Here is a small tip on security while using Oracle BPEL Process Manager.
Many a times you have to supply password information and other sensitive information in your BPEL PM project files (*.bpel, *.xml, *.wsdl). How do you ensure that these are not visible as clear text to others who do not have access to source codes? Here is a quick tip on using the XML tag <encryption="encrypt">.
Where can this be used?
- to obfuscate password info while accessing a partnerlink that refers to a WebService secured by Basic Authentication ... login/password.
Example:
Suppose you have a partnerlink definition defined with LOGIN PASSWORD info as shown below. You want to obfuscate the password i.e. You do not want to see clear text "cco-pass"
(sample)
<partnerLinkBinding name="PartnerProfileService">
<property name="wsdlLocation">PartnerProfileWSRef.wsdl</property>
<property name="basicUsername">cco-userid</property>
<property name="basicPassword">cco-pass</property>
<propertyname="basicHeaders">credentials</property>
</partnerLinkBinding>
Add the property encryption="encrypt" for sensitive fields, this will cause the value to be encrypted at deployment. So the new XML will look like
(sample)
<partnerLinkBinding name="PartnerProfileService">
<property name="wsdlLocation">PartnerProfileWSRef.wsdl</property>
<property name="basicUsername">cco-userid</property>
<property name="basicPassword" encryption="encrypt">cco-pass</property>
<property name="basicHeaders">credentials</property>
</partnerLinkBinding>
Then deploy your process and the password will be encrypted.
Have fun encrypting things !!
1 comment:
Really helped me a lot.
Post a Comment