OWSM Policy In SOA Suite Failing To Decrypt
(Doc ID 2353310.1)
Last updated on OCTOBER 21, 2021
Applies to:Oracle SOA Suite - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
OWSM Policy in SOA Suite Failing to Decrypt
The CreateSalesOrderMozartAdapter SOA composite has a BPEL Process CreateSalesOrder which calls an external webservice UNFGetPaymentInfosService (HYBRIS provided webservice) with the orderId as input message and gets the Creditcard information as output. Hybris (client) provides this Creditcard number as an encrypted text- our client is able to encrypt the CC number using SOA public key that is provided from the jceks keystore that was configured in SOA.
The CreateSalesOrder BPEL process invokes another external service IntegratedOrderEntryServiceService at a later stage which only accepts the Creditcard number in plain text format. So the encrypted Creditcard number has to be decrypted before it is sent to IntegratedOrderEntryServiceService. But the Creditcard number shouldn’t be readable/visible in console ,audit trail or logs in SOA layer.
A custom OWSM policy is supposed to be attached to the CreateSalesOrderMozartAdapter and does the decryption of the creditcard number before invoking the web service.
Receiving error below:
When customer test the CC decryption, following error is seen:
oracle.fabric.common.FabricInvocationException: Unable to invoke endpoint URI "http://test_server:9081/Test/TestOrder" successfully due to: oracle.fabric.common.PolicyEnforcementException: FailedCheck : failure in security check
Caused By: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=testAESMap,keyName=testAESKeyStorePwd" "read")
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document