Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 47

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 48

changes.mady.by.user Uwe Risse

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Please note that it is required to specify an empty plugin.config element.

Simple user authentication

It is possible to configure simple user authentication in the plugin configuration, e.g.

 

Configure jetty.xml

To operate JobScheduler with Jetty it is also required to create two configuration files for the Jetty web server (./config/jetty.xml and ./config/web.xml). The minimum configuration defines a connector for the port for http communication with JobScheduler:

Code Block
languagexml
collapsetrue
 <Configure class="org.eclipse.jetty.server.Server
Code Block
languagexml
collapsetrue
 <plugins>
   <plugin java_class="com.sos.scheduler.engine.plugins.jetty.JettyPlugin">
     <plugin.config><Call name="addConnector">
       <loginService><Arg>
         <logins><New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
           <login<Set name="testName" password="testPassword" roles="SecurityLevel.all"/>
  port">40444</Set>
       </logins>New>
       </loginService>Arg>
     </plugin.config>Call>
   </plugin>
 </plugins>

SecurityLevel.info and SecurityLevel.all are predefined roles for JobScheduler.

SecurityLevel.info allows exclusively permissions to watch jobs but not to start jobs, while SecurityLevel.all provides the permission to start jobs.

Configure>

It is important to know that this port (here 40444) is a substitute for the port attribute in the config element of scheduler.xml.

Currently both ports are required.

With a second connector it is possible to define a communication channel via https (SSL)Add a security constraint to the file web.xml like this:

Code Block
languagexml
collapsetrue
    <security-constraint><Call name="addConnector">
        <web-resource-collection><Arg>
      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
      <url-pattern>/*</url-pattern>
<Arg>
         </web-resource-collection><New class="org.eclipse.jetty.util.ssl.SslContextFactory">
        <auth-constraint>
  <Set   name="keyStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set>
           <role-name>SecurityLevel.info</role-name><Set name="keyStorePassword">jobscheduler</Set>
            <role-name>SecurityLevel.all</role-name><Set name="keyManagerPassword">jobscheduler</Set>
        </auth-constraint>
    </security-constraint>

Configure jetty.xml

To operate JobScheduler with Jetty it is also required to create two configuration files for the Jetty web server (./config/jetty.xml and ./config/web.xml). The minimum configuration defines a connector for the port for http communication with JobScheduler:

Code Block
languagexml
collapsetrue
 <Configure class="org.eclipse.jetty.server.Server">
   <Call name="addConnector">  <Set name="trustStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set>
          <Set name="trustStorePassword">jobscheduler</Set>
     <Arg>
   </New>
     <New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
    </Arg>
      <Set name="port">40444<>48444</Set>
       </New>
 <Set name="maxIdleTime">30000</Set>
    </Arg>New>
   </Call>Arg>
 </Configure>

It is important to know that this port (here 40444) is a substitute for the port attribute in the config element of scheduler.xml.

Currently both ports are required.

With a second connector it is possible to define a communication channel via https (SSL):

Call>

The SSL connection expects the jetty keystore file jetty.jks in the subfolder $SCHEDULER_DATA/ssl. With the above configuration you can connect to JobScheduler via https at port 48444.

keystore

To generate a keystore file use keytool:

Code Block
languagebash
keytool -genkey -alias jetty -keyalg RSA -keysize 1024 -dname "CN=[hostname], OU=JobScheduler, O=SOS GmbH, L=Berlin C=DE" -keystore my_jetty.jks -storepass jobscheduler -keypass jobscheduler -validity 1826

where hostname should be the JobScheduler host. Use own values for OU, O and L.

Configure web.xml

To run JobScheduler with Jetty it is required to create two configuration files for the Jetty web server (jetty.xml and web.xml). The files have to bestored in the $SCHEDULER_DATA/config folder.

You have to configure the JOC servlet with the JobScheduler installation path. Note that you have to use the file protocol.

For Example:

  • No Format
    file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/[scheduler_id] on Windows
  • No Format
    file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/[scheduler_id] on Linux
Code Block
languagexml
collapsetrue
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Code Block
languagexml
collapsetrue
 <Call name="addConnector">
  <Arg>
    <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
      <Arg>
        <New class="org.eclipse.jetty.util.ssl.SslContextFactory">
          <Set name="keyStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set>
          <Set name="keyStorePassword">jobscheduler</Set>
          <Set name="keyManagerPassword">jobscheduler</Set>
          <Set name="trustStore"><SystemProperty name="jetty.home" default="." />/ssl/jetty.jks</Set>
          <Set namexsi:schemaLocation="trustStorePassword">jobscheduler</Set>
        </New>
      </Arg>
http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" 
          <Set name="port">48444</Set>xmlns="http://java.sun.com/xml/ns/j2ee" 
      <Set name   version="maxIdleTime">30000</Set>
    </New>
  </Arg>
 </Call>

The SSL connection expects the jetty keystore file jetty.jks in the subfolder $SCHEDULER_DATA/ssl. With the above configuration you can connect to JobScheduler via https at port 48444.

keystore

To generate a keystore file use keytool:

Code Block
languagebash
keytool -genkey -alias jetty -keyalg RSA -keysize 1024 -dname "CN=[hostname], OU=JobScheduler, O=SOS GmbH, L=Berlin C=DE" -keystore my_jetty.jks -storepass jobscheduler -keypass jobscheduler -validity 1826

where hostname should be the JobScheduler host. Use own values for OU, O and L.

Configure web.xml

To run JobScheduler with Jetty it is required to create two configuration files for the Jetty web server (jetty.xml and web.xml). The files have to bestored in the $SCHEDULER_DATA/config folder.

You have to configure the JOC servlet with the JobScheduler installation path. Note that you have to use the file protocol.

For Example:

  • No Format
    file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/[scheduler_id] on Windows
  • No Format
    file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/[scheduler_id] on Linux
Code Block
languagexml
collapsetrue
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 2.4">
    <display-name>JobScheduler test configuration (web.xml)</display-name>
    <servlet>
        <servlet-name>Default</servlet-name>
        <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
        <init-param>
            <param-name>dirAllowed</param-name>
            <param-value>false</param-value>
        </init-param>
    </servlet>
    <servlet-mapping>
        <servlet-name>Default</servlet-name>
        
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <servlet>
        <servlet-name>JOC</servlet-name>
          xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" 
<servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
        <init-param>
            xmlns="http://java.sun.com/xml/ns/j2ee" 
  <param-name>resourceBase</param-name>
        version="2.4">
    <display-name>JobScheduler test configuration (web.xml)</display-name><param-value>file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/scheduler</param-value>
    <servlet>    </init-param>
    </servlet>
    <servlet-name>Default</servlet-name>mapping>
        <servlet-class>org.eclipse.jetty.servlet.DefaultServlet<name>JOC</servlet-class>name>
        <init-param><url-pattern>/operations_gui/*</url-pattern>
            <param-name>dirAllowed</param-name>
            <param-value>false</param-value>
        </init-param>
    </servlet>
    <servlet-mapping>
        <servlet-name>Default</servlet-name>
        
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <servlet>
 </servlet-mapping>
 </web-app>

Send commands via HTTP (POST|GET)

If you use Jetty and you want to send a command (e.g. <show_state/>) to the JobScheduler then you have to use the URL:

Code Block
languagebash
http://localhost:40444/jobscheduler/engine-cpp/

or respectively.

Code Block
languagebash
https://localhost:48444/jobscheduler/engine-cpp/

Example for HTTP GET

Code Block
languagebash
http://localhost:40444/jobscheduler/engine-cpp/&lt;show_state/&gt;

Note

  • The commands that can be sent via HTTP GET have been restricted from JobScheduler version 1.7 onwards.
  • See Release Information for further information.

Jetty configuration examples. User authentication

Simple user authentication

It is possible to configure simple user authentication in the plugin configuration, e.g.

Code Block
languagexml
collapsetrue
 <plugins>
   <plugin java_class="com.sos.scheduler.engine.plugins.jetty.JettyPlugin">
     <plugin.config>
       <loginService>
       <servlet-name>JOC</servlet-name>
  <logins>
      <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
     <login name="testName"  <init-param>password="testPassword" roles="SecurityLevel.all"/>
         </logins>
   <param-name>resourceBase</param-name>
    </loginService>
     </plugin.config>
   </plugin>
 </plugins>

SecurityLevel.info and SecurityLevel.all are predefined roles for JobScheduler.

SecurityLevel.info allows exclusively permissions to watch jobs but not to start jobs, while SecurityLevel.all provides the permission to start jobs.

Add a security constraint to the file web.xml like this:

Code Block
languagexml
collapsetrue
    <security-constraint><param-value>file:///c:/Program Files (x86)/sos-berlin.com/jobscheduler/scheduler</param-value>
        </init-param>
    </servlet>
    <servlet-mapping>
        <servlet<web-name>JOC</servletresource-name>collection>
            <url-pattern>/operations_gui/*</url-pattern>
        </servletweb-resource-mapping>collection>
 </web-app>

Send commands via HTTP (POST|GET)

If you use Jetty and you want to send a command (e.g. <show_state/>) to the JobScheduler then you have to use the URL:

Code Block
languagebash
http://localhost:40444/jobscheduler/engine-cpp/

or respectively.

Code Block
languagebash
https://localhost:48444/jobscheduler/engine-cpp/

Example for HTTP GET

Code Block
languagebash
http://localhost:40444/jobscheduler/engine-cpp/&lt;show_state/&gt;

Note

  • The commands that can be sent via HTTP GET have been restricted from JobScheduler version 1.7 onwards.
  • See Release Information for further information.

...

        <auth-constraint>
            <role-name>SecurityLevel.info</role-name>
            <role-name>SecurityLevel.all</role-name>
        </auth-constraint>
    </security-constraint>

User authentication with a properties file

...