12c SOA - encryption and decryption of sensitive data

Oracle SOA Suite is used for reliable transfer of information; it stores whole the message in SOA_INFRA schema. We can see incoming and outgoing messages in audit trail from EM console. That means user which has access to EM console can see all the messages coming and going through middleware, sometimes some of the information which is flowing through Oracle SOA Suite is very critical and SOA Suite user should not have access to see that critical piece of information. In this post we will discuss how to fulfill this requirement using Oracle SOA Suite.

In previous version of Oracle SOA Suite (11g) there were no out of box provision to encrypt and decrypt sensitive data so user can see the data which is flowing through fusion but in current version of Oracle SOA Suite which is 12c, Oracle provided out of box functionality to encrypt specific fields in the message which is flowing through middleware. Below is sample encrypted message field.

In Oracle SOA 12c, encryption policy is used to encrypt and decrypt the message, message encryption happens at component binding that means message get encrypted before it come to component (BPEL or Mediator) and we see only encrypted message in audit trail. Message decryption happens at reference binding level that means message fields get decrypted before it is sent to target service/system.

 Schema created for encrypt composite:

<?xml version="1.0" encoding="windows-1252" ?>

<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.orderm.org"

            targetNamespace="http://www.orderm.org" elementFormDefault="qualified">

  <xsd:element name="Orderm">

    <xsd:complexType>

      <xsd:sequence>

        <xsd:element name="Name" type="xsd:string"/>

        <xsd:element name="Quantity" type="xsd:string"/>

      </xsd:sequence>

    </xsd:complexType>

  </xsd:element>

</xsd:schema>

Create a BPEL and encrypt as following:

 Decrypt in target side as following:

Deploy and test:

Encrypted

 Decrypted in target service:

Note: 

1. The source and target schema naming convention should be different to have a unique xpath while encrypting and decrypting the source or target.
2. Make sure pii-csf-key should exist, if it does not exist then you will not be able to encrypt the message and see error message. Click here to see how to create csf-key.

Cron Job and Shell script - remove and move old files from UNIX or AIX box automatically

Sometimes Integrations need to store files in UNIX/AIX box. These archive files is storing each day and consuming the UNIX space and we need to manually delete the files to recover the space. Following the steps we can automatically delete the files after certain specified interval.

What is CRON:
The software utility cron is a time-based job scheduler in Unix-like computer operating systems. Users that set up and maintain software environments use cron to schedule jobs to run periodically at fixed times, dates, or intervals.

Implementation steps:

Step1: Create .sh files which will store all the remove and move commands
Move files older than 1 day:
find /soashare/archieve -mtime +1 -type f -exec mv "{}" /soashare/old_archive/ \;
echo "Moved Old Files From hrms archieve to Old_archive: $(date)" >> /soashare/script/logs/Schudule_logs.txt
Remove files older that 2 days:
find /soashare/old_archive -mtime +2 -exec rm {} \;
echo "Removed Old Files From Old_archive: $(date)" >> /soashare/script/logs/Schudule_logs.txt
Note: don't delete .sh files from /soashare/script folder.

Step2: Jobs stored in cron.txt file
 5 0 * * * /soashare/script/MoveOldFileshrms.sh >> /soashare/script/logs/Schudule_logs.txt
 5 0 * * * /soashare/script/RemoveOldFilesOld_archive.sh >> /soashare/script/logs/Schudule_logs.txt

Field Allowed values
—– ————–
minute 0-59
hour 0-23
day of month 0-31
month 0-12 (or names, see below)
day of week 0-7 (0 or 7 is Sun, or use names)

# run five minutes after midnight, every day
5 0 * * *       $HOME/bin/daily.job >> $HOME/tmp/out 2>&1
# run at 2:15pm on the first of every month
15 14 1 * *     $HOME/bin/monthly
# run at 10 pm on weekdays, annoy Joe
0 22 * * 1-5 mail -s "It's 10pm" joe%Joe,%%Where are your kids?%
23 0-23/2 * * * echo "run 23 minutes after midn, 2am, 4am ..., everyday"
5 4 * * sun     echo "run at 5 after 4 every sunday"

Step3: Command to add to crontab.
crontab cron.txt
or
crontab -e

You can now see the logs that the files are being moved and removed /soashare/script/logs/Schudule_logs.txt

12c OSB - poll file using JCA file adapter

Here i will show how to poll files using JCA file adapter.

Create file OSB project.

Click OK and give file name.

Right click on proxy services swim lane and select file adapter.

Click next.

Select read operation.

Create incoming file path and archive path in your local desktop and provide incoming path and archive path.

Give file name pattern.

Give pooling frequency.

click native schema.

Click next.

Click next.

Browse file and click next.

Click next.

Click next.

Click next.

Click test button and test the code.

Now code xml format output.

Click next.

Now file adapter created.

Right click pipeline and select pipeline.

Click next.

Select wsdl.

Import wsdl.

After importing wsdl like below screen shot and uncheck expose as a proxy service.

After clicking finish and wiring both components.

Double click pipeline and drag and drop pipeline pair.

Add one log activity under stage activity.

Inside log give info like body and deploy the service.

Copy the file in incoming file location and check the console logs.

File data printed in log.

12c OSB - poll file from local directory using file transport

Here We will poll the file from local read directory using file transport.

Create OSB project and also create three folders in your local Directory (1. Read 2. Stage 3. Error).

 Select service bus project.

 Provide project name and click finish.

Right click on Proxy Services swim lane and select file transport.

 Click next and select messaging.

Select request text and response None, because file transport one way service.

Provide endpoint path.

 Service created.

 To resolve above proxy error, Double click proxy service and go to the transport details.

Give stage and error path here

 Save the project, now error is resolved after providing the stage and error path.

Copy the file in read path and test, after testing file will automatically poll.