JobScheduler currently comes with a proprietary built-in web server. However, it is possible to configure JobScheduler to work with Jetty by using the JobScheduler plugin feature. This document describes what you have to do to run JobScheduler with an underlying Jetty web server.


  • Since release the JobScheduler installer contains a plugin for Jetty. Note that this plugin is still under development and is provided "as is".
  • The installer


  • generates some symlinks to simulate virtual directories for JOC (JobScheduler Operations Center). The symlink generation is not supported for Windows systems dated before Windows




    • have to configure ./config/scheduler.xml


    • as described below.


    • The installer contains a keystore file for testing https. This keystore is not trusted and


    • does not provide the correct hostname, but can still be used for testing.

Please make sure you have created your own keystore file jetty.jks.

After the installation you can open JOC with Jetty via:

No Format


No Format




You can change modify these ports in the ./config/jetty.xml.

If you operate multiple JobScheduler installations for the same host then you have to modify the ports of Jetty accordingly to prevent ports from being used twice.

Configure factory.ini (Put the necessary libraries in the classpath)

To run JobScheduler with Jetty instead of the built-in web-server you have to use the Jetty plugin. It is a part of the library com.sos.scheduler.engine.plugins.jetty-xxx.jar. Besides the com.sos.scheduler.engine.plugins.jetty-xxx.jar it is necessary to add any dependent libraries for the Jetty plugin to the classpath of the JobScheduler. The installer adds them to the ./lib/jetty_ext folder and adds them to the classpath in the ./config/factory.ini file.


Code Block
titleExample for Unix

 class_path = $\{SCHEDULER_HOME\}/lib/*.jar:$\{SCHEDULER_HOME\}/lib/hibernate/*.jar:<span style="color:red">$\${SCHEDULER_HOME\}/lib/jetty_ext/*.jar</span>jar
Code Block
titleExample for Windows



 class_path = $\{SCHEDULER_HOME\}/lib/*.jar;$\{SCHEDULER_HOME\}/lib/hibernate/*.jar;<span style="color:red">$\${SCHEDULER_HOME\}/lib/jetty_ext/*.jar</span>jar





Configure scheduler.xml

To use the Jetty plugin you have to configure it in this with the file scheduler.xml:

Code Block

  <config ...>
    <security ignore_unknown_hosts="yes">
      <allowed_host host="localhost" level="all"/>
      <allowed_host host="192.11.0" level="all"/>
    <span style="color:red"><plugins><plugins>
      <plugin java_class="com.sos.scheduler.engine.plugins.jetty.JettyPlugin">
        <plugin.config />

Please note that it is necessary required to specify an empty plugin.config element.

Simple user authentication

It is possible to configure a simple user authentication in the plugin configuration, e.g.


Configure jetty.xml

To operate JobScheduler with Jetty it is also required to create two configuration files for the Jetty web server (./config/jetty.xml and ./config/web.xml). The minimum configuration defines a connector for the port for http communication with JobScheduler:

Code Block
 <Configure class="org.eclipse.jetty.server.Server
Code Block

   <plugin java_class="com.sos.scheduler.engine.plugins.jetty.JettyPlugin">
     <plugin.config><Call name="addConnector">
         <logins><New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
           <login<Set name="testName" password="testPassword" roles="administrator"/>


SSL Communication Channel


A second connector for the Jetty web server can be used to define a communication channel via HTTPS (SSL):

Code Block
 <Call name="addConnector">
Code Block

 <Configure class="org.eclipse.jetty.server.ssl.ServerSslSelectChannelConnector">
   <Call name="addConnector">
        <New class="org.eclipse.jetty.serverutil.niossl.SelectChannelConnectorSslContextFactory">
          <Set name="port">44440</Set>
keyStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set>
          <Set name="keyStorePassword">jobscheduler</Set>
<Set name="keyManagerPassword">jobscheduler</Set>

It is important to know that this port (here 44440) is a substitute for the port attribute in the config element of scheduler.xml.

At the moment both ports are required.

The SSL connection expects the jetty keystore file jetty.jks in the subfolder ssl (under the JobScheduler data folder). With the configuration above you can connect JobScheduler via https at port 8443.

To generate a keystore file use keytool:

Code Block

 keytool -genkey -alias jetty -keyalg RSA -keysize 1024 -dname "CN=[hostname], OU=JobScheduler, O=SOS GmbH, L=Berlin C=DE" -keystore my_jetty.jks -storepass jobscheduler -keypass jobscheduler -validity 1826

whereas hostname should be the JobScheduler host.
Configure web.xml

The SSL connection expects the jetty keystore file jetty.jks in the subfolder $SCHEDULER_DATA/ssl. With the above configuration you can connect to JobScheduler via https at port 48444.


To generate a keystore file use keytool:

Code Block
keytool -genkey -alias jetty -keyalg RSA -keysize 1024 -dname "CN=[hostname], OU=JobScheduler, O=SOS GmbH, L=Berlin C=DE" -keystore my_jetty.jks -storepass jobscheduler -keypass jobscheduler -validity 1826

where hostname should be the JobScheduler host. Use own values for OU, O and L.

Send commands via HTTP (POST|GET)

If you use jetty Jetty and you want to send a command (e.g. <show_state/>) to the JobScheduler then you must have to use the URL:

Code Block

or resprespectively.

Code Block

Example for HTTP GET

Code Block

Jetty configuration examples

user authentication with a properties file

Beside the Simple user authentication provided by the jetty plugin you can use a more complex authentification method described by the jetty configuration. The example below shows the use of the HashLoginService, a mechanism whose authentication and authorization information is stored in a properties file.

First make sure, that your plugin declaration in scheduler.xml does not contain any authentification information:


  • The commands that can be sent via HTTP GET have been restricted from JobScheduler version 1.7 onwards.
  • See Release Information for further information.

Simple user authentication

It is possible to configure simple user authentication in the plugin configuration of the scheduler.xml, e.g.

Code Block
     <plugin java_class="com.sos.scheduler.engine.plugins.jetty.JettyPlugin">
      <plugin.config /><loginService>
           <login name="testName" password="testPassword" roles="SecurityLevel.all"/>
 </plugins> and SecurityLevel.all are predefined roles for JobScheduler. allows exclusively permissions to watch jobs but not to start jobs, while SecurityLevel.all provides the permission to start jobs.

Add a security constraint to the file web.xml like this:

Code Block

User authentication with a properties file

Beside the Simple user authentication provided by the Jetty plugin you can use a more complex authentification method described by the Jetty configuration. The example below shows the use of the HashLoginService, a mechanism whose authentication and authorization information is stored in a properties file.

First make sure, that your plugin declaration in scheduler.xml does not contain any authentification information:

Code Block
     <plugin java_class="com.sos.scheduler.engine.plugins.jetty.JettyPlugin">
       <plugin.config />

In the second step you should define the HashLoginService in your jetty Jetty configuration (jetty.xml) as a user realm. That means that you have to configure at least the location of the properties file containing the user information (userid, password, roles) and give assign them a name (here myRealm).).

Code Block
    <Call name="addBean">
            <New class="">
                <Set name="name">myRealm</Set>
                <Set name="config"><SystemProperty name="jetty.home" default="." />/config/</Set>.home" default="." />/config/</Set>
                <Set name="refreshInterval">0</Set>

The properties file config/ contains one or more user definitions, e.g.

Code Block
   infouser:   <Set name="refreshInterval">0</Set>test,
   alluser:         </New>

The properties file config/ contains one or more user definitions, e.g.

Code Block

   testuser: test, admin
test, SecurityLevel.all

Please note: In you can specify the password like

Code Block
  alluser: MD5:098f6bcd4621d373cade4e832627b4f6, SecurityLevel.all


You can execute the password utility mentioned there. You will find the jetty-utilxxxx.jar in $SCHEDULER_HOME/lib/jetty_ext.

Finally you have to configure a security constraint and assign your user realm myRealm to a login configuration. To do this you have to change update your web.xml:

Code Block

    </login-config> and SecurityLevel.all are predefined roles for JobScheduler. grants exclusively permissions to watch jobs but not to start jobs, while SecurityLevel.all grants permissions to start jobs.

IP authorization

To restrict the access for specific hosts you have to define an IPAccessHandler in your jetty.xml:

Code Block

    <Get id="oldhandler" name="handler" />
    <Set name="handler">
        <New class="org.eclipse.jetty.server.handler.IPAccessHandler">
            <Set name="handler"><Ref id="oldhandler"/></Set>
            <Set name="white">     
                <Array type="java.lang.String">


It is important to store the given handlers in the local variable oldhandler to set them as the handler for the IPAccessHandler (see Jetty handler concept for more details).
You can define a whitelist (as in the above example above) or a blacklist. The IPAccessHandler does not allow to use alias names to point to specific IPs.