10-10 Oracle Complex Event Processing Administrators Guide atn.1.GroupSearchScope= atn.1.GroupFromNameFilter= atn.1.AllGroupsFilter= atn.1.StaticGroupObjectClass= atn.1.StaticGroupNameAttribute= atn.1.StaticMemberDNAttribute=member atn.1.StaticGroupDNsfromMemberDNFilter= atn.1.DynamicGroupObjectClass= atn.1.DynamicGroupNameAttribute= atn.1.DynamicMemberURLAttribute= atn.1.GroupMembershipSearching=unlimited atn.1.MaxGroupMembershipSearchLevel=0 atn.1.UseRetrievedUserNameAsPrincipal=false atn.1.IgnoreDuplicateMembership= atn.1.KeepAliveEnabled= atn.1.Credential=wlevs atn.1.Name= atn.1.PropagateCauseForLoginException= atn.1.ControlFlag=REQUIRED atn.1.ConnectTimeout= atn.1.Host=localhost atn.1.Port=389 atn.1.SSLEnabled= atn.1.Principal=cn=Administrator,dc=bea,dc=com atn.1.CacheEnabled= atn.1.CacheSize= atn.1.CacheTTL= atn.1.FollowReferrals=false atn.1.BindAnonymouslyOnReferrals= atn.1.ResultsTimeLimit= atn.1.ParallelConnectDelay= atn.1.ConnectionRetryLimit= atn.1.EnableGroupMembershipLookupHierarchyCaching=true atn.1.MaxGroupHierarchiesInCache= atn.1.GroupHierarchyCacheTTL= atn.5.mbean=weblogic.security.providers.authentication.OpenLDAPAuthenticatorMBean atn.5.UserNameAttribute= atn.5.UserBaseDN= atn.5.UserFromNameFilter= atn.5.GroupBaseDN= atn.5.GroupFromNameFilter= atn.5.StaticGroupObjectClass= atn.5.StaticMemberDNAttribute= atn.5.StaticGroupDNsfromMemberDNFilter= atn.5.UserObjectClass= atn.5.UserDynamicGroupDNAttribute= atn.5.UserSearchScope= atn.5.AllUsersFilter= atn.5.GroupSearchScope= atn.5.AllGroupsFilter= atn.5.StaticGroupNameAttribute= atn.5.DynamicGroupObjectClass= atn.5.DynamicGroupNameAttribute= atn.5.DynamicMemberURLAttribute= atn.5.GroupMembershipSearching= atn.5.MaxGroupMembershipSearchLevel= atn.5.UseRetrievedUserNameAsPrincipal= atn.5.IgnoreDuplicateMembership= atn.5.KeepAliveEnabled= atn.5.Credential= atn.5.PropagateCauseForLoginException= atn.5.ControlFlag= atn.5.Name= atn.5.ConnectTimeout= atn.5.Host= atn.5.Port= Configuring Security for Oracle CEP 10-11 atn.5.SSLEnabled= atn.5.Principal= atn.5.CacheEnabled= atn.5.CacheSize= atn.5.CacheTTL= atn.5.FollowReferrals= atn.5.BindAnonymouslyOnReferrals= atn.5.ResultsTimeLimit= atn.5.ParallelConnectDelay= atn.5.ConnectionRetryLimit= atn.5.EnableGroupMembershipLookupHierarchyCaching= atn.5.MaxGroupHierarchiesInCache= atn.5.GroupHierarchyCacheTTL= cm.1.mbean=weblogic.security.providers.credentials.DefaultCredentialMapperMBean cm.1.Name=my-credential-mapper cm.1.CredentialMappingDeploymentEnabled=true cm.3.mbean=weblogic.security.providers.credentials.FileBasedCredentialMapperMBean cm.3.FileStorePath= cm.3.FileStorePassword= cm.3.EncryptAlgorithm= cm.3.Name= cm.3.CredentialMappingDeploymentEnabled= rm.1.mbean=weblogic.security.providers.xacml.authorization.XACMLRoleMapperMBean rm.1.Name=my-role-mapper rm.1.RoleDeploymentEnabled=true atz.1.mbean=weblogic.security.providers.xacml.authorization.XACMLAuthorizerMBean atz.1.Name=my-authorizer atz.1.PolicyDeploymentEnabled=true adj.1.mbean=weblogic.security.providers.authorization.DefaultAdjudicatorMBean adj.1.RequireUnanimousPermit=false adj.1.Name=my-adjudicator Customize the property file by updating the store.StoreProperties property to reflect your database driver information, connection URL, and username and password of the user that connects to the database. This is how the default property is set: Split for readability; in practice, the property should be on one line. store.StoreProperties=DriverName=oracle.jdbc.driver.OracleDriver, ConnectionURL=jdbc:oracle:thin:mymachine:1521:orcl, Username=wlevs, Password=wlevs Also update the property that specifies your LDAP server configuration. Leave all the other properties to their default values. 5. Make a backup copy of the existing security.xml file, in case you need to revert: prompt copy security.xml security.xml_save 6. Create a new security configuration file security.xml by executing the following cssconfig command: prompt cssconfig -p myLDAPandDBMS.properties -c security.xml -i security-key.dat In the preceding command, myLDAPandDBMS.properties is the property file you created in step 4, security.xml is the name of the new security configuration file, and security-key.dat is an existing file, generated by the Configuration Wizard, that contains the identity key. See Section C.1, The cssconfig Command-Line Utility for additional information. 10-12 Oracle Complex Event Processing Administrators Guide 7. Change to the ORACLE_CEP_HOMEocep_11.1utilssecuritysql directory: prompt cd d:\oracle_cep\ocep_11.1\utils\security\sql This directory contains SQL scripts for creating the required security-related database tables and populating them with initial data. Because you are using the DBMS provider only for authorization, the relevant scripts for this procedure are: ■ atz_create.sql—Creates all tables required for authorization. ■ atz_drop.sql—Drops all authorization-related tables. 8. Run the following SQL script against the database you specified as the database store in step 4: ■ atz_create.sql 9. Configure your LDAP server by adding the default groups described in Section 10.1.3, Users, Groups, and Roles as well as the administrator user you specified when you created the domain. By default, this user is called wlevs. Refer to your LDAP server documentation for details. 10. Optionally, configure password strength in your new security.xml file. See Section 10.4, Configuring Password Strength .

10.3.2 Configuring Both Authentication and Authorization Using the DBMS Provider

The following procedure describes how to configure the DBMS security provider for both authentication and authorization. To configure both authentication and authorization using the DBMS provider: 1. Open a command window and set your environment as described in Setting Your Development Environment in the Oracle Complex Event Processing Getting Started. 2. Add the ORACLE_CEP_HOME\ocep_11.1\bin directory to your PATH environment variable, where ORACLE_CEP_HOME is the main Oracle CEP installation directory, such as d:\oracle_cep: prompt set PATH=d:\oracle_cep\ocep_11.1\bin;PATH Windows prompt PATH=oracle_cepocep_11.1bin:PATH UNIX 3. Change to the DOMAIN_DIRservernameconfig directory, where DOMAIN_ DIR refers to the main directory of your domain, such as d:\oracle_cep\user_ projects\domains\mydomain, and servername refers to the name of your server: prompt cd d:\oracle_cep\user_projects\domains\mydomain\defaultserver\config 4. Make a backup copy of the existing security.xml file, in case you need to revert: prompt copy security.xml security.xml_save 5. Using your favorite text editor, create a file called myDBMS.properties and copy into it the entire contents of Example 10–2 . Example 10–2 DBMS Property File For attributes of type boolean or Boolean, value can be true or false and its case insensitive.