10 Configuring Security for Oracle CEP 10-1 10 Configuring Security for Oracle CEP This chapter contains information on the following topics: ■ Section 10.1, Overview of Security in Oracle CEP ■ Section 10.2, Configuring Java SE Security for Oracle CEP Server ■ Section 10.3, Configuring a Security Provider ■ Section 10.4, Configuring Password Strength ■ Section 10.5, Configuring SSL to Secure Network Traffic ■ Section 10.6, Configuring FIPS for Oracle CEP Server ■ Section 10.7, Configuring HTTPS-Only Connections for Oracle CEP Server ■ Section 10.8, Configuring Security for Oracle CEP Server Services ■ Section 10.9, Configuring the Oracle CEP Security Auditor ■ Section 10.10, Disabling Security

10.1 Overview of Security in Oracle CEP

Oracle CEP provides a variety of mechanisms to protect server resources such as data and event streams, configuration, username and password data, security policy information, remote credentials, and network traffic. To configure security for Oracle CEP server, consider the following general tasks: 1. Configure Java SE security. See Section 10.1.1, Java SE Security . 2. Configure a security provider for authorization and authentication. See: ■ Section 10.1.2, Security Providers ■ Section 10.1.3, Users, Groups, and Roles 3. Configure password strength. See Section 10.4, Configuring Password Strength . 4. Configure SSL and FIPS. See: ■ Section 10.1.4, SSL ■ Section 10.1.5, FIPS 10-2 Oracle Complex Event Processing Administrators Guide 5. Configure HTTPS-only connections. See Section 10.7, Configuring HTTPS-Only Connections for Oracle CEP Server . 6. Configure security for individual Oracle CEP server services. See Section 10.8, Configuring Security for Oracle CEP Server Services For more information, see: ■ Section 10.1.6, Enabling and Disabling Security ■ Section 10.1.7, Security Utilities ■ Section 10.1.8, Specifying User Credentials When Using the Command-Line Utilities ■ Section 10.1.9, Security in Oracle CEP Examples and Domains

10.1.1 Java SE Security

You can define Java SE security policies for: ■ All the bundles that make up Oracle CEP ■ Server startup ■ Web applications deployed to the Oracle CEP server Jetty HTTP server ■ Oracle CEP Visualizer For more information, see: ■ Section 10.2, Configuring Java SE Security for Oracle CEP Server ■ http:java.sun.comjavasetechnologiessecurity

10.1.2 Security Providers

Oracle CEP supports various security providers for authentication, authorization, role mapping, and credential mapping. Oracle CEP supports the following security providers: ■ File-based—Default out-of-the-box security provider. This type of provider uses an operating system file to access security data such as user, password, and group information. Provides both authentication process whereby identity of users is proved or verified and authorization process whereby a users access to an Oracle CEP resource is permitted or denied based on the users security role and the security policy assigned to the requested Oracle CEP resource. Authentication typically involves usernamepassword combinations. ■ LDAP—Provider that uses a Lightweight Data Access Protocol LDAP server to access user, password, and group information. Provides only authentication. ■ DBMS—Provider that uses a database management system DBMS to access user, password, and group information. Provides both authentication and authorization. If you choose to use the default file-based security provider, then you do not need to do any further configuration of your domain; the Configuration Wizard performs all necessary configuration. However, if you want to use the LDAP or DBMS providers, you must perform further configuration. See Section 10.3, Configuring a Security Provider