Encrypt Mule Message With Anypoint JCE and XML Encrypter
MuleSoft provides various encryption strategies to encrypt your messages. Security is a very important aspect when it comes to developing integration solutions.
Join the DZone community and get the full member experience.
Join For FreeSecurity is one of the very important aspects when we are developing integration solutions — especially in the banking and finance sectors. When you want to send your data securely over the channel to third parties, it is very important that you send your data encrypted so it becomes unreadable for unauthorized entities.
MuleSoft provides various encryption strategies to encrypt your messages.
| Encryption strategy | Description |
| JCE encrypter | Encrypts stream, byte[], or string. |
| XML encrypter | Encrypts string; encrypts individual fields using xpath expressions. |
| PGP encrypter | Encrypts stream, byte[], or string; applies tighter security (relative to JCE and XML); increases processing load (relative to JCE and XML). |
In this article, you will learn about the JCE and XML encrypter.
Please make sure you have installed the enterprise security in Anypoint studio.
JCE Encrypter
Place the HTTP listener in the canvas and open the Properties console.
Click the green + and configure as follows:
Host: localhost.
Port: 8081.
Method:
POST.- Path: encrypt.
Drag and drop the encryption component in message processor region and configure it. Click on green Add button, select the Default Encrypter as JCE, and click OK.
Now, provide input expression and in this case, we will encrypt the whole payload. Select Encrypter to be JCE_ENCRYPTER and Operation to be Encrypt.
Now, under JCE Encrypter Strategy Configuration, for Operation, select the Define attributes radio button. Provide key and key password (optional). Select Algorithm and Encryption Mode.
Place the outbound file connector after encryption to save the final encrypted output.
| Field | Desscription |
| Display name | It is a unique name for your message processor. |
| Operation | Select Encrypt or Decrypt. |
| Select encrypter | JCE Encrypter. |
| Key | The key (i.e. password) to decrypt the encrypted data. It must be 16 bytes long. |
| Key password | If the key is stored in a keystore, enter the passwoard to the keystore. |
| Algorithm | Select algorithm to use to encrypt data. |
| Encryption mode | Select an encryption code for Mule to use to encrypt the data. |
Testing Application
You can use Postman to test the application. The listening URL is http://localhost:8081/encrypt.
Now, you can verify the output directory where you have stored the final encrypted file.
Code:
<?xml version="1.0" encoding="UTF-8"?>
<mule
xmlns:file="http://www.mulesoft.org/schema/mule/file"
xmlns:encryption="http://www.mulesoft.org/schema/mule/encryption"
xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/encryption http://www.mulesoft.org/schema/mule/encryption/current/mule-encryption.xsd
http://www.mulesoft.org/schema/mule/file http://www.mulesoft.org/schema/mule/file/current/mule-file.xsd">
<encryption:config name="Encryption" doc:name="Encryption"/>
<http:listener-config name="HTTP_Listener_Configuration" host="0.0.0.0" port="8081" doc:name="HTTP Listener Configuration"/>
<encryption:config name="Encryption1" doc:name="Encryption"/>
<flow name="securit-appFlow">
<http:listener config-ref="HTTP_Listener_Configuration" path="/encrypt" allowedMethods="POST" doc:name="HTTP"/>
<encryption:encrypt config-ref="Encryption1" using="JCE_ENCRYPTER" doc:name="Encryption">
<encryption:jce-encrypter key="test123" algorithm="Blowfish" encryptionMode="CBC"/>
</encryption:encrypt>
<file:outbound-endpoint path="src/test/resources/out" responseTimeout="10000" doc:name="File"/>
</flow>
</mule>XML Encrypter
In this case, you need to select XML Encrypter instead of JCE Encrypter. Under Connector Configuration, select Default Encrypter as XML. Set Encrypter to XML_ENCRYPTER.
Under XML Encrypter Strategy Configuration, for Operation, select the Define attributes radio button. Provide the key and key password (optional). Select Algorithm and Encryption Mode.
In XML Encrypter, you can encrypt a particular field data. You can provide the the XPath of the field that you need to encrypt.
| Field | Desscription |
| Display name | It is a unique name for your message processor. |
| Operation | Select encrypt or decrypt. |
| Select encrypter | XML encrypter. |
| Key | The key (i.e. password) to decrypt the encrypted data. |
| Key password | If the key is stored in a keystore, enter the password to the keystore. |
| Algorithm | Select algorithm to use to encrypt data. |
| Encryption mode | Select an encryption code for Mule to use to encrypt the data. |
<?xml version="1.0" encoding="UTF-8"?>
<mule
xmlns:mulexml="http://www.mulesoft.org/schema/mule/xml"
xmlns:file="http://www.mulesoft.org/schema/mule/file"
xmlns:encryption="http://www.mulesoft.org/schema/mule/encryption"
xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/encryption http://www.mulesoft.org/schema/mule/encryption/current/mule-encryption.xsd
http://www.mulesoft.org/schema/mule/file http://www.mulesoft.org/schema/mule/file/current/mule-file.xsd
http://www.mulesoft.org/schema/mule/xml http://www.mulesoft.org/schema/mule/xml/current/mule-xml.xsd">
<encryption:config name="Encryption" doc:name="Encryption"/>
<http:listener-config name="HTTP_Listener_Configuration" host="0.0.0.0" port="8081" doc:name="HTTP Listener Configuration"/>
<encryption:config name="Encryption1" doc:name="Encryption" defaultEncrypter="XML_ENCRYPTER"/>
<encryption:config name="Encryption2" defaultEncrypter="XML_ENCRYPTER" doc:name="Encryption"/>
<encryption:config name="Encryption3" defaultEncrypter="XML_ENCRYPTER" doc:name="Encryption"/>
<encryption:config name="Encryption4" defaultEncrypter="XML_ENCRYPTER" doc:name="Encryption"/>
<encryption:config name="Encryption5" defaultEncrypter="XML_ENCRYPTER" doc:name="Encryption"/>
<flow name="securit-appFlow">
<http:listener config-ref="HTTP_Listener_Configuration" path="/encrypt" allowedMethods="POST" doc:name="HTTP"/>
<encryption:encrypt config-ref="Encryption5" doc:name="Encryption">
<encryption:xml-encrypter key="6237632" xpath="/Emloyees/Employee/CreditCard" algorithm="AES_128"/>
</encryption:encrypt>
<file:outbound-endpoint path="src/test/resources/out" responseTimeout="10000" doc:name="File"/>
</flow>
</mule>
Now, you know how to secure your message with the JCE and XML encrypter.
Opinions expressed by DZone contributors are their own.
Comments