Tuesday, July 20, 2010

OSB leveraging WSM for partial message encryption

This sample leads on from the scenario in the previous post.

now I just want to encrypt the cardNr

I create a new service policy in em based on
using the "Create Like..." facility.

Uncheck - Include Entire Body

Then click - Add

I set the following -

Namespace: http://aaavalidatecred/
Element: cardNr

I create a new client policy in em based on
using the "Create Like..." facility.

I set the encryption policy as above

I configure my OSB proxy service to use the service policy.
I then test the proxy service -

Delete oracle/wss10_message_protection_client_policy

Only our client policy should be leveraged

Execute the test

View the result -

Incoming message

Card nr is encrypted.

and is valid!


Arun Pareek said...


I have been trying to use this feature but with no solution.

The problem is that when i use the standard message protection policy (that signs and encrypts the entire soap message i.e headers and body) it works.

When i want to encrypt just a part in the body it doesnt.

Here is my Payload


I want to encrypt the cardNumber

I have unchecked "Include Entire Body" under Message Encryption setting in the policy and selected just the element

I am giving the following namespace and element values.


Still it doesn't work. Any help?

Niall Commiskey said...

Hi all,

I'll try and re-do this next week with the current SOA Suite/OSB version.