OWSM Policy In SOA Suite Failing To Decrypt
Last updated on JANUARY 31, 2018
Applies to:Oracle SOA Suite - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
OWSM Policy in SOA Suite Failing to Decrypt
The CreateSalesOrderMozartAdapter SOA composite has a BPEL Process CreateSalesOrder which calls an external webservice UNFGetPaymentInfosService (HYBRIS provided webservice) with the orderId as input message and gets the Creditcard information as output. Hybris (client) provides this Creditcard number as an encrypted text- our client is able to encrypt the CC number using SOA public key that is provided from the jceks keystore that was configured in SOA.
The CreateSalesOrder BPEL process invokes another external service IntegratedOrderEntryServiceService at a later stage which only accepts the Creditcard number in plain text format. So the encrypted Creditcard number has to be decrypted before it is sent to IntegratedOrderEntryServiceService. But the Creditcard number shouldn’t be readable/visible in console ,audit trail or logs in SOA layer.
A custom OWSM policy is supposed to be attached to the CreateSalesOrderMozartAdapter and does the decryption of the creditcard number before invoking the web service.
Receiving error below:
When customer test the CC decryption, following error is seen:
oracle.fabric.common.FabricInvocationException: Unable to invoke endpoint URI "http://test_server:9081/Test/TestOrder" successfully due to: oracle.fabric.common.PolicyEnforcementException: FailedCheck : failure in security check
Caused By: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=testAESMap,keyName=testAESKeyStorePwd" "read")
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms