9-2 Oracle Complex Event Processing Administrators Guide Example 9–1 shows how to specify a provider in the Oracle CEP server config.xml file netio element using the provider-type child element. Example 9–1 Oracle CEP netio Element With provider-type Defined netio namemyNetioname port12345port provider-typenon-blockingprovider-type netio

9.1.2 IPv4 and IPv6 Support

Oracle CEP server is certified for use with IPv4 only or IPv4IPv6 dual-stack. Oracle CEP does not support IPv6. For more information about IPv6, see RFC 2460: Internet Protocol, Version 6 IPv6 Specification http:www.ietf.orgrfcrfc2460.txt .

9.2 Configuring Network IO Server netio

You can define a network IO service that may be used by other services to act as the server and listen for incoming connections. Table 9–1 Oracle CEP Network IO Providers provider-type SSL? Description non-blocking No A non-blocking provider provides fully non-blocking IO for reads and writes. That means that each call to read or write on the Connection interface will return immediately without blocking. If the underlying connection is not ready, then the read or write call will simply return zero. At that point, the calling code must use one of the notification mechanisms in the NetIO API to wait until the connection is ready to read or write. Non-Blocking providers may also support a non-blocking connect call, which means that a thread need not block if it takes a long time to establish or fail to establish a connection to a remote server. Provider class: com.bea.core.netio.provider.noblock.NIOEngine. semi-blocking No A semi-blocking provider provides non-blocking IO for the read call, but each write call blocks until the data has been handed to the TCPIP stack. Some platforms provide mechanisms that make it possible to implement a write-blocking provider that is faster than a fully non-blocking provider, but still allows for high scalability. Provider class: ■ Linux with JRockit: com.bea.core.netio.provider.jrockit.JRockitEngine ■ Windows: com.bea.core.netio.provider.nativeasync.NativeAsyncEn gine blocking No A blocking provider blocks on each read and write call until it is complete. If there is no data ready to read, then read will block until there is. This type of provider is much less scalable because there must be a thread waiting for each network connection that might have data. Oracle recommends that this type of provider should not typically be used. Provider class: com.bea.core.netio.provider.block.BlockingEngine. native No The NativeAsyncEngine will be tried. If it is not supported, then an error will be raised. NIO 1 1 Default provider-type. Yes The NIOEngine will always be used. Configuring Network IO for Oracle CEP 9-3 Alternatively, you can create a client network IO service as Section 9.3, Configuring Network IO Client netio-client describes.

9.2.1 How to Configure Network IO Server

You configure network IO server services using the netio element in the Oracle CEP server config.xml file. For more information, see: ■ Section 1.3.1, Oracle CEP Server Configuration Files ■ Section 9.1.1, Network IO Providers ■ netio in the Oracle Complex Event Processing Developers Guide for Eclipse To configure network IO server: 1. In the Oracle CEP server config.xml file, create a netio element as Example 9–2 shows. Example 9–2 Oracle CEP netio Element netio netio 2. Add a name element that uniquely identifies this netio element on this Oracle CEP server as Example 9–3 shows. Example 9–3 Oracle CEP netio Element With name Element netio nameMyNetIOname netio 3. Add a port element to define the TCPIP port on which this netio service will listen for connection requests as Example 9–4 shows. Example 9–4 Oracle CEP netio Element With port Element netio nameMyNetIOname port9002port netio 4. Optionally, specify a provider-type as Example 9–5 shows. Example 9–5 Oracle CEP netio Element With port Element netio nameMyNetIOname port9002port provider-typeNIOprovider-type netio For more information, see Section 9.1.1, Network IO Providers . 5. Optionally, specify the other netio child elements. For more information, see netio in the Oracle Complex Event Processing Developers Guide for Eclipse. 9-4 Oracle Complex Event Processing Administrators Guide

9.3 Configuring Network IO Client netio-client

You can define a network IO service that may be used to perform non-blocking network IO, but which will not act as a server and will not listen for incoming connections. Alternatively, you can create a server network IO service as Section 9.2, Configuring Network IO Server netio describes.

9.3.1 How to Configure Network IO Client

You configure network IO client services using the netio-client element in the Oracle CEP server config.xml file. For more information, see: ■ Section 1.3.1, Oracle CEP Server Configuration Files ■ Section 9.1.1, Network IO Providers ■ netio-client in the Oracle Complex Event Processing Developers Guide for Eclipse. To configure network IO client: 1. In the Oracle CEP server config.xml file, create a netio-client element as Example 9–2 shows. Example 9–6 Oracle CEP netio-client Element netio-client netio-client 2. Add a name element that uniquely identifies this netio element on this Oracle CEP server as Example 9–3 shows. Example 9–7 Oracle CEP netio-client Element With name Element netio-client nameMyNetIOClientname netio-client 3. Optionally, specify a provider-type as Example 9–5 shows. Example 9–8 Oracle CEP netio-client Element With port Element netio-client nameMyNetIOClientname provider-typeNIOprovider-type netio-client For more information, see Section 9.1.1, Network IO Providers . 4. Optionally, specify the other netio-client child elements. For more information, see netio-client in the Oracle Complex Event Processing Developers Guide for Eclipse. 10 Configuring Security for Oracle CEP 10-1 10 Configuring Security for Oracle CEP This chapter contains information on the following topics: ■ Section 10.1, Overview of Security in Oracle CEP ■ Section 10.2, Configuring Java SE Security for Oracle CEP Server ■ Section 10.3, Configuring a Security Provider ■ Section 10.4, Configuring Password Strength ■ Section 10.5, Configuring SSL to Secure Network Traffic ■ Section 10.6, Configuring FIPS for Oracle CEP Server ■ Section 10.7, Configuring HTTPS-Only Connections for Oracle CEP Server ■ Section 10.8, Configuring Security for Oracle CEP Server Services ■ Section 10.9, Configuring the Oracle CEP Security Auditor ■ Section 10.10, Disabling Security

10.1 Overview of Security in Oracle CEP

Oracle CEP provides a variety of mechanisms to protect server resources such as data and event streams, configuration, username and password data, security policy information, remote credentials, and network traffic. To configure security for Oracle CEP server, consider the following general tasks: 1. Configure Java SE security. See Section 10.1.1, Java SE Security . 2. Configure a security provider for authorization and authentication. See: ■ Section 10.1.2, Security Providers ■ Section 10.1.3, Users, Groups, and Roles 3. Configure password strength. See Section 10.4, Configuring Password Strength . 4. Configure SSL and FIPS. See: ■ Section 10.1.4, SSL ■ Section 10.1.5, FIPS