Security details for the ServletHeaderDecorator setting introscope.agent.decorator.security

Document ID : KB000018500
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

By enabling the ServletHeaderDecorator, APM adds the x-wily-info HTTP header. In the introscopeAgent.profile, the security settings can be set to either clear or encrypted. This is explained in the header in that file:


 #######################       
 # Security 
 #
 # Determine the format of decorated HTTP response headers, which are sent to Wily CEM.
 # clear - clear text encoding
 # encrypted - header data is encrypted
 # default is clear
 #
 #######################
 	introscope.agent.decorator.security=clear

Solution:

The following are some questions and answers around the introscope.agent.decorator.security encrypted setting:

  • Q. What is the key size for AES?
  • A. A key size is a hard-coded private 16 byte array (128 bits)

  • Q. Where is the key maintained ? what protections are in place ? Is it passphrase encrypted ?
  • A. The key is available in memory. There is no passphrase for this encryption. Only the key is used.

  • Q. Where does the decryption occur? On agent server itself or in MOM where the CEM component is running?
  • A. The data is encrypted on the agent and decrypted on the TIM.

  • Q. What data is captured and transported?
  • A. x-wily-servlet information sent from agent to TIM is encrypted.

sample data:

Application Server Information


Application Server ID       :  103.191.19.94
Virtual Machine ID          :  WebLogic Agent
Request Handler ID          :  FileServlet
Request Handler Time        :  0.000s
Application Server Hostname :  hostname
Application Server Type     :  WebLogic

sample encrypted data:

ResponseHeader        x-wily-servlet:  Encrypt1
eKjr2dtguqhf01QzjJGZflxe8YCPFNAn7tVthp115XX2GvMMl2z5tbNTuLfRLEUvI8NXjlFAiU1//k3FVKPbCa8o+VVS80cOg5hP0qa
//W9DabaGsiADBp04xYnYWwjaPNljNHO1icx/3wXkjzOt8LFteIsZszyKgporqhbNwcV/J0fxhc8QlZtHcv3/8gQe

The above information is visible in defect details page.

http://hostname:port/wily/cem/tess/app/biz/defectDetail.html?pId=xxx

Where xxx is the defect ID