Friday, April 11, 2014

Deploying kie-drools-wb on Tomcat

There have been a few emails recently to the Drools User mailing list stating problems deploying KIE Drools Workbench to Tomcat. We had a run of them shortly after the initial release of 6.0.1 too.

Suspecting there might be an issue I thought there be no better way to spend a Friday afternoon than to take a look and give it a try. In short I was able to deploy both 6.0.1 and 6.1.0-SNAPSHOT to Tomcat 7 with little problem.

Most of what I type below is already included in the Tomcat WAR's README.txt. This is tucked away inside the WAR and hence not blatantly obvious to some.

6.0.1

Starting with a clean install of Tomcat 7.

1. Copy "kie-tomcat-integration" JAR into TOMCAT_HOME/lib (org.kie:kie-tomcat-integration)
2. Copy "JACC" JAR into TOMCAT_HOME/lib (javax.security.jacc:artifactId=javax.security.jacc-api in JBoss Maven Repository)
3. Copy "slf4j-api" JAR into TOMCAT_HOME/lib (org.slf4j:artifactId=slf4j-api in JBoss Maven Repository)
4. Add valve configuration into TOMCAT_HOME/conf/server.xml inside <Host> element as last valve definition:

   <Valve className="org.kie.integration.tomcat.JACCValve" />

5. Edit TOMCAT_HOME/conf/tomcat-users.xml to include roles and users, make sure there will be 'analyst' or 'admin' roles defined as it's required to be authorized to use kie-drools-wb
6. Delete org.uberfire.security.auth.AuthenticationSource inside WEB-INF/classes/META-INF/services
7. Rename org.uberfire.security.auth.AuthenticationSource-TOMCAT-JEE-SECURITY to org.uberfire.security.auth.AuthenticationSource inside WEB-INF/classes/META-INF/services
8. Increase Java's PermGen space by adding file TOMCAT_HOME/bin/setenv.sh containing export JAVA_OPTS="-Xmx1024m -XX:MaxPermSize=256m"
9. Start Tomcat with TOMCAT_HOME/bin/startup.sh
10. Go to Management Console, http://localhost:8080/management
11. Deploy modified WAR

If you do not complete these steps the WAR works "out of the box" but you'll need to define Users in WEB-INF/classes/users.properties

6.1.0-SNAPSHOT

Starting with a clean install of Tomcat 7.

1. Copy "kie-tomcat-integration" JAR into TOMCAT_HOME/lib (org.kie:kie-tomcat-integration)
2. Copy "JACC" JAR into TOMCAT_HOME/lib (javax.security.jacc:artifactId=javax.security.jacc-api in JBoss Maven Repository)
3. Copy "slf4j-api" JAR into TOMCAT_HOME/lib (org.slf4j:artifactId=slf4j-api in JBoss Maven Repository)
4. Add valve configuration into TOMCAT_HOME/conf/server.xml inside Host element as last valve definition:

   <Valve className="org.kie.integration.tomcat.JACCValve" />

5. Edit TOMCAT_HOME/conf/tomcat-users.xml to include roles and users, make sure there will be 'analyst' or 'admin' roles defined as it's required to be authorized to use kie-drools-wb
6. Start Tomcat with TOMCAT_HOME/bin/startup.sh
7. Go to Management Console, http://localhost:8080/management
8. Deploy modified WAR

The differences between 6.0.1 and 6.1.0 are caused by where we've cleared up some of the code committed to the release branch in between releases.

8 comments:

  1. Did exactly as you describe above and it does still not work! Please try yourself on a CLEAN machine.

    ReplyDelete
  2. Thanks for the step about copying slf4j-api in tomcat lib. readme file didn't have that step.

    ReplyDelete
  3. Actually you forgot to say that the web.xml file in the WAR 6.0.1.Final is not the good one. (Step 5 in the Readme file). You have to copy the commented lines TOMCAT-JEE-SECURITY from that file and uncomment them.

    ReplyDelete
  4. Just a small hint: Startup will fail if the server has no connection to the internet because it will fail to download the example repositories.

    ReplyDelete
    Replies
    1. Well that might explain why I cannot get it to work. I'm working in a bank...
      Dear JBOSS please remove "secret" downloading and git check outs.

      Delete
  5. In order to disable samples, you can add this option to your CATALINA_OPTS system variable : -Dorg.kie.demo=false

    ReplyDelete
  6. As a newbie to Drools behind a firewall I shouldn't have to set system properties on Tomcat just to get it to start! Lower the barriers to entry please...

    ReplyDelete
  7. Can't agree more. The barrier to entry is too high. I don't want deploy it to just one sandbox and play with it, but evaluate it for a business use BEHIND a firewall :-(

    ReplyDelete