAV (group Id, artifact, and version) data. GAV values differentiate projects and project versions as well as identify dependencies with particular projects.
By default, Decision Central detects duplicate GAVs. This feature can be disabled by users with the admin role.
Enabling GAV checks and child GAV edition
Procedure
- Log in to Decision Central.
- Select Menu → Design → Projects.
- Double-click the project to open it.
- In the Project Editor window, click the Settings tab.
Make the following selections from the General Settings tab.
- Select Disable GAV conflict check to enable other projects to have the same GAV.
- Select Allow child GAV edition to enable child projects to have GAV edition.
Click Save.
NoteClick Reset to undo all changes.
- Click Save again to confirm the changes.
You can disable the duplicate GAV detection feature by setting the org.guvnor.project.gav.check.disabled
system property to true when you start Decision Central.
$ ~/EAP_HOME/bin/standalone.sh -c standalone-full.xml -Dorg.guvnor.project.gav.check.disabled=true
Chapter 16. Repository hooks
In Decision Central, you can use scripts, known as hooks, to configure the repository to trigger a specified action every time a particular event happens.
16.1. Configuring git hooks
Decision Central can automatically push changes to a remote repository using Git hooks. After you configure the post-commit hook, Decision Central automatically pushes your changes to the remote repository.
Currently only post-commit hooks are supported. Post-commit hooks are triggered after the commit process finishes.
Prerequisites
- Red Hat Decision Manager projects exist in an external Git repository.
- Credentials required for read access to that external Git repository are available.
Procedure
- Log in to Decision Central.
- Select Menu → Projects.
- Select or create the space into which you want to import the projects.
- Click on the right side of the screen and select Import Project.
In the Import Project window, enter the URL (for example,
https://github.com/USERNAME/REPOSITORY_NAME.git
) and credentials for the Git repository that contains the project that you want to import and click Import.The project is added to the Decision Central Git repository and is available in the created or default space.
ImportantUse the HTTPS or Git protocol instead of a SCP-style SSH URL. Decision Central does not support the basic SSH URL and an error appears if you use this URL.
In a terminal window, change to the created repository.
cd JBOSS_HOME/bin/.niogit/REPOSITORY_NAME.git
Create the
post-commit
file in theJBOSS_HOME/bin/.niogit/REPOSITORY_NAME.git/hooks
directory, set the permissions torwxr—r--
and add the following content:#!/bin/sh git push origin master
Make sure that the configuration was successful by creating a new guided rule in Decision Central:
- Select Menu → Projects → Add Asset → Guided Rule.
- Fill in the required information in the displayed Create new Guided Rule window.
Click Ok.
Decision Central automatically pushes all changes to the remote repository.
You can also specify the org.uberfire.nio.git.hooks
system property. Specify a directory with default hook files as the value for this property. This directory will be copied to the newly created Git repositories. See the following example of a standalone.xml
file with this setting below:
<system-properties> <property name="org.uberfire.nio.git.hooks" value="/opt/jboss-as/git-hooks"> </property> ... </system-properties>
Additional resources
16.2. Git hook exit codes
When a git hook exits an integer value is returned which determines the status of the git hook execution. This integer value is known as a git hook exit code. The execution status can be a success, warning or failure.
16.2.1. Types of exit codes
Decision Central has the following three types of exit codes:
Successful notification
0
: Success. A git hook that exits with code 0
displays a success notification in the user interface.
Warning notification
1..30
: Warning. A git hook that exits with a code between 1
and 30
(inclusive) will display a warning notification in user interface.
Error notification
Anything else: Error. Any other code number will be displayed as an error notification.
UNIX systems only support error codes between 0 (success) and 255 (error). Any exit code outside of this range is converted to a different code which might result in displaying a wrong notification message. Windows systems don’t have this limitation and can support a wide range of exit codes.
16.3. Customizing git hook notifications
Decision Central provides a mechanism that enables users to receive feedback about git hook executions using customized messages based on a hook’s exit code.
Procedure
To enable notifications, in the
standalone.xml
file set theappformer.git.hooks.bundle
system property to point to a*.properties
file containing the custom messages for each exit code.For example:
<system-properties> <property name="appformer.git.hooks.bundle" value="/opt/jboss-as/git-hooks-messages/Messages.properties"> </property> ... </system-properties>
To display the messages, each line of the
*.properties
must have the following format:<exit_code>=<display_message>
where,
<exit_code>
is the git hook exit code and<display_message>
is the custom message that is displayed to a user.Exit code messages with this format appear similar to the following example:
0=Success 1=Display Message 1 . . 31=Display Message 31
Its not necessary to define all the possible exit codes in the *.properties file. Notifications appear only for the exit codes defined in the *.properties file.
16.3.1. Internationalize git hook notifications
You can internationalize the notification messages by placing different *.properties
files in the directory specified for the appformer.git.hooks.bundle
system property. The names of the localized files have the format <filename>_<lang>.properties
. These files must contain the same entries as in the original file.
For example, you have specified the system property to point to Messages.properties
. Now you can create localized message properties files like Messages_en.properties
for English, Messages_fr.properties
for French, Messages_it.properties
for Italian, and so on. The notification service will choose the one based on the user language and if there are no available translations for a language then it will use the default ones specified in the Messages.properties
file.
The notification service only supports the ISO 8859-1
(LATIN 1
) character set in the *.properties
file. If you want to use extended characters, please escape them using their Unicode code.
Chapter 17. Viewing process instance logs
You can view all the process events of an instance from its Logs tab. The instance logs list all the current and previous process states. Decision Central has two types of logs for process instances, Business and Technical logs.
Procedure
- Log in to Decision Central.
- Select Menu → Manage → Process Instances.
- On the Manage Process Instances page, click the process instance whose log you want to view.
Select the Logs tab:
- Click Business to view the business events log.
- Click Technical to view the technical events log.
- Click Asc or Desc to change the order of the log files.
Appendix A. Versioning information
Documentation last updated on Wednesday, April 28, 2021.