...
Currently both ports are required.
SSL Communication Channel
A second connector for the Jetty web server can be used With a second connector it is possible to define a communication channel via https HTTPS (SSL):
Code Block | ||||
---|---|---|---|---|
| ||||
<Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <Arg> <New class="org.eclipse.jetty.util.ssl.SslContextFactory"> <Set name="keyStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set> <Set name="keyStorePassword">jobscheduler</Set> <Set name="keyManagerPassword">jobscheduler</Set> <Set name="trustStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set> <Set name="trustStorePassword">jobscheduler</Set> </New> </Arg> <Set name="port">48444</Set> <Set name="maxIdleTime">30000</Set> </New> </Arg> </Call> |
...
It is possible to configure simple user authentication in the plugin configuration of the scheduler.xml, e.g.
Code Block | ||||
---|---|---|---|---|
| ||||
<plugins> <plugin java_class="com.sos.scheduler.engine.plugins.jetty.JettyPlugin"> <plugin.config> <loginService> <logins> <login name="testName" password="testPassword" roles="SecurityLevel.all"/> </logins> </loginService> </plugin.config> </plugin> </plugins> |
...
It is important to store the given handlers in the local variable oldhandler to set them as the handler for the IPAccessHandler (see Jetty handler concept for more details).
You can define a whitelist (as in the above example above) or a blacklist. The IPAccessHandler does not allow to use alias names to point to specific IPs.
...