...
Currently both ports are required.
SSL Communication Channel
A second connector for the Jetty web server can be used With a second connector it is possible to define a communication channel via https HTTPS (SSL):
| Code Block | ||||
|---|---|---|---|---|
| ||||
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="keyStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set>
<Set name="keyStorePassword">jobscheduler</Set>
<Set name="keyManagerPassword">jobscheduler</Set>
<Set name="trustStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set>
<Set name="trustStorePassword">jobscheduler</Set>
</New>
</Arg>
<Set name="port">48444</Set>
<Set name="maxIdleTime">30000</Set>
</New>
</Arg>
</Call>
|
...
It is possible to configure simple user authentication in the plugin configuration of the scheduler.xml, e.g.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<plugins>
<plugin java_class="com.sos.scheduler.engine.plugins.jetty.JettyPlugin">
<plugin.config>
<loginService>
<logins>
<login name="testName" password="testPassword" roles="SecurityLevel.all"/>
</logins>
</loginService>
</plugin.config>
</plugin>
</plugins>
|
...
It is important to store the given handlers in the local variable oldhandler to set them as the handler for the IPAccessHandler (see Jetty handler concept for more details).
You can define a whitelist (as in the above example above) or a blacklist. The IPAccessHandler does not allow to use alias names to point to specific IPs.
...