Oracle SOA Suite is used for reliable transfer of information, it stores whole the message in SOA_INFRA schema. We can see incoming and outgoing messages in audit trail from EM console. That means user which has access to EM console can see all the messages coming and going through middleware, sometimes some of the information which is flowing through Oracle SOA Suite is very critical and SOA Suite user should not have access to see that critical piece of information. In this post we will discuss how to fulfill this requirement using Oracle SOA Suite.
In previous version of Oracle SOA Suite (11g) there were no out of box provision to encrypt and decrypt sensitive data so that user can’t see the data which is flowing through fusion but in current version of Oracle SOA Suite which is 12c, Oracle provided out of box functionality to encrypt specific fields in the message which is flowing through middleware. Below is sample encrypted message field.
In Oracle SOA 12c, encryption policy is used to encrypt and decrypt the message, message encryption happens at component binding that means message get encrypted before it come to component (BPEL or Mediator) and we see only encrypted message in audit trail. Message decryption happens at reference binding level that means message fields get decrypted before it is sent to target service/system. Read the complete article here.
For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.