I have a jax-rs service deployed in Karaf container v4.2.3 with jetty v9.4.12 and the service is deployed under /services context-path as shown in the picture.
I have managed to enable ssl client auth in Karaf Jetty but the problem is that it enables it globally which causes system console to become inaccessible.
Here is the config I used in org.ops4j.pax.web.cfg
org.osgi.service.http.enabled=false
org.osgi.service.http.secure.enabled=true
org.osgi.service.http.secure.enabled=true
org.osgi.service.http.port.secure=8443
org.ops4j.pax.web.ssl.keystore=./etc/keystores/server-keystore.p12
org.ops4j.pax.web.ssl.truststore=etc/keystores/server-truststore.p12
org.ops4j.pax.web.ssl.truststore.password=secret
org.ops4j.pax.web.ssl.key.password=secret
org.ops4j.pax.web.ssl.keystore.password=secret
org.ops4j.pax.web.ssl.clientauthneeded=true
Is it possible to have SSL client auth only for the /services path and leave system console on non-ssl (http) ?
Thanks a lot
You will need 2 ports or connectors configured. (one with SSL/TLS one without)
Then set the /services/* url-pattern to have a CONFIDENTIAL (servlet) constraint.
As an alternative to the default connectors, it is possible to configure additional connectors in the etc/jetty.xml configuration file.
The etc/jetty.xml is a standard Eclipse Jetty configuration file. The default Apache Karaf WebContainer etc/jetty.xml contains:
<!-- Use this connector for many frequently idle connections and for
threadless continuations. -->
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
<Set name="host">
<Property name="jetty.host" />
</Set>
<Set name="port">
<Property name="jetty.port" default="8181" />
</Set>
<Set name="maxIdleTime">300000</Set>
<Set name="Acceptors">2</Set>
<Set name="statsOn">false</Set>
<Set name="confidentialPort">8443</Set>
<Set name="lowResourcesConnections">20000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
</New>
</Arg>
</Call>
<!-- =========================================================== -->
<!-- Configure Authentication Realms -->
<!-- Realms may be configured for the entire server here, or -->
<!-- they can be configured for a specific web app in a context -->
<!-- =========================================================== -->
The SelectChannelConnector defines the default connector of the WebContainer.
This connector defines the 8181 port number for the HTTP protocol (port property), and the 8443 port number for the HTTPS protocol (confidentialPort property).
The following resources give you details about advanced etc/jetty.xml configurations:
http://wiki.eclipse.org/Jetty/Howto/Configure_SSL
Related
I'm trying to configure my Jetty with SSL. Now I'm just stuck on why it doesn't connect on HTTPS. It works fine on HTTP though.
File: ${JETTY_HOME}/etc/jetty-https.xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/config
ure_9_3.dtd">
<!-- ============================================================= -->
<!-- Configure a HTTPS connector. -->
<!-- This configuration must be used in conjunction with jetty.xml -->
<!-- and jetty-ssl.xml. -->
<!-- ============================================================= -->
<Configure id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
<Call name="addIfAbsentConnectionFactory">
<Arg>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="next">http/1.1</Arg>
<Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
</New>
</Arg>
</Call>
<Call name="addConnectionFactory">
<Arg>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="sslHttpConfig" /></Arg>
<Arg name="compliance"><Call class="org.eclipse.jetty.http.HttpCompliance" name="
valueOf"><Arg><Property name="jetty.http.compliance" default="RFC7230"/></Arg></Call></Ar
g>
</New>
</Arg>
</Call>
</Configure>
File: ${JETTY_HOME}/etc/jetty-ssl.xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
<!-- ============================================================= -->
<!-- Base SSL configuration -->
<!-- This configuration needs to be used together with 1 or more -->
<!-- of jetty-https.xml or jetty-http2.xml -->
<!-- ============================================================= -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- =========================================================== -->
<!-- Add a SSL Connector with no protocol factories -->
<!-- =========================================================== -->
<Call name="addConnector">
<Arg>
<New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property name="jetty.ssl.acceptors" deprecated="ssl.acceptors" default="-1"/></Arg>
<Arg name="selectors" type="int"><Property name="jetty.ssl.selectors" deprecated="ssl.selectors" default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<!-- uncomment to support proxy protocol
<Item>
<New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
</Item>-->
</Array>
</Arg>
<Set name="host"><Property name="jetty.ssl.host" deprecated="jetty.host" /></Set>
<Set name="port"><Property name="jetty.ssl.port" deprecated="ssl.port" default="8443" /></Set>
<Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout" deprecated="ssl.timeout" default="30000"/></Set>
<Set name="soLingerTime"><Property name="jetty.ssl.soLingerTime" deprecated="ssl.soLingerTime" default="-1"/></Set>
<Set name="acceptorPriorityDelta"><Property name="jetty.ssl.acceptorPriorityDelta" deprecated="ssl.acceptorPriorityDelta" default="0"/></Set>
<Set name="acceptQueueSize"><Property name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize" default="0"/></Set>
</New>
</Arg>
</Call>
<!-- =========================================================== -->
<!-- Create a TLS specific HttpConfiguration based on the -->
<!-- common HttpConfiguration defined in jetty.xml -->
<!-- Add a SecureRequestCustomizer to extract certificate and -->
<!-- session information -->
<!-- =========================================================== -->
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg>
<New class="org.eclipse.jetty.server.SecureRequestCustomizer">
<Arg name="sniHostCheck" type="boolean"><Property name="jetty.ssl.sniHostCheck" default="true"/></Arg>
<Arg name="stsMaxAgeSeconds" type="int"><Property name="jetty.ssl.stsMaxAgeSeconds" default="-1"/></Arg>
<Arg name="stsIncludeSubdomains" type="boolean"><Property name="jetty.ssl.stsIncludeSubdomains" default="false"/></Arg>
</New>
</Arg>
</Call>
</New>
</Configure>
After running docker ps -a :
root#myserver:/home/deploy/frontend/src/app/environments# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9bf8f257f8ac jetty "/docker-entrypoint.s" 2 days ago Up 14 minutes 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp jetty
And finally my
File: ${JETTY_HOME}/etc/jetty.xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
<!-- =============================================================== -->
<!-- Documentation of this file format can be found at: -->
<!-- http://wiki.eclipse.org/Jetty/Reference/jetty.xml_syntax -->
<!-- -->
<!-- Additional configuration files are available in $JETTY_HOME/etc -->
<!-- and can be mixed in. See start.ini file for the default -->
<!-- configuration files. -->
<!-- -->
<!-- For a description of the configuration mechanism, see the -->
<!-- output of: -->
<!-- java -jar start.jar -? -->
<!-- =============================================================== -->
<!-- =============================================================== -->
<!-- Configure a Jetty Server instance with an ID "Server" -->
<!-- Other configuration files may also configure the "Server" -->
<!-- ID, in which case they are adding configuration to the same -->
<!-- instance. If other configuration have a different ID, they -->
<!-- will create and configure another instance of Jetty. -->
<!-- Consult the javadoc of o.e.j.server.Server for all -->
<!-- configuration that may be set here. -->
<!-- =============================================================== -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- =========================================================== -->
<!-- Configure the Server Thread Pool. -->
<!-- The server holds a common thread pool which is used by -->
<!-- default as the executor used by all connectors and servlet -->
<!-- dispatches. -->
<!-- -->
<!-- Configuring a fixed thread pool is vital to controlling the -->
<!-- maximal memory footprint of the server and is a key tuning -->
<!-- parameter for tuning. In an application that rarely blocks -->
<!-- then maximal threads may be close to the number of 5*CPUs. -->
<!-- In an application that frequently blocks, then maximal -->
<!-- threads should be set as high as possible given the memory -->
<!-- available. -->
<!-- -->
<!-- Consult the javadoc of o.e.j.util.thread.QueuedThreadPool -->
<!-- for all configuration that may be set here. -->
<!-- =========================================================== -->
<!-- uncomment to change type of threadpool
<Arg name="threadpool"><New id="threadpool" class="org.eclipse.jetty.util.thread.QueuedThreadPool"/></Arg>
-->
<Get name="ThreadPool">
<Set name="minThreads" type="int"><Property name="jetty.threadPool.minThreads" deprecated="threads.min" default="10"/></Set>
<Set name="maxThreads" type="int"><Property name="jetty.threadPool.maxThreads" deprecated="threads.max" default="200"/></Set>
<Set name="idleTimeout" type="int"><Property name="jetty.threadPool.idleTimeout" deprecated="threads.timeout" default="60000"/></Set>
<Set name="detailedDump">false</Set>
</Get>
<!-- =========================================================== -->
<!-- Add shared Scheduler instance -->
<!-- =========================================================== -->
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.util.thread.ScheduledExecutorScheduler"/>
</Arg>
</Call>
<!-- =========================================================== -->
<!-- Http Configuration. -->
<!-- This is a common configuration instance used by all -->
<!-- connectors that can carry HTTP semantics (HTTP, HTTPS, etc.)-->
<!-- It configures the non wire protocol aspects of the HTTP -->
<!-- semantic. -->
<!-- -->
<!-- This configuration is only defined here and is used by -->
<!-- reference from other XML files such as jetty-http.xml, -->
<!-- jetty-https.xml and other configuration files which -->
<!-- instantiate the connectors. -->
<!-- -->
<!-- Consult the javadoc of o.e.j.server.HttpConfiguration -->
<!-- for all configuration that may be set here. -->
<!-- =========================================================== -->
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="secureScheme"><Property name="jetty.httpConfig.secureScheme" default="https" /></Set>
<Set name="securePort"><Property name="jetty.httpConfig.securePort" deprecated="jetty.secure.port" default="8443" /></Set>
<Set name="outputBufferSize"><Property name="jetty.httpConfig.outputBufferSize" deprecated="jetty.output.buffer.size" default="32768" /></Set>
<Set name="outputAggregationSize"><Property name="jetty.httpConfig.outputAggregationSize" deprecated="jetty.output.aggregation.size" default="8192" /></Set>
<Set name="requestHeaderSize"><Property name="jetty.httpConfig.requestHeaderSize" deprecated="jetty.request.header.size" default="8192" /></Set>
<Set name="responseHeaderSize"><Property name="jetty.httpConfig.responseHeaderSize" deprecated="jetty.response.header.size" default="8192" /></Set>
<Set name="sendServerVersion"><Property name="jetty.httpConfig.sendServerVersion" deprecated="jetty.send.server.version" default="true" /></Set>
<Set name="sendDateHeader"><Property name="jetty.httpConfig.sendDateHeader" deprecated="jetty.send.date.header" default="false" /></Set>
<Set name="headerCacheSize"><Property name="jetty.httpConfig.headerCacheSize" default="512" /></Set>
<Set name="delayDispatchUntilContent"><Property name="jetty.httpConfig.delayDispatchUntilContent" deprecated="jetty.delayDispatchUntilContent" default="true"/></Set>
<Set name="maxErrorDispatches"><Property name="jetty.httpConfig.maxErrorDispatches" default="10"/></Set>
<Set name="blockingTimeout"><Property name="jetty.httpConfig.blockingTimeout" default="-1"/></Set>
<Set name="persistentConnectionsEnabled"><Property name="jetty.httpConfig.persistentConnectionsEnabled" default="true"/></Set>
<Set name="cookieCompliance"><Call class="org.eclipse.jetty.http.CookieCompliance" name="valueOf"><Arg><Property name="jetty.httpConfig.cookieCompliance" default="RFC6265"/></Arg></Call></Set>
</New>
<!-- =========================================================== -->
<!-- Set the default handler structure for the Server -->
<!-- A handler collection is used to pass received requests to -->
<!-- both the ContextHandlerCollection, which selects the next -->
<!-- handler by context path and virtual host, and the -->
<!-- DefaultHandler, which handles any requests not handled by -->
<!-- the context handlers. -->
<!-- Other handlers may be added to the "Handlers" collection, -->
<!-- for example the jetty-requestlog.xml file adds the -->
<!-- RequestLogHandler after the default handler -->
<!-- =========================================================== -->
<Set name="handler">
<New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection">
<Set name="handlers">
<Array type="org.eclipse.jetty.server.Handler">
<Item>
<New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
</Item>
<Item>
<New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"/>
</Item>
</Array>
</Set>
</New>
</Set>
<!-- =========================================================== -->
<!-- extra server options -->
<!-- =========================================================== -->
<Set name="stopAtShutdown"><Property name="jetty.server.stopAtShutdown" default="true"/></Set>
<Set name="stopTimeout"><Property name="jetty.server.stopTimeout" default="5000"/></Set>
<Set name="dumpAfterStart"><Property name="jetty.server.dumpAfterStart" deprecated="jetty.dump.start" default="false"/></Set>
<Set name="dumpBeforeStop"><Property name="jetty.server.dumpBeforeStop" deprecated="jetty.dump.stop" default="false"/></Set>
</Configure>
I'm quite new to Jetty and can't seem to find the answer online since all these files have been auto-generated so I'm not sure what I can delete and what not.
Any ideas?
(note: in my /var/lib/jetty/start.d only the http.ini is present (not sure if there should be a https.ini))
My firewall status:
Status: active
To Action From
-- ------ ----
Anywhere ALLOW somesubnet/24
22 ALLOW Anywhere
300 ALLOW Anywhere
3000 ALLOW Anywhere
3001 ALLOW Anywhere
3002 ALLOW Anywhere
3003 ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
8443 ALLOW Anywhere
443/tcp ALLOW Anywhere
521 ALLOW Anywhere
80,443/tcp ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
300 (v6) ALLOW Anywhere (v6)
3000 (v6) ALLOW Anywhere (v6)
3001 (v6) ALLOW Anywhere (v6)
3002 (v6) ALLOW Anywhere (v6)
3003 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
8443 (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
521 (v6) ALLOW Anywhere (v6)
80,443/tcp (v6) ALLOW Anywhere (v6)
443/tcp ALLOW OUT Anywhere
3000 ALLOW OUT Anywhere
443/tcp (v6) ALLOW OUT Anywhere (v6)
3000 (v6) ALLOW OUT Anywhere (v6)
Docker command I used:
docker run -d --name=jetty -p 80:8080 -p 443:8443 -v /home/deploy/backend/my-server/target/my-server-0.0.1-SNAPSHOT.war:/var/lib/jetty/webapps/root.war -v /home/deploy/backend/ssl:/etc/ssl/private jetty
It runs fine on http://my-server.com but doesn't load at https://my-server.com
Even if the jetty main page on Docker Hub shows that the container should be run with docker run -d -p 80:8080 -p 443:8443 jetty, it looks like the image is not configured for HTTPS by default.
As you suggest, there should be a https.ini file in /var/lib/jetty/start.d. You can generate one by running the command java -jar "$JETTY_HOME/start.jar" --add-to-startd=https in the container.
Put this command in a Dockerfile:
FROM jetty
RUN java -jar "$JETTY_HOME/start.jar" --add-to-startd=https
Build the new image:
docker build -t my-server .
And finally start your server:
docker run -d --name=jetty -p 80:8080 -p 443:8443 -v /home/deploy/backend/my-server/target/my-server-0.0.1-SNAPSHOT.war:/var/lib/jetty/webapps/root.war -v /home/deploy/backend/ssl:/etc/ssl/private my-server
This should allow you to connect to your server using HTTPS.
You can find more information on this on this Github issue.
We are running multiple Java webapps which use Jetty9 as server.
The apps are reachable via subdirectories:
domain.tld/app1
domain.tld/app2
domain.tld/app3
Now I want to protect two of those apps via basic auth.
When using Apache as server this would be quite easy to achieve via .htaccess or the vhost conf file, but how can I achieve this with Jetty?
Unfortunately the Jetty docs didn't help me.
Thanks in advance.
EDIT: Now I got the following in my jetty-context.xml, but nothing happens:
<?xml version='1.0' encoding='utf-8'?>
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="contextPath">/app1</Set>
<Set name="war">/opt/software/web/view.war</Set>
<Set name="handler">
<New class="org.eclipse.jetty.server.handler.RequestLogHandler" id="RequestLog">
<Set name="requestLog">
<New class="org.eclipse.jetty.server.NCSARequestLog" id="RequestLogImpl">
<Set name="filename">/home/software/something/log/access-something-yyyy_mm_dd.request.log</Set>
<Set name="filenameDateFormat">yyyy_MM_dd</Set>
<Set name="logTimeZone">GMT</Set>
<Set name="retainDays">90</Set>
<Set name="append">true</Set>
<Set name="logLatency">true</Set>
</New>
</Set>
</New>
</Set>
<Get name="securityHandler">
<Set name="loginService">
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Software</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/software/realm.properties</Set>
<Call name="start"></Call>
</New>
</Set>
</Get>
</Configure>
Content of realm.properties:
admin: password,admin,user
You need to set up something to trigger the authentication. Based on what you've provided, BASIC auth should suit your needs. You've already declared the HashLoginService in your context XML file, but you also need to declare the auth type in the WEB-INF/web.xml of the webapp itself. This would look something like:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>My Realm</realm-name>
</login-config>
You also need to define the security/auth constraints of the auth method in the web.xml. This helps determine who is allowed access to what, based on role, URL..etc. An example of restricting the webapp entirely might look like:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>other</role-name>
<role-name>roles</role-name>
</auth-constraint>
</security-constraint>
Jetty supports other Authentication mechanisms as well if something better suits your needs.
So to recap, to scope your security per webapp you need to do a few things:
Declare the type of authentication for the webapp in the WEB-INF/web.xml
Define the security/auth constraints for the webapp in the WEB-INF/web.xml
Define the type of the LoginService (Hash in this case) in the context XML file for the webapp, and provide the path to the associated properties file.
I am following this tutorial instruction: http://www.eclipse.org/jetty/documentation/current/spnego-support.html
It says the following: A corresponding UserRealm needs to be created either programmatically if embedded, via the jetty.xml or in a context file for the webapp.
Now I am using embedded jetty and I could create a web.xml using the WebAppContext and \jee but what is the context file? Is it talking about something like a Spring context?
(I am fairly new to Java)
With context file for the webapp, they probably mean the jetty.xml configuration file, which can also be used on a per-app basis, when you name it jetty-web.xml and place it in your WEB-INF directory (alongside the web.xml configuration file).
Frame of a jetty-web.xml:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<!-- configuration here -->
</Configure>
You can configure your realms with it, e.g.:
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="contextPath">/test</Set>
<Set name="war"><SystemProperty name="jetty.home" default="."/>/webapps/test</Set>
<Get name="securityHandler">
<Set name="loginService">
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
</New>
</Set>
</Get>
</Configure>
For details, see:
https://wiki.eclipse.org/Jetty/Reference/jetty-web.xml
https://wiki.eclipse.org/Jetty/Tutorial/Realms
Since you are using embedded jetty, I am unsure if you can configure user realms using the normal jetty-web.xml configuration, or if you have to set them up programmatically.
I did this programmatically, but with an older (6.1) version of Jetty. But I also have used the jetty-web.xml in an embedded jetty to configure some parameters, e.g. the upload file size limit.
I'd like to have Jetty running on a production server and when I have a new code package to deploy I'd like to be able to do an "sbt package" to package up my code into a war file, then copy it over to the production machine's webapp folder.
Is that reasonable? If so, what is the best way to start Jetty as a daemon? Will it see the new file and automatically reload my app or do I need to restart it somehow?
The main problem with what you are suggesting is that the configuration required to have the server listen or monitor the webapps folder is that there will be a production hit.
While this type of configuration is great for development, it isn't recommended for production applications.
With that said, what you're looking for is a ContextDeployer, which can be configured in jetty.xml. See the Jetty documentation for your specific version of Jetty for the exact details:
<!-- =========================================================== -->
<!-- Configure the context deployer -->
<!-- A context deployer will deploy contexts described in -->
<!-- configuration files discovered in a directory. -->
<!-- The configuration directory can be scanned for hot -->
<!-- deployments at the configured scanInterval. -->
<!-- -->
<!-- This deployer is configured to deploy contexts configured -->
<!-- in the $JETTY_HOME/contexts directory -->
<!-- -->
<!-- =========================================================== -->
<Call name="addLifeCycle">
<Arg>
<New class="org.mortbay.jetty.deployer.ContextDeployer">
<Set name="contexts"><Ref id="Contexts"/></Set>
<Set name="configurationDir"><SystemProperty name="jetty.home" default="."/>/contexts</Set>
<Set name="scanInterval">5</Set>
</New>
</Arg>
</Call>
The "scanInterval" is what tells the server to monitor the contexts folder. Every 5 seconds, it checks to see if the files changed.
Finally, to start Jetty as a daemon, just use the scripts they provide you in the /bin folder:
./jetty.sh start
To stop Jetty, run:
./jetty.sh stop
And to restart Jetty, run:
./jetty.sh restart
Again, see The Jetty Documentation or The Webtide Website for the exact documentation for whatever version of Jetty you're running. Different versions can differ drastically in terms of how the server is configured.
I am in the process of converting various Spring beans to JNDI lookups. Currently I am using Jetty to test this. I have configured the UserTransaction according to the Jetty documentation and it works:
<New id="tx" class="org.mortbay.jetty.plus.naming.Transaction">
<Arg>
<New class="com.atomikos.icatch.jta.UserTransactionImp">
</New>
</Arg>
</New>
The problem with this configuration it that it does not set the transaction timeout like my Spring config did:
<bean id="atomikosUserTransaction" class="com.atomikos.icatch.jta.UserTransactionImp">
<!-- Number of seconds before transaction timesout. -->
<property name="transactionTimeout" value="30" />
</bean>
I tried the following, but it didn't work...for some reason I ended up with TWO user transactions:
<New id="tx" class="org.mortbay.jetty.plus.naming.Transaction">
<Arg>
<New class="com.atomikos.icatch.jta.UserTransactionImp">
<Set name="transactionTimeout">30</Set>
</New>
</Arg>
</New>
Any ideas?
You'll need to configure the atomikos transaction manager through the jta.properties file within your jetty context.
For example, look at the following directory within your Jetty distribution (I'm using 6.1.24):
/jetty-6.1.24/contexts/test-jndi.d/WEB-INF/classes
jta.properties
set the property called com.atomikos.icatch.max_timeout, which is commented out in the default sample file.
Then make sure that you start your jetty container using the correctly configured context.