Use this page to define the elements of an encrypted part of a
message. Encrypted parts are used to protect message confidentiality, and
in this case, the encrypted parts are being defined as part of the policy
set process. A message part is a named set of one or more message elements.
To view this administrative console page, complete the following actions:
- Click > policy_set_name.
- Click the WS-Security policy in the Policies table.
- Click the Main policy link or the Bootstrap
policy link.
- Click the Request message part protection link
or the Response message part protection link in the
Message Part Protection section.
- In the Confidentiality protection section, you can perform any of the
following:
- Click Add to add a new encrypted part.
- Select an existing encrypted part, and click Edit.
Depending on your assigned security role
when security is enabled, you might not have access to text entry
fields or buttons to create or edit configuration data. Review the
administrative roles documentation to learn more about the valid roles
for the application server.
Specifies a list of the message elements that are included in the
encrypted part. The Elements in part field contains
a listing of message elements that are included in this encrypted part to
provide message confidentiality.
Click Add to add an element to the encrypted part of the message.
To remove a message element from an encrypted part of a message, first click
the selection box next to the element to be removed, then click Remove.
The value of the Qname namespace, or the Xpath expression, is required and
can be edited at any time, while adding a new element or after the element
is added.
- Body
- Specifies the body of the message part.
- Qname for SOAP header elements only
- Specifies the Qname type for a namespace value for the SOAP header element
that you want to encrypt. To encrypt a SOAP header element, select Qname and
provide the namespace and optionally the localname of the SOAP
header element in the Value field. When specifying
the Qname, if using the optional localname, a comma must be inserted between
the namespace and the localname, for example <namespace>,<localname>.
If the localname is omitted, all SOAP header elements with the specified namespace are
encrypted. To use the Qname selection method, the SOAP header elements
must be the immediate children of the SOAP header. Any Qname row in the table
that has no corresponding value is removed when you click OK or Apply.
Restriction: You cannot select header elements that are sub-elements
of other elements in the SOAP header using Qname. In this case, you must use
an Xpath expression to select these header elements.
- Xpath expression
- Specifies if the displayed Xpath expression is used as the method for
specifying that a specific element is included in this part. Select XPath from
the Add menu list, and provide an expression in the
new XPath entry that is displayed in the table. Any Xpath expression row on
the table that has no corresponding value is removed when you
click OK or Apply.