Configuring Security for Oracle CEP 10-7 ■ policy.xml—Defines the security policies of all the bundles that make up Oracle CEP. The first bundle set defines the policies for server-related bundles; the second bundle set defines the policies for application bundles. ■ security.policy—Defines the security policies for server startup and Web applications deployed to the Jetty HTTP server. This file also defines policies for the Oracle CEP Visualizer Web application. Samples of the preceding files are shipped with the product and can be found in ORACLE_CEP_HOME ocep_11.1utilssecurity, where ORACLE_CEP_HOME refers to the directory in which you installed Oracle CEP, such as oracle_home. You can enable all Java SE security features with Oracle CEP. For more information, see Section 10.1.1, Java SE Security . To configure Java SE security on the Oracle CEP server: 1. Stop the Oracle CEP server, if it is currently running. See Section 1.5.4, Starting and Stopping Oracle CEP Servers . 2. Copy policy.xml and security.policy: ■ From: ORACLE_CEP_HOMEocep_11.1utilssecurity ■ To: DOMAIN_DIRservernameconfig Where ORACLE_CEP_HOME refers to the directory in which you installed Oracle CEP such as oracle_home, DOMAIN_DIR refers to the main Oracle CEP installation directory, servername refers to the name of your server such as oracle_cepuser_projectsdomainsmydomainmyserverconfig. 3. Edit the two security policy files to suit your needs. 4. Update the server startup script for your platform located in the DOMAIN_ DIR servername directory, startwlevs.cmd Windows or startwlevs.sh UNIX, by adding the following three properties to the java command that actually starts the server: -Djava.security.manager -Djava.security.policy=.configsecurity.policy -Dcom.bea.core.security.policy=.configpolicy.xml For example in practice, the full command should be on one line: JAVA_HOME\bin\java DGC DEBUG -Djava.security.manager -Djava.security.policy=.configsecurity.policy -Dcom.bea.core.security.policy=.configpolicy.xml -Dwlevs.home=USER_INSTALL_DIR -Dbea.hoe=BEA_HOME -jar USER_INSTALL_DIR\bin\wlevs.jar 1 2 3 4 5 6 5. Update the DOMAIN_DIRservernameconfigconfig.xml file of your Oracle CEP server and edit the Jetty configuration by adding a scratch-directory child element of the jetty element to specify the directory to which Jetty Web applications are deployed. For example: jetty nameJettyServername network-io-nameNetIOnetwork-io-name work-manager-nameJettyWorkManagerwork-manager-name secure-network-io-namesslNetIosecure-network-io-name scratch-directory.JettyWorkscratch-directory jetty 10-8 Oracle Complex Event Processing Administrators Guide 6. Restart the Oracle CEP server for the changes to take effect. See Section 1.5.4, Starting and Stopping Oracle CEP Servers .

10.3 Configuring a Security Provider

A security provider performs authentication, authorization, or both. Oracle CEP server supports file-based, LDAP, and DBMS security providers. The file-based security provider is the default security provider that the Configuration Wizard configures. If you want to use the file-based security provider, no further configuration is required. The LDAP security provider supports authentication only. The DBMS security provider supports both authentication and authorization. This section describes: ■ Section 10.3.1, Configuring Authentication Using the LDAP Provider and Authorization Using the DBMS Provider ■ Section 10.3.2, Configuring Both Authentication and Authorization Using the DBMS Provider For more information, see Section 10.1.2, Security Providers .

10.3.1 Configuring Authentication Using the LDAP Provider and Authorization Using the DBMS Provider

The following procedure describes how to configure the LDAP security provider for authentication and the DBMS provider for authorization. To configure authentication using the LDAP provider and Authorization using the DBMS provider: 1. Open a command window and set your environment as described in Setting Your Development Environment in the Oracle Complex Event Processing Getting Started. 2. Add the ORACLE_CEP_HOME\ocep_11.1\bin directory to your PATH environment variable, where ORACLE_CEP_HOME is the main Oracle CEP installation directory, such as d:\oracle_cep: prompt set PATH=d:\oracle_cep\ocep_11.1\bin;PATH Windows prompt PATH=oracle_cepocep_11.1bin:PATH UNIX 3. Change to the DOMAIN_DIRservernameconfig directory, where DOMAIN_ DIR refers to the main directory of your domain, such as d:\oracle_cep\user_ projects\domains\mydomain, and servername refers to the name of your server: prompt cd d:\oracle_cep\user_projects\domains\mydomain\defaultserver\config 4. Using your favorite text editor, create a file called myLDAPandDBMS.properties and copy into it the entire contents of Example 10–1 . Caution: When using LDAP for authentication, you can not add or delete users and groups using Oracle CEP Visualizer, you can only change the password of a user.