How to extend Bonita in order to use external XACML policy

I would like to extend functionality of Bonita in order to allow users access to some resources by using external XACML policy point ?
How can I do that and where is the place to put the filter to to intercept all REST calls and enforce authorization ?
I read that one possibilities is ti use groovy script. Is that the best options, or only option ?