Data masking with WSO2 ESB and XSLT

When we do ESB transformation sometime we need to hide or mask some data. as an example just asume we are getting account number and password as a response from backend, then we may need to mask (replace) those with some other char like “*”

you can take two approches to do this with wso2 ESB. you can use xslt mediator and also you can use script or class mediator. do make this example more usable I am going to explain how we can parameterize the keys to be masked. in other word when we change keys need to be masked in registry, values belongs to those keys will be automatically masked without code modification. this is kind of dynamic data masking.

this example i am going to mask “mobile” and “ssn” fields from the payload. I am going to use 2 xslt files as “include” tag of xslt is only support to inject other xslt file. so I am going to wrap parameter xml file with xslt

this is the main xslt. create this xslt in ESB registry. in this example named as masker.xslt

this is the xslt file to hold keys. create this also in same location of the registry. in this example named as maskingKeys.xslt

create bellow sequence to refer those xslt files and inject those in to xslt mediator. if you changed the name or path of either one of above xslt registry resources make sure update below sequence also according to your changes. also keep in mind href value of main xslt and location of this sequence should be same

create an api to invoke your sequence. again make sure about the name you given when creating sequence.

now almost done. use whatever rest client you prefer and invoke the API which you created above. in this example you can use below payload

you can see configured keys are masked as below.

Share this on your world...Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Leave a Reply