There was no native support for data encryption in SOA 11g however this new feature is now added in to SOA 12c. One can encrypt the data at source system and then decrypt it at target system so that the end user can only see the actual data and the administrator while looking in to the flow of BPEL can not see the actual payload.
This is important in certain cases when you are doing some monitary transaction and you don't want to show your personal identification information or other sensitive data. For these kind of cases we need a encryption mechanism so that the pII information can be encrypted and not be retrieved by admin people.
Lets see an example of encyrption decryption mechanism in SOA 12c.
We have a process that accepts an input and writes that data into a file system.
We will try to encrypt the data at entry point and while writing the data we will try to decrypt it so that admin when looks in to the flow can find only the encrypted data.
The overall flow of this exercise will look something like this,
We have a WS input in exposed service, we have a file adapter for writing data in to output file and then we have a BPEL process to do the transformation of data in between
Since in our test case we have a single data that is getting passed we will try to encrypt the same.
Right click on the exposed web service and select Encrypt sensitive data
Select the default screen thus coming up and click on the edit button to select the input parameter required for encryption.
Configure for input -->Click on the plus icon and select the input parameter
Similarly do it for output also and select the default CSF key
Now you have compelted the encryption at source side so lets do the decryption at the target side. Right click on the target service and select decrypt sensitive data as shown.
At this point of time you can also notice a lock icon in the source system indicating some policy constraint are implied at the source system
do the same steps at target service also and decrypt the data for the file adapter.
So now your process should look like this after adding encryption
Now the next step is to create a CSF key which we can use for this encryption and decryption purpose. This can be achieved using the WLST command.
go to the following location in your local installation
C:\Oracle\Middleware\Oracle_Home\wlserver\common\bin
and pass wslt command , this will invoke the offline wslt wizard.connect the the weblogic server using the following command
connect("weblogic","welcome1","t3://localhost:7101")
Here weblogic is the user and welcome1 is the password
Now in the command prompt pass the following command to create the pii key
createCred(map="oracle.wsm.security",key="pii-csf-key",user="weblogic",password="welcome1",desc="pii_security_policy")
t.com/-kkqDMrQLzT4/U8YtlEAKn1I/AAAAAAAAK9c/7uy4OWRscZg/s1600/Capture.JPG" imageanchor="1" >
Go ahead and deploy your project.
And now test your project
You can see you are passing input as a string variable
go to the flow of the bpel process and you can see that the payload what we have passed is encrypted
Again to validate the decryption at the target system you can check the file generated whether it is decrypted back to original payload
Now just in case if you wanted to check where is your key created in the weblogic server you can navigate in the following path
Weblogic domain-->Security-->Credentials
Here you can find the Pii key that you have created in the Credential Store provider
In case your key is not created successfully you will get the below error while testing your interface
The selected operation process could not be invoked.
An exception occurred while invoking the webservice operation. Please see logs for more details.
oracle.sysman.emInternalSDK.webservices.util.SoapTestException: Client received SOAP Fault from server : InvalidSecurity : error in processing the WS-Security security header
6 comments:
i am able to invoke but data present in calle service be in encrypted format
I am not sure where ʏou're gеtting your info, but great topic.
I needѕ to spеnd sߋme time ⅼearning mᥙch
mⲟre or understanding more. Thanks for great
information I was looking fоr this info f᧐r my mіssion.
visit site : How To Learn To Lock Fileѕ In 1 Hour
Goߋd day! Thіs pοst could not be written any better!
Reading tһrough this post reminds me of my previous
room mate! He always kept chatting about this. I wiⅼl forward
this page to him. Fairly certain he will have a good
read. Many thanks for sharing!
official weЬsite : Tһe Ultimate Gսide To Encryption Software & Nine Tօols You Must
Hɑve To How To Encrypt A Password For Free
you are truly a good webmaster. The website loading velocity is incredible.
It kind of feels that you are doing any distinctive trick.
Moreover, The contents are masterpiece. you've performed a wonderful task on this subject!
Hi my friend! I want to say that this article is awesome, great written and include approximately all important infos.
I would like to see more posts like this .
I have been exploring for a bit for any high-quality articles or weblog posts in this sort of space .
Exploring in Yahoo I at last stumbled upon this site.
Studying this information So i'm satisfied to convey that I've a very good uncanny feeling I found out
exactly what I needed. I such a lot certainly will make sure to don?t overlook this web
site and give it a look regularly.
Post a Comment