Tuesday, July 20, 2010

OSB leveraging WSM for partial message encryption

This sample leads on from the scenario in the previous post.




now I just want to encrypt the cardNr

I create a new service policy in em based on
oracle/wss10_message_protection_service_policy
using the "Create Like..." facility.

Uncheck - Include Entire Body



Then click - Add



I set the following -

Namespace: http://aaavalidatecred/
Element: cardNr


I create a new client policy in em based on
oracle/wss10_message_protection_client_policy
using the "Create Like..." facility.

I set the encryption policy as above

I configure my OSB proxy service to use the service policy.
I then test the proxy service -





Delete oracle/wss10_message_protection_client_policy



Only our client policy should be leveraged


Execute the test

View the result -

Incoming message



Card nr is encrypted.




and is valid!


2 comments:

  1. Hi,

    I have been trying to use this feature but with no solution.

    The problem is that when i use the standard message protection policy (that signs and encrypts the entire soap message i.e headers and body) it works.

    When i want to encrypt just a part in the body it doesnt.

    Here is my Payload



    131231
    123123



    I want to encrypt the cardNumber

    I have unchecked "Include Entire Body" under Message Encryption setting in the policy and selected just the element

    I am giving the following namespace and element values.

    Namespace:http://ea.com/card
    Name://card:cardNumber

    Still it doesn't work. Any help?

    ReplyDelete
  2. Hi all,

    I'll try and re-do this next week with the current SOA Suite/OSB version.

    ReplyDelete