...
Please note that it is required to specify an empty plugin.config element.
Simple user authentication
It is possible to configure simple user authentication in the plugin configuration, e.g.
Configure jetty.xml
To operate JobScheduler with Jetty it is also required to create two configuration files for the Jetty web server (./config/jetty.xml and ./config/web.xml). The minimum configuration defines a connector for the port for http communication with JobScheduler:
Code Block | ||||
---|---|---|---|---|
| ||||
<Configure class="org.eclipse.jetty.server.Server | ||||
Code Block | ||||
| ||||
<plugins> <plugin java_class="com.sos.scheduler.engine.plugins.jetty.JettyPlugin"> <plugin.config><Call name="addConnector"> <loginService><Arg> <logins><New class="org.eclipse.jetty.server.nio.SelectChannelConnector"> <login<Set name="testName" password="testPassword" roles="SecurityLevel.all"/> port">40444</Set> </logins>New> </loginService>Arg> </plugin.config>Call> </plugin> </plugins> |
SecurityLevel.info
and SecurityLevel.all
are predefined roles for JobScheduler.
SecurityLevel.info
allows exclusively permissions to watch jobs but not to start jobs, while SecurityLevel.all
provides the permission to start jobs.
Configure>
|
It is important to know that this port (here 40444) is a substitute for the port attribute in the config element of scheduler.xml.
Currently both ports are required.
With a second connector it is possible to define a communication channel via https (SSL)Add a security constraint to the file web.xml like this:
Code Block | ||||
---|---|---|---|---|
| ||||
<security-constraint><Call name="addConnector"> <web-resource-collection><Arg> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <url-pattern>/*</url-pattern> <Arg> </web-resource-collection><New class="org.eclipse.jetty.util.ssl.SslContextFactory"> <auth-constraint> <Set name="keyStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set> <role-name>SecurityLevel.info</role-name><Set name="keyStorePassword">jobscheduler</Set> <role-name>SecurityLevel.all</role-name><Set name="keyManagerPassword">jobscheduler</Set> </auth-constraint> </security-constraint> |
Configure jetty.xml
To operate JobScheduler with Jetty it is also required to create two configuration files for the Jetty web server (./config/jetty.xml and ./config/web.xml). The minimum configuration defines a connector for the port for http communication with JobScheduler:
Code Block | ||||
---|---|---|---|---|
| ||||
<Configure class="org.eclipse.jetty.server.Server"> <Call name="addConnector"> <Set name="trustStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set> <Set name="trustStorePassword">jobscheduler</Set> <Arg> </New> <New class="org.eclipse.jetty.server.nio.SelectChannelConnector"> </Arg> <Set name="port">40444<>48444</Set> </New> <Set name="maxIdleTime">30000</Set> </Arg>New> </Call>Arg> </Configure> |
It is important to know that this port (here 40444) is a substitute for the port attribute in the config element of scheduler.xml.
Currently both ports are required.
With a second connector it is possible to define a communication channel via https (SSL):
Call>
|
The SSL connection expects the jetty keystore file jetty.jks in the subfolder $SCHEDULER_DATA/ssl. With the above configuration you can connect to JobScheduler via https at port 48444.
keystore
To generate a keystore file use keytool:
Code Block | ||
---|---|---|
| ||
keytool -genkey -alias jetty -keyalg RSA -keysize 1024 -dname "CN=[hostname], OU=JobScheduler, O=SOS GmbH, L=Berlin C=DE" -keystore my_jetty.jks -storepass jobscheduler -keypass jobscheduler -validity 1826
|
where hostname should be the JobScheduler host. Use own values for OU, O and L.
Configure web.xml
To run JobScheduler with Jetty it is required to create two configuration files for the Jetty web server (jetty.xml and web.xml). The files have to bestored in the $SCHEDULER_DATA/config folder.
You have to configure the JOC servlet with the JobScheduler installation path. Note that you have to use the file protocol.
For Example:
No Format file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/[scheduler_id] on Windows
No Format file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/[scheduler_id] on Linux
Code Block | ||||
---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||||
Code Block | ||||
| ||||
<Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <Arg> <New class="org.eclipse.jetty.util.ssl.SslContextFactory"> <Set name="keyStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set> <Set name="keyStorePassword">jobscheduler</Set> <Set name="keyManagerPassword">jobscheduler</Set> <Set name="trustStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set> <Set namexsi:schemaLocation="trustStorePassword">jobscheduler</Set> </New> </Arg> http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" <Set name="port">48444</Set>xmlns="http://java.sun.com/xml/ns/j2ee" <Set name version="maxIdleTime">30000</Set> </New> </Arg> </Call> |
The SSL connection expects the jetty keystore file jetty.jks in the subfolder $SCHEDULER_DATA/ssl. With the above configuration you can connect to JobScheduler via https at port 48444.
keystore
To generate a keystore file use keytool:
Code Block | ||
---|---|---|
| ||
keytool -genkey -alias jetty -keyalg RSA -keysize 1024 -dname "CN=[hostname], OU=JobScheduler, O=SOS GmbH, L=Berlin C=DE" -keystore my_jetty.jks -storepass jobscheduler -keypass jobscheduler -validity 1826
|
where hostname should be the JobScheduler host. Use own values for OU, O and L.
Configure web.xml
To run JobScheduler with Jetty it is required to create two configuration files for the Jetty web server (jetty.xml and web.xml). The files have to bestored in the $SCHEDULER_DATA/config folder.
You have to configure the JOC servlet with the JobScheduler installation path. Note that you have to use the file protocol.
For Example:
No Format file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/[scheduler_id] on Windows
No Format file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/[scheduler_id] on Linux
Code Block | ||||
---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 2.4"> <display-name>JobScheduler test configuration (web.xml)</display-name> <servlet> <servlet-name>Default</servlet-name> <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class> <init-param> <param-name>dirAllowed</param-name> <param-value>false</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>Default</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <servlet> <servlet-name>JOC</servlet-name> xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class> <init-param> xmlns="http://java.sun.com/xml/ns/j2ee" <param-name>resourceBase</param-name> version="2.4"> <display-name>JobScheduler test configuration (web.xml)</display-name><param-value>file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/scheduler</param-value> <servlet> </init-param> </servlet> <servlet-name>Default</servlet-name>mapping> <servlet-class>org.eclipse.jetty.servlet.DefaultServlet<name>JOC</servlet-class>name> <init-param><url-pattern>/operations_gui/*</url-pattern> <param-name>dirAllowed</param-name> <param-value>false</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>Default</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <servlet> </servlet-mapping> </web-app> |
Send commands via HTTP (POST|GET)
If you use Jetty and you want to send a command (e.g. <show_state/>
) to the JobScheduler then you have to use the URL:
Code Block | ||
---|---|---|
| ||
http://localhost:40444/jobscheduler/engine-cpp/
|
or respectively.
Code Block | ||
---|---|---|
| ||
https://localhost:48444/jobscheduler/engine-cpp/
|
Example for HTTP GET
Code Block | ||
---|---|---|
| ||
http://localhost:40444/jobscheduler/engine-cpp/<show_state/>
|
Note
- The commands that can be sent via HTTP GET have been restricted from JobScheduler version 1.7 onwards.
- See Release Information for further information.
Jetty configuration examples. User authentication
Simple user authentication
It is possible to configure simple user authentication in the plugin configuration, e.g.
Code Block | ||||
---|---|---|---|---|
| ||||
<plugins> <plugin java_class="com.sos.scheduler.engine.plugins.jetty.JettyPlugin"> <plugin.config> <loginService> <servlet-name>JOC</servlet-name> <logins> <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class> <login name="testName" <init-param>password="testPassword" roles="SecurityLevel.all"/> </logins> <param-name>resourceBase</param-name> </loginService> </plugin.config> </plugin> </plugins> |
SecurityLevel.info
and SecurityLevel.all
are predefined roles for JobScheduler.
SecurityLevel.info
allows exclusively permissions to watch jobs but not to start jobs, while SecurityLevel.all
provides the permission to start jobs.
Add a security constraint to the file web.xml like this:
Code Block | ||||
---|---|---|---|---|
| ||||
<security-constraint><param-value>file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/scheduler</param-value> </init-param> </servlet> <servlet-mapping> <servlet<web-name>JOC</servletresource-name>collection> <url-pattern>/operations_gui/*</url-pattern> </servletweb-resource-mapping>collection> </web-app> |
Send commands via HTTP (POST|GET)
If you use Jetty and you want to send a command (e.g. <show_state/>
) to the JobScheduler then you have to use the URL:
Code Block | ||
---|---|---|
| ||
http://localhost:40444/jobscheduler/engine-cpp/
|
or respectively.
Code Block | ||
---|---|---|
| ||
https://localhost:48444/jobscheduler/engine-cpp/
|
Example for HTTP GET
Code Block | ||
---|---|---|
| ||
http://localhost:40444/jobscheduler/engine-cpp/<show_state/>
|
Note
- The commands that can be sent via HTTP GET have been restricted from JobScheduler version 1.7 onwards.
- See Release Information for further information.
...
<auth-constraint>
<role-name>SecurityLevel.info</role-name>
<role-name>SecurityLevel.all</role-name>
</auth-constraint>
</security-constraint> |
User authentication with a properties file
...