I had chance to work on OWSM agents and different type of encryption. Here I would like to present the solution for OWSM field level encryption. I already had encryption/decryptioin example working for full payload, so here I will just provide tricks on how to configure OWSM for field level encryption.
It is basically doing XPATH encryptiong, as described in http://download.oracle.com/docs/cd/E10291_01/doc.1013/e10299/policy_steps.htm#sthref612.
I created a BPEL process called DemoOWSMFieldLevelEncryption which pretty much returns the input string. Here is how it looks like:
I have input payload with SSN number in it, which I am interested in encrypting:
Just for testing purpose I registered that service in OWSM gateway, and start creating policies for the service as shown below:
If we look at the XML encrypt in more detail :
Here I am using existing utility to create JKS files. Interesting thing to note down is:
Encrypted Content: XPATH
Encrypt XPATH: /soap:Envelope/soap:Body/ns1:DemoFieldLevelEncryptionProcessRequest/ns1:SSN
Encrypt namespaces: soap=http://schemas.xmlsoap.org/soap/envelope/,ns1=http://xmlns.oracle.com/DemoFieldLevelEncryption
As you can see, I am using soap and ns1 namespaces in my XPATH, so I have to define them in namespaces section as comma seperated values.
If we look into XML decrypt, it remains pretty much the same. XML encrypt of body/header/envelope or xpath doesn't change XML decrption part.
I created LOG before and after each policy step as part of best practices.
Now time for testing. I used OWSM test page to test my registered service and used Execution Logs to check if messages are getting encrypted and then decrypted back to the original content. Here is what I saw:
First log (SSN is encrypted)
Second Log: SSN is decrypted back to the original value
It seems like it is encrypting and decrypting field level variables. Source code can be downloaded at here.