Hi,
we have the following scenario:
Webserver -> Web Service 1 -> Web Service 2
We want to encrypt data on the Web Server which is intended for
use by Web Service 2 (WS2) but may not be seen by WS1.
The problem we are facing is that WS1 must forward the data contained
in the SOAP Message without knowing what it is.
Our approch is to use XML Content Encryption.
Web Server has information:
creditCardNumber: 1234567
The data is encrypted and the resulting message looks like
<creditCardNumber>
<encryptedData>
<cipherData>
<cipherValue>a08709b8aoshbf93z248b</ciphervalue>
<cipherData>
</encryptedData>
</creditCardNumber>
Now WS1 receives this message and is not able to decrypt the data as it is
not intended for him.
He must send the data "as is" to WS2.
How can we achieve that?
Would it be possible to read the tag creditCardNumber and save this String including
the tags as the creditcardnumber in the transfer object so that it is saved to the
next ws-call?
Seems like a dirty approach.
We are using the WSS4J Merlin Handler to decrypt using X.509 certificates.
Any help is appreciated.
Thanks in advance.
Best regards,
Fabian Behrens
- forwarding encrypted data Fabian Behrens
- Forwarding encrypted data Alfonso Sanchez
