Red Hat Training

A Red Hat training course is available for Red Hat Decision Manager

Configuring Decision Central settings and properties

Red Hat Decision Manager 7.2

Red Hat Customer Content Services

Abstract

This document describes how to customize and manage the various features of Decision Central in Red Hat Decision Manager 7.2.

Preface

As an administrator, you can customize Decision Central using the Admin Settings. You can use the Admin Settings to customize the following items:

  • Roles: Set the home page, priority, and permissions of a role.
  • Groups: Set the home page, priority, and permissions of a group as well as create and delete groups.
  • Users: Create and delete users as well as add a group or role to a user and view its permissions.
  • Artifacts: View M2 repository artifacts, upload artifacts, view, and download JAR files.
  • Data Source: Add, update, or delete data sources and database drivers.
  • Data Sets: Create, modify, or delete data sets.
  • Projects: View and edit project preferences such as file export properties, space properties, default values, and advanced GAV properties.
  • Artifact Repository: Manage artifact repository properties.
  • Languages: Set the Decision Central language.
  • Process Designer: Set diagram editor properties.

Prerequisites

Chapter 1. User and group management

Decision Central defines three types of entities for security management - users, groups, and roles. Permissions can be assigned to both roles and groups. Decision Central provides the following roles:

  • process-admin
  • manager
  • admin
  • analyst
  • developer
  • user
Note

If a role’s identifier is present in the application’s Role Registry only then it is considered a role otherwise its a group.

You can use Decision Central to create and manage as many users and groups as you require. A user must be assigned at least one user-specific role to login to Decision Central. User privileges depends on permissions from the groups and roles the user is a member of. Note that role or group priority is taken into account in case a user has several roles or groups assigned to it.

1.1. Creating users

You can create as many Decision Central users as you require. User privileges and settings are controlled by the roles assigned to a user and the groups that a user belongs to.

Procedure

  1. Log in to Decision Central and click AdminUsers.
  2. Click New user, enter a user name, and then click Next.
  3. If desired, click the Groups tab, click Add to groups, and then select the groups that you want this user to belong to. Then click Add to selected groups.
  4. Click the Roles tab, click Add roles, and then select the roles that you want to give this user. Then click Add to selected roles.
  5. Click Create.
  6. Click Yes to set a password for the user and click Change.
Note

The user must have at least one role to access Decision Central.

1.2. Editing users

You can edit the users of Decision Central according to your needs. From the Users option in Settings, you can change the group and role of a user. All user permissions are based on the group and role permissions of the user. You can view the user permissions from the Permissions tab.

Procedure

  1. Log in to Decision Central.
  2. Select AdminUsers.
  3. From All users, click the user you want to edit. All user details are displayed in the right pane.

  4. Click Edit.

    • Complete the following steps to add groups to users:

      1. From Groups, click Add to groups. The Group selection for user window opens.
      2. Select or deselect the groups you want the user to be a part of.
      3. Click Add to selected groups.

    • Complete the following steps to add roles to users:

      1. From Roles tab, click Add roles. The Role selection for user window opens.
      2. Select or deselect the roles you want to assign to the user.
      3. Click Add to selected roles.

    • Complete the following step to view user permissions:

      1. Click the Permissions tab and expand the attributes to view user permissions.

    • Complete the following steps to change the user’s password,

      1. Click Change Password. The Change password for user window opens.
      2. Enter and confirm the new password and click Change.

    • Complete the following steps to delete the user,

      1. Click Delete and then click Yes to remove the user.
  5. Click Save to apply the changes.

1.3. Creating groups

In Decision Central, groups allow you to control permissions for a collection of users. You can create as many groups as you want but a group must have at least one user.

Procedure

  1. Log in to Decision Central.
  2. Select AdminGroups.
  3. Click New group, enter a group name, and then click Next.

  4. Select the users that you want to belong to this group, and then click Add selected users.

    The newly created group is listed under All groups.

1.4. Editing groups

You can edit a group’s attributes such as home page, priority, and permissions according to your requirements. From the Groups option in Settings, you can modify or delete a group.

Procedure

  1. Log in to Decision Central.
  2. Select AdminGroups.
  3. From All groups, click the group you want to edit. All user details are displayed in the right pane.
  4. Select the home page from the Home Page list.
  5. Select the priority from the Priority list.

  6. In the Permissions section, expand the resource attribute and change its permission.

    Note

    You can add exceptions to Pages, Editor, Spaces, and Projects permissions.

  7. Click Save to apply the changes.

    Note

    Use Delete to remove a group from Decision Central.

Chapter 2. Security management

Security management is the process of managing users, groups, and permissions. You can control access to Decision Central resources and features from the Decision Central Security management page.

Decision Central defines three types of entities for security management: users, groups, and roles. You can assign permissions to both roles and groups. A user inherits permissions from the groups and roles that the user is a member of.

2.1. Security management providers

In the context of security management, a realm restricts access to different application resources. Realms contain information about users, groups, roles, and permissions. A concrete user and group management service implementation for a specific realm is called a security management provider.

If the built-in security management providers do not meet the requirements of your application security realm, then you can build and register your own security management provider.

Note

If the security management provider is not installed, the user interface for managing the security realm is not available. After you install and configure a security management provider, the user and group management features are automatically enabled in the security management user interface.

Decision Central includes the Red Hat JBoss EAP security management provider which supports realm types based on the contents of the application-users.properties or application-roles.properties property file.

2.1.1. Configuring the Red Hat JBoss EAP security management provider based on property files

You can build and register your own Red Hat JBoss EAP security management provider. To use the Red Hat JBoss EAP security management provider based on property files, complete the steps in this procedure.

Prerequisites

  • Red Hat JBoss EAP is installed.

Procedure

  1. To use an existing users or roles property file from the Red Hat JBoss EAP instance, include the following system properties in the EAP_HOME/standalone/configuration/application-users.properties and EAP_HOME/standalone/configuration/application-roles.properties files, as shown in the following example: 

    <property name="org.uberfire.ext.security.management.wildfly.properties.realm" value="ApplicationRealm"/>
<property name="org.uberfire.ext.security.management.wildfly.properties.users-file-path" value="/standalone/configuration/application-users.properties"/>
<property name="org.uberfire.ext.security.management.wildfly.properties.groups-file-path" value="/standalone/configuration/application-roles.properties"/>

    The following table provides a description and default value for these properties:

    Table 2.1. Red Hat JBoss EAP security management provider based on property files

    PropertyDescriptionDefault value

    org.uberfire.ext.security.management.wildfly.properties.realm

    The name of the realm. This property is not mandatory.

    ApplicationRealm

    org.uberfire.ext.security.management.wildfly.properties.users-file-path

    The absolute file path for the users property file. This property is mandatory.

    ./standalone/configuration/application-users.properties

    org.uberfire.ext.security.management.wildfly.properties.groups-file-path

    The absolute file path for the groups property file. This property is mandatory.

    ./standalone/configuration/application-roles.properties

  2. Create the security-management.properties file in the root directory of your application. For example, create the following file: 

    src/main/resources/security-management.properties

  3. Enter the following system property and security provider name as a value in the security-management.properties file: 

    <property name="org.uberfire.ext.security.management.api.userManagementServices" value="WildflyUserManagementService"/>

2.1.2. Configuring the Red Hat JBoss EAP security management provider based on property files and CLI mode

To use the Red Hat JBoss EAP security management provider based on property files and CLI mode, complete the steps in this procedure.

Prerequisites

  • Red Hat JBoss EAP is installed.

Procedure

  1. To use an existing users or roles property file from the Red Hat JBoss EAP instance, include the following system properties in the EAP_HOME/standalone/configuration/application-users.properties and EAP_HOME/standalone/configuration/application-roles.properties files, as shown in the following example: 

    <property name="org.uberfire.ext.security.management.wildfly.cli.host" value="localhost"/>
<property name="org.uberfire.ext.security.management.wildfly.cli.port" value="9990"/>
<property name="org.uberfire.ext.security.management.wildfly.cli.user" value="<USERNAME>"/>
<property name="org.uberfire.ext.security.management.wildfly.cli.password" value="<USER_PWD>"/>
<property name="org.uberfire.ext.security.management.wildfly.cli.realm" value="ApplicationRealm"/>

    The following table provides a description and default value for these properties:

    Table 2.2. Red Hat JBoss EAP security management provider based on property files and CLI mode

    PropertyDescriptionDefault value

    org.uberfire.ext.security.management.wildfly.cli.host

    The native administration interface host.

    localhost

    org.uberfire.ext.security.management.wildfly.cli.port

    The native administration interface port.

    9990

    org.uberfire.ext.security.management.wildfly.cli.user

    The native administration interface username.

    NA

    org.uberfire.ext.security.management.wildfly.cli.password

    The native administration interface user’s password.

    NA

    org.uberfire.ext.security.management.wildfly.cli.realm

    The realm used by the application’s security context.

    ApplicationRealm

  2. Create the security-management.properties file in the root directory of your application. For example, create the following file: 

    src/main/resources/security-management.properties

  3. Enter the following system property and security provider name as a value in the security-management.properties file: 

    <property name="org.uberfire.ext.security.management.api.userManagementServices" value="WildflyCLIUserManagementService"/>

2.2. Permissions and settings

A permission is an authorization granted to a user to perform actions related to a specific resource within the application. For example, a user can have following permissions:

  • View a page.
  • Save the project.
  • View a repository.
  • Delete a dashboard.

You can grant or deny a permission and a permission can be global or resource specific. You can use permissions to protect access to resources and customize features within the application.

2.2.1. Changing permissions for groups and roles in Decision Central

In Decision Central, you cannot change permissions for an individual user. However, you can change permissions for groups and roles. The changed permissions apply to users with the role or that belong to a group that you changed.

Note

Any changes that you make to roles or groups affect all of the users associated with that role or group.

Prerequisites

  • You are logged in to Decision Central with the admin user role.

Procedure

  1. To access the Security management page in Decision Central, select the Admin icon in the top-right corner of the screen.

  2. Click Roles, Groups, or Users on the Decision Central Settings page.

    The Security management page opens on the tab for the icon that you clicked.

  3. From the list, click the role or group you want to edit. All details are displayed in the right panel.
  4. Set the Home Page or Priority under the Settings section.

  5. Set the Decision Central, page, editor, space, and project permissions under the Permissions section.

    Figure 2.1. Setting the permissions

    Setting the permissions
  6. Click the arrow next to a resource type to expand the resource type whose permissions you want to change.

  7. Optional: To add an exception for a resource type, click Add Exception and then set the permissions as required.

    Note

    You cannot add an exception to the Decision Central resource type.

  8. Click Save.

2.2.2. Changing the Decision Central home page

The home page is the page that appears after you log in to Decision Central. By default, the home page is set to Home. You can specify a different home page for each role and group.

Procedure

  1. In Decision Central, select the Admin icon in the top-right corner of the screen and select Roles or Groups.
  2. Select a role or group.
  3. Select a page from the Home Page list.

  4. Click Save.

    Note

    The role or group must have read access to a page before you can make it the home page.

2.2.3. Setting priorities

A user can have multiple roles and belong to multiple groups. The Priority setting determines the order of precedence of a role or group.

Prerequisites

  • You are logged in to Decision Central with the admin user role.

Procedure

  1. In Decision Central, select the Admin icon in the top-right corner of the screen and select Roles or Groups.
  2. Select a role or group.
  3. Select a priority from the Priority menu, and then click Save.
Note

If a user has a role or belongs to a group that has conflicting settings, the settings of the role or group with the highest priority applies.

Chapter 3. Managing artifacts

You can manage artifacts from the Artifacts page in Decision Central. The artifact repository is a local Maven repository and there is only one Maven repository for each installation. Decision Central recommends using Maven repository solutions like Sonatype Nexus™, Apache Archiva™, or JFrog Artifactory™.

The Artifacts page lists all the artifacts in the Maven repository. You can also upload a new artifact to the Maven repository using the Upload button.

Note

Only *.jar, *.kjar, or pom.xml files can be uploaded to the Artifacts repository.

3.1. Viewing an artifact

You can view all the content of the local maven repository from the Artifacts page.

Procedure

  1. Log in to Decision Central.
  2. Select AdminArtifacts.
  3. Click Open to view the artifact details.
  4. Click Ok to go back to the Artifacts page.

3.2. Downloading an artifact

You can download and save an artifact from Decision Central’s repository to a project’s local storage.

Procedure

  1. Log in to Decision Central.
  2. Select AdminArtifacts.
  3. Click Download.
  4. Browse to the directory where you want to save the artifact and click Save.

3.3. Uploading an artifact

You can upload an artifact from the local storage to a project in Decision Central.

Procedure

  1. Log in to Decision Central.
  2. Select AdminArtifacts.
  3. Click Upload.
  4. Click Choose File and browse to the directory from where you want to upload the artifact.

  5. Click Upload.

    Note

    In case you are using a non-maven artifact, first deploy the artifact to the maven repository using mvn deploy command and then refresh the artifact list in Decision Central.

Chapter 4. Managing data sources

Decision Central provides data source management which gives you the ability of defining data sources for accessing a database. These data sources are then used by other Decision Central components such as the data sets. A database driver, on the other hand, is used for enabling communication between a data source and the targeted database.

From the Data Source Authoring page you can add data sources and database drivers to Decision Central.

Note

Decision Central provides a default data source that can can be used but can neither be edited nor deleted.

4.1. Adding a database driver

You can add a new database driver to Decision Central according to your requirements.

Procedure

  1. Log in to Decision Central.
  2. Select AdminData Sources. The Data Sources Authoring page opens.
  3. In the DataSource Explorer pane, click Add Driver. The New driver window opens.
  4. In the New driver window, enter the Name, Driver Class Name, Group Id, Artifact Id, and the Version of the database driver.
  5. Click Finish to add the driver to Decision Central.

4.2. Deleting a database driver

You can remove database drivers from the Data Source Definition pane of Decision Central.

Procedure

  1. Log in to Decision Central.
  2. Select AdminData Sources. The Data Sources Authoring page opens.
  3. In the DataSource Explorer pane, select the driver you want to delete. The Data Source Definition pane lists the driver details.
  4. Click Remove.
  5. Click Delete to delete the driver.

4.3. Adding a data source

You can add a new data source to Decision Central from the Data Sources Authoring page.

Procedure

  1. Log in to Decision Central.
  2. Select AdminData Sources. The Data Sources Authoring page opens.
  3. In the DataSource Explorer pane, click Add DataSource. The New data source window opens.
  4. In the New data source window, enter the data source Name, database Connection URL, User and Password, and Driver.
  5. Click Test Connection to verify the connection to the database.
  6. Click Finish to add the data source to Decision Central.

4.4. Editing a data source

You can edit the properties of a data source and also test its connection to the database in Decision Central.

Procedure

  1. Log in to Decision Central.
  2. Select AdminData Sources. The Data Sources Authoring page opens.
  3. In the DataSource Explorer pane, click the data source you want to edit. The Data Source Definition pane lists the data source details.
  4. In the Data Source Definition pane, make the necessary changes to the Name, Connection URL, User, Password, and the Driver fields.
  5. Click Test Connection to verify the connection to the database.
  6. Click Update.
  7. Click Save to confirm the changes to the data source.

4.5. Deleting a data source

You can delete an existing data source from the DataSource Explorer pane in Decision Central.

Procedure

  1. Log in to Decision Central.
  2. Select AdminData Sources. The Data Sources Authoring page opens.
  3. In the DataSource Explorer pane, click the data source you want to delete. The Data Source Definition pane lists the data source details.
  4. Click Remove.
  5. Click Delete to confirm the deletion of the data source.

Chapter 5. Data sets authoring

A data set is a collection of related sets of information. It can be stored in many ways, such as in a database, in a Microsoft Excel file, in memory, and so on. A data set definition instructs Decision Central how to access, read, and parse a data set. Decision Central does not store data. It enables you to define access to a data set regardless of where the data is stored.

For example, if data is stored in a database, a valid data set could contain the entire database or a subset of the database as a result of an SQL query. In both cases, the data is used as input for the reporting components of Decision Central which then displays the information.

To access a data set, you must create and register a data set definition, which will define where the data set is stored, how it can be accessed, read, and parsed, and what columns it contains.

Note

The Data Sets page is visible only to users with admin role.

5.1. Adding data sets

You can create a new data set to fetch data from an external data source and use that data for the reporting components.

Procedure

  1. Log in to Decision Central and click the gear icon.
  2. Click Data SetsData Set ExplorerNew Data Set.

  3. Select one of the following the provider types:

    • Bean: Use to generate a data set from a Java class
    • CSV: Use to generate a data set from a remote or local CSV file
    • SQL: Use to generate a data set from an ANSI-SQL compliant database
    • Elastic Search: Use to generate a data set from Elastic Search nodes

    • Execution Server: Use to generate a data set using the custom query feature of an Execution Server

      Note

      KIE Server must be configured with this option.

  4. Complete the Data Set Creation Wizard and click Test.

    Note

    Depending on the provider you chose, the configuration steps will differ.

  5. Click Save.

5.2. Editing data sets

You can edit existing data sets to ensure that the data fetched to the reporting components is up-to-date.

Procedure

  1. Log in to Decision Central, click the gear icon, and then click Data Sets.
  2. In the Data Set Explorer pane, search for the data set you want to edit and click Edit.

  3. In the Data Set Editor pane, use the appropriate tab to edit the data as required. The tabs will differ based on the data set provider type you chose.

    For example, the following changes are applicable for editing a CSV data provider.

    • CSV Configuration: Enables you to change the name of the data set definition, the source file, the separator, and other properties.

    • Preview: Enables you to preview the data. After you click Test in the CSV Configuration tab, the system executes the data set lookup call and if the data is available, a preview appears. Note that the Preview tab has two sub-tabs:

      • Data columns: Enables you to specify what columns are part of your data set definition.
      • Filter: Enables you to add a new filter.

    • Advanced: Enables you to manage:

  4. After making the required changes, click Validate.
  5. Click Save.

5.3. Data refresh

The data refresh feature enables you to specify an interval of time after which a data set (or data) is refreshed. The Refresh on stale data feature refreshes the cached data when the back-end data changes.

5.4. Caching

Decision Central provides caching mechanisms for storing data sets and performing data operations using in-memory data. Caching data reduces network traffic, remote system payload, and processing time. To avoid performance issues, configure the cache settings in Decision Central.

For any data lookup call that result in a data set, the caching technique will determine where the data lookup call is executed and where the resulting data set is stored. An example of a data lookup call would be all the mortgage applications whose locale parameter is set as "Urban".

Decision Central data set functionality provides two cache levels:

  • Client level
  • Back end level

Client cache

When the cache is turned on, the data set is cached in a web browser during the lookup operation and further lookup operations do not perform requests to the back end. Data set operations like grouping, aggregations, filtering, and sorting are processed in the web browser. Enable client caching only if the data set size is small, for example, for data sets with less than 10 mb size. For large data sets, browser issues such as slow performance or intermittent freezing can occur. Client caching reduces the number of back end requests including requests to the storage system.

Back end cache

When the cache is enabled, the decision engine caches the data set. This reduces the number of requests to the remote storage system. All data set operations are performed in the decision engine using in-memory data. Enable back-end caching only if the data set size is not updated frequently and it can be stored and processed in memory. Using back-end caching is also useful in cases with low latency connectivity issues with the remote storage.

Note

Back end cache settings are not always visible in the Advanced tab of the Data Set Editor because Java and CSV data providers rely on back end caching (data set must be in the memory) in order to resolve any data lookup operation using the in-memory decision engine.

Chapter 6. Customizing project preferences

A project stores assets and is part of a space. A space can hold multiple projects.

For example, an organization has many departments, such as HR, Payroll, Engineering, R&D, and so on. Each department maps to a space. And every department can have their own projects.

You can create a new Project from scratch or clone projects from an existing Git repository.

Procedure

  1. Log in to Decision Central.
  2. Select AdminProjects. The Projects page opens.

  3. Project Preferences has the following four options,

    • File exporting option. It has the following properties,

      Table 6.1. File exporting properties

      FieldDescription

      PDF orientation

      Determines whether the PDF orientation is portrait or landscape.

      PDF units

      Determines whether the PDF unit is PT, MM, CN or IN.

      PDF page format

      Determines whether the PDF page format is A[0-10], B[0-10], or C[0-10].

    • Spaces option. It has the following properties,

      Table 6.2. Spaces properties

      FieldDescription

      Name

      The default name of the space that is created automatically if none exists.

      Owner

      The default owner of the space that is created automatically if none exists.

      Group ID

      The default group id of the space that is created automatically if none exists.

      Alias (in singular)

      Determines the customized alias (singular) of the space.

      Alias (in plural)

      Determines the customized alias (plural) of the space.

    • Default values option. It has following properties,

      Table 6.3. Default values properties

      FieldDescription

      Version

      The default version number of a project when creating projects using the Quick setup option.

      Description

      The default description of a project when creating projects using the Quick setup option.

      Branch

      The default branch to be used when using a Git repository.

    • Default values option. It has following properties,

      Table 6.4. Advanced GAV preference properties

      FieldDescription

      Disable GAV conflict check?

      Determines whether to enable or disable the GAV conflict check. Disabling this feature will allow projects to have the same GAV(Group ID, Artifact, Version).

      Allow child GAV edition?

      Determines whether to allow child/sub-projects to have GAV edition.

  4. Click Save.

Chapter 7. Customizing artifact repository properties

In some cases, projects need to resolve external dependencies to build domain model Jars. A repository contains the needed artifacts which has the following features:

  • It’s a Maven repository.
  • All snapshots are time stamped.
  • Mostly stored in the local hard drive

By default, the artifact repository is in $WORKING_DIRECTORY/repositories/kie.

Procedure

  1. Log in to Decision Central.
  2. Select AdminArtifact Repository. The Artifact Repository page opens.
  3. Make selections and enter information in the Properties section.
  4. Click Save.

Chapter 8. Customizing language settings

You can change the language settings of Decision Central from the Settings page. Decision Central supports seven languages - English, German, Spanish, French, Japanese, Portuguese, and Chinese(Simplified). The default language is English.

Procedure

  1. Log in to Decision Central.
  2. Select AdminLanguages. The Language Selector window opens.
  3. Select the desired language from the Language list.
  4. Click Ok.

Chapter 9. Customizing process administration

You can customize the default pagination option in Decision Central by editing the Default items per page property on the Process Administration page.

Procedure

  1. Log in to Decision Central.
  2. Select AdminProcess Administration.

  3. From the Properties section, update the Default items per page property and click Save.

    Note

    You can specify 10, 20, 50 or 100 items to display on each page.

Chapter 10. Customizing the process designer

You can customize the process designer in Decision Central by editing the properties of the diagram editor from the Settings page.

Procedure

  1. Log in to Decision Central.
  2. Go to AdminProcess Designer.

  3. In the Properties section, update any of the following properties and click Save:

    • Select the Auto hide category panel check box to automatically hide a category toolbar panel.
    • In the Drawing area width field, enter an integer value between 2800 and 5600 to set the width of the drawing area.
    • In the Drawing area height field, enter an integer value between 1400 and 2800 to set the height of the drawing area.
    • Select the Enable HiDPI check box if you are using a high resolution display and are seeing blurry text and objects. This option is disabled by default.

Chapter 11. SSH Keys

Decision Central provides an SSH keystore service to enable user SSH authentication. It provides a configurable default SSH keystore, extensible APIs (for custom implementations), and support for multiple SSH public keys formats.

You can access the SSH Keys option from the Admin page to register your SSH public keys.

11.1. Default SSH keystore

The default SSH keystore included with Decision Central provides a file-based storage mechanism to store a user’s public keys. By default, Decision Central uses the *.security folder as the root directory. However, it is possible to use a custom storage path by setting the value of the appformer.ssh.keys.storage.folder system property point to a different folder.

The SSH public keys are stored in the {securityFolderPath}/pkeys/{userName}/ folder structure.

Each SSH public key consists of the following files, located in the storage folder:

  • {keyId}.pub: This file contains the SSH public key content. As the file name determines the logic key ID on the system, ensure that the file name is not modified during runtime.

    For example: 

    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmak4Wu23RZ6XmN94bOsqecZxuTa4RRhhQmHmTZjMB7HM57/90u/B/gB/GhsPEu1nAXL0npY56tT/MPQ8vRm2C2W9A7CzN5+z5yyL3W01YZy3kzslk77CjULjfhrcfQSL3b2sPG5jv5E5/nyC/swSytucwT/PE7aXTS9H6cHIKUdYPzIt94SHoBxWRIK7PJi9d+eLB+hmDzvbVa1ezu5a8yu2kcHi6NxxfI5iRj2rsceDTp0imC1jMoC6ZDfBvZSxL9FXTMwFdNnmTlJveBtv9nAbnAvIWlilS0VOkdj1s3GxBxeZYAcKbcsK9sJzusptk5dxGsG2Z8vInaglN6OaOQ7b7tcomzCYYwviGQ9gRX8sGsVrw39gsDIGYP2tA4bRr7ecHnlNg1b0HCchA5+QCDk4Hbz1UrnHmPA2Lg9c3WGm2qedvQdVJXuS3mlwYOqL40aXPs6890PvFJUlpiVSznF50djPnwsMxJZEf1HdTXgZD1Bh54ogZf7czyUNfkNkE69yJDbTHjpQd0cKUQnu9tVxqmBzhX31yF4VcsMeADcf2Z8wlA3n4LZnC/GwonYlq5+G93zJpFOkPhme8c2XuPuCXF795lsxyJ8SB/AlwPJAhEtm0y0s0l1l4eWqxsDxkBOgN+ivU0czrVMssHJEJb4o0FLf7iHhOW56/iMdD9w== userName

  • .{keyId}.pub.meta: This file contains the key metadata in JSON format. A new metadata file is dynamically generated if a key has no metadata.

    For example: 

    {
  "name":"Key",
  "creationDate":"Oct 10, 2018 10:10:50 PM",
  "lastTimeUsed":"Oct 11, 2018 12:11:23 PM"
}

11.2. Custom SSH keystore

You can extend and customize the default SSH keystore according to your requirements. Use the appformer.ssh.keystore system property to specify the Java class name of the SSH service to use. If this property is not defined or it contains an incorrect value then the default SSH keystore is loaded.

Note

To create a custom implementation of the SSH keystore, your java class must implement the org.uberfire.ssh.service.backend.keystore.SSHKeyStore class defined in the uberfire-ssh-api module.

11.3. Creating an SSH key

Before you can add or register SSH keys to Decision Central, you must generate an SSH key on your system.

Procedure

  1. Open a terminal on your system.

  2. Run the ssh-keygen command to create the SSH key as shown in the following example, where <user_login> is your user name. 

    ssh-keygen -t rsa -b 4096 -C "<user_login>"
    Note

    The SSH key formats supported by Decision Central keystore are ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, and ecdsa-sha2-nistp521.

  3. When prompted, press the Enter key and accept the default key file location as shown in the following example, where <user_login> is your user name. 

    Enter a file in which to save the key (/home/<user_login>/.ssh/id_rsa): [Press enter]

  4. At the command prompt, enter and confirm the passphrase. 

    Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again]

  5. Start the ssh-agent. 

    eval "$(ssh-agent -s)"
Agent pid <any-number-here>

  6. Add the new SSH private key to the ssh-agent. If you have used a different key name, replace id_rsa in code. 

    ssh-add ~/.ssh/id_rsa

11.4. Registering your SSH public key with the SSH keystore

You must register your newly created SSH public key with the Decision Central keystore.

Procedure

  1. Open a terminal on your system.

  2. Run the cat command as shown in the following example, where id_rsa is your key name. 

    cat ~/.ssh/id_rsa.pub
  3. Copy the contents of your SSH public key.
  4. Log in to Decision Central.
  5. Select AdminSSH Keys.
  6. From the SSH Keys page, click Add SSH Keys.

  7. In the Add SSH Key window, enter a name in the Name field and copy the contents of the SSH public key to the Keys field.

    Note

    The Name and the Key fields are mandatory.

  8. Click Add SSH Key to register the key.

11.5. Deleting an SSH key

You can delete an SSH key from Decision Central by from the SSH Keys page.

Procedure

  1. Log in to Decision Central.
  2. Select AdminSSH Keys.
  3. All of the SSH keys are listed on the SSH Keys page.
  4. To delete an SSH key, click the delete icon (trash can).
  5. Click the Delete SSH Key to confirm the deletion.

Chapter 12. LDAP connection

Decision Central provides a dedicated UserGroupCallback implementation for LDAP servers with Red Hat Decision Manager to enable the user task service to retrieve information on users, groups, and roles directly from an LDAP service.

You can configure the following LDAP UserGroupCallback implementation properties:

Table 12.1. LDAP UserGroupCallback properties

PropertyDescription

ldap.bind.user

User name for connecting to the LDAP server (optional if the LDAP server accepts anonymous access).

ldap.bind.pwd

Password for connecting to the LDAP server (optional if the LDAP server accepts anonymous access).

ldap.user.ctx

Context in LDAP with user information (mandatory).

ldap.role.ctx

Context in LDAP with group and role information (mandatory).

ldap.user.roles.ctx

Context in LDAP with user group and role membership information (optional if not specified and ldap.role.ctx property is used instead).

ldap.user.filter

Filter for searching user information; usually contains substitution keys {0}, which are replaced with parameters (mandatory).

ldap.role.filter

Filter for searching group and role information, usually contains substitution keys {0}, which are replaced with parameters (mandatory).

ldap.user.roles.filter

Filter for searching user group and role membership information, usually contains substitution keys {0}, which are replaced with parameters (mandatory).

ldap.user.attr.id

Attribute name of the user ID in LDAP (optional; if not specified, uid property is used instead).

ldap.roles.attr.id

Attribute name of the group and role ID in LDAP (optional; if not specified, cn property is used instead).

ldap.user.id.dn

User ID in a DN, instructs the callback to query for user DN before searching for roles (optional; is false by default).

java.naming.factory.initial

Initial context factory class name; is com.sun.jndi.ldap.LdapCtxFactory by default.

java.naming.security.authentication

Authentication type (possible values are none, simple, and strong; is simple by default).

java.naming.security.protocol

Security protocol to be used, for example, ssl.

java.naming.provider.url

LDAP url (by default ldap://localhost:389; if the protocol is set to ssl then ldap://localhost:636)

12.1. LDAP UserGroupCallback implementation

You can use the LDAP UserGroupCallback implementation by configuring the respective LDAP properties in one of the following ways:

  • Programatically: Build a properties object with the respective LDAPUserGroupCallbackImpl properties and create LDAPUserGroupCallbackImpl with the properties object as its parameter. 

    import org.kie.api.PropertiesConfiguration;
import org.kie.api.task.UserGroupCallback;
...
Properties properties = new Properties();
properties.setProperty(LDAPUserGroupCallbackImpl.USER_CTX, "ou=People,dc=my-domain,dc=com");
properties.setProperty(LDAPUserGroupCallbackImpl.ROLE_CTX, "ou=Roles,dc=my-domain,dc=com");
properties.setProperty(LDAPUserGroupCallbackImpl.USER_ROLES_CTX, "ou=Roles,dc=my-domain,dc=com");
properties.setProperty(LDAPUserGroupCallbackImpl.USER_FILTER, "(uid={0})");
properties.setProperty(LDAPUserGroupCallbackImpl.ROLE_FILTER, "(cn={0})");
properties.setProperty(LDAPUserGroupCallbackImpl.USER_ROLES_FILTER, "(member={0})");

UserGroupCallback ldapUserGroupCallback = new LDAPUserGroupCallbackImpl(properties);

UserGroupCallbackManager.getInstance().setCallback(ldapUserGroupCallback);

  • Declaratively: Create the jbpm.usergroup.callback.properties file in the root of your application or specify the file location as a system property: -Djbpm.usergroup.callback.properties=FILE_LOCATION_ON_CLASSPATH

    Ensure that you register the LDAP callback when starting the user task server. 

    #ldap.bind.user=
#ldap.bind.pwd=
ldap.user.ctx=ou\=People,dc\=my-domain,dc\=com
ldap.role.ctx=ou\=Roles,dc\=my-domain,dc\=com
ldap.user.roles.ctx=ou\=Roles,dc\=my-domain,dc\=com
ldap.user.filter=(uid\={0})
ldap.role.filter=(cn\={0})
ldap.user.roles.filter=(member\={0})
#ldap.user.attr.id=
#ldap.roles.attr.id=
Additional resources

Chapter 13. Database connection

Decision Central provides a dedicated UserGroupCallback implementation for database server with Red Hat Decision Manager to enable the user task service. The user task service helps in retrieving information on users and groups (roles) directly from databases.

You can configure the following database UserGroupCallback implementation properties:

Table 13.1. Database UserGroupCallback properties

PropertyDescription

db.ds.jndi.name

JNDI name of the data source used for connections

db.user.query

Verifies the user existence

db.user.roles.query

Collects the groups for a given user

db.roles.query

Verifies the group existence

13.1. Database UserGroupCallback implementation

In database UserGroupCallback implementation, you must create the required database. You can use this implementation by configuring the respective database properties in one of the following ways:

  • Programmatically: Build a properties object with the respective DBUserGroupCallbackImpl properties and create DBUserGroupCallbackImpl using the same properties object as its parameter.

    For example: 

    import static org.jbpm.services.task.identity.DBUserGroupCallbackImpl.DS_JNDI_NAME;
import static org.jbpm.services.task.identity.DBUserGroupCallbackImpl.PRINCIPAL_QUERY;
import static org.jbpm.services.task.identity.DBUserGroupCallbackImpl.ROLES_QUERY;
import static org.jbpm.services.task.identity.DBUserGroupCallbackImpl.USER_ROLES_QUERY;
...
props = new Properties();
props.setProperty(DS_JNDI_NAME, "jdbc/jbpm-ds");
props.setProperty(PRINCIPAL_QUERY, "select userId from Users where userId = ?");
props.setProperty(ROLES_QUERY, "select groupId from UserGroups where groupId = ?");
props.setProperty(USER_ROLES_QUERY, "select groupId from UserGroups where userId = ?");

callback = new DBUserGroupCallbackImpl(props);

  • Declaratively: Create the jbpm.usergroup.callback.properties file in the root of your application or specify the file location as a system property.

    For example:

    -Djbpm.usergroup.callback.properties=FILE_LOCATION_ON_CLASSPATH

    Ensure that you register the database callback when starting the user task server.

    For example: 

    System.setProperty("jbpm.usergroup.callback.properties", "/jbpm.usergroup.callback.db.properties");
callback = new DBUserGroupCallbackImpl(true);
...
db.ds.jndi.name = jdbc/jbpm-ds
db.user.query = select userId from Users where userId = ?
db.roles.query = select groupId from UserGroups where groupId = ?
db.user.roles.query = select groupId from UserGroups where userId = ?

Additional resources

Chapter 14. Configuring Maven using settings.xml file

Java application development uses the Apache Maven build automation tool to build and manage software projects. Maven uses Project Object Model (POM) configuration XML files to define both, the project properties and the build process.

Maven uses repositories to store Java libraries, plug-ins, and other build artifacts. Repositories can be either local or remote. A local repository is a download of artifacts from a remote repository cached on a local machine. A remote repository is any other repository accessed using common protocols, such as http:// when located on an HTTP server, or file:// when located on a file server. The default repository is the public remote Maven 2 Central Repository. Configuration of Maven is performed by modifying the settings.xml file. You can either configure global Maven settings in the M2_HOME/conf/settings.xml file, or user-level settings in the USER_HOME/.m2/settings.xml file.

Additional resources

Chapter 15. Managing GAV checks

In Decision Central, projects are identified using Maven naming convention or GAV (group Id, artifact, and version) data. GAV values differentiate projects and project versions as well as identify dependencies with particular projects.

By default, Decision Central detects duplicate GAVs. This feature can be disabled by users with the admin role.

Enabling GAV checks and child GAV edition

Procedure

  1. Log in to Decision Central.
  2. Select MenuDesignProjects.
  3. Double-click the project to open it.
  4. In the Project Editor window, click the Settings tab.

  5. Make the following selections from the General Settings tab.

    1. Select Disable GAV conflict check to enable other projects to have the same GAV.
    2. Select Allow child GAV edition to enable child projects to have GAV edition.

  6. Click Save.

    Note

    Click Reset to undo all changes.

  7. Click Save again to confirm the changes.
Note

You can disable the duplicate GAV detection feature by setting the org.guvnor.project.gav.check.disabled system property to true when you start Decision Central. 

$ ~/EAP_HOME/bin/standalone.sh -c standalone-full.xml
-Dorg.guvnor.project.gav.check.disabled=true

Chapter 16. Repository hooks

In Decision Central, you can use scripts, known as hooks, to configure the repository to trigger a specified action every time a particular event happens.

16.1. Configuring git hooks

Decision Central can automatically push changes to a remote repository using Git hooks. After you configure the post-commit hook, Decision Central automatically pushes your changes to the remote repository.

Note

Currently only post-commit hooks are supported. Post-commit hooks are triggered after the commit process finishes.

Prerequisites

  • Red Hat Decision Manager projects exist in an external Git repository.
  • Credentials required for read access to that external Git repository are available.

Procedure

  1. Log in to Decision Central.
  2. Select MenuProjects.
  3. Select or create the space into which you want to import the projects.
  4. Click dots on the right side of the screen and select Import Project.

  5. In the Import Project window, enter the URL (for example, https://github.com/USERNAME/REPOSITORY_NAME.git) and credentials for the Git repository that contains the project that you want to import and click Import.

    The project is added to the Decision Central Git repository and is available in the created or default space.

    Important

    Use the HTTPS or Git protocol instead of a SCP-style SSH URL. Decision Central does not support the basic SSH URL and an error appears if you use this URL.

  6. In a terminal window, change to the created repository. 

    cd JBOSS_HOME/bin/.niogit/REPOSITORY_NAME.git

  7. Create the post-commit file in the JBOSS_HOME/bin/.niogit/REPOSITORY_NAME.git/hooks directory, set the permissions to rwxr—​r-- and add the following content: 

    #!/bin/sh
git push origin master

  8. Make sure that the configuration was successful by creating a new guided rule in Decision Central:

    1. Select MenuProjectsAdd AssetGuided Rule.
    2. Fill in the required information in the displayed Create new Guided Rule window.

    3. Click Ok.

      Decision Central automatically pushes all changes to the remote repository.

You can also specify the org.uberfire.nio.git.hooks system property. Specify a directory with default hook files as the value for this property. This directory will be copied to the newly created Git repositories. See the following example of a standalone.xml file with this setting below: 

<system-properties>
  <property name="org.uberfire.nio.git.hooks" value="/opt/jboss-as/git-hooks">
  </property>
  ...
</system-properties>
Additional resources

16.2. Git hook exit codes

When a git hook exits an integer value is returned which determines the status of the git hook execution. This integer value is known as a git hook exit code. The execution status can be a success, warning or failure.

16.2.1. Types of exit codes

Decision Central has the following three types of exit codes:

Successful notification

0: Success. A git hook that exits with code 0 displays a success notification in the user interface.

Warning notification

1..30: Warning. A git hook that exits with a code between 1 and 30 (inclusive) will display a warning notification in user interface.

Error notification

Anything else: Error. Any other code number will be displayed as an error notification.

Important

UNIX systems only support error codes between 0 (success) and 255 (error). Any exit code outside of this range is converted to a different code which might result in displaying a wrong notification message. Windows systems don’t have this limitation and can support a wide range of exit codes.

16.3. Customizing git hook notifications

Decision Central provides a mechanism that enables users to receive feedback about git hook executions using customized messages based on a hook’s exit code.

Procedure

  1. To enable notifications, in the standalone.xml file set the appformer.git.hooks.bundle system property to point to a *.properties file containing the custom messages for each exit code.

    For example: 

    <system-properties>
  <property name="appformer.git.hooks.bundle" value="/opt/jboss-as/git-hooks-messages/Messages.properties">
  </property>
  ...
</system-properties>

  2. To display the messages, each line of the *.properties must have the following format:

    <exit_code>=<display_message>

    where, <exit_code> is the git hook exit code and <display_message> is the custom message that is displayed to a user.

    Exit code messages with this format appear similar to the following example: 

    0=Success
1=Display Message 1
.
.
31=Display Message 31
Note

Its not necessary to define all the possible exit codes in the *.properties file. Notifications appear only for the exit codes defined in the *.properties file.

16.3.1. Internationalize git hook notifications

You can internationalize the notification messages by placing different *.properties files in the directory specified for the appformer.git.hooks.bundle system property. The names of the localized files have the format <filename>_<lang>.properties. These files must contain the same entries as in the original file.

For example, you have specified the system property to point to Messages.properties. Now you can create localized message properties files like Messages_en.properties for English, Messages_fr.properties for French, Messages_it.properties for Italian, and so on. The notification service will choose the one based on the user language and if there are no available translations for a language then it will use the default ones specified in the Messages.properties file.

Important

The notification service only supports the ISO 8859-1 (LATIN 1) character set in the *.properties file. If you want to use extended characters, please escape them using their Unicode code.

Chapter 17. Viewing process instance logs

You can view all the process events of an instance from its Logs tab. The instance logs list all the current and previous process states. Decision Central has two types of logs for process instances, Business and Technical logs.

Procedure

  1. Log in to Decision Central.
  2. Select MenuManageProcess Instances.
  3. On the Manage Process Instances page, click the process instance whose log you want to view.

  4. Select the Logs tab:

    • Click Business to view the business events log.
    • Click Technical to view the technical events log.
    • Click Asc or Desc to change the order of the log files.

Appendix A. Versioning information

Documentation last updated on Wednesday, April 28, 2021.

Legal Notice

Copyright © 2021 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.