Using allatori to obfuscate and encrypt the spring boot project code under maven

preparation in advance springboot project Download the jar package of allatori. The specific address is http://www.alla...

preparation in advance

  1. springboot project
  2. Download the jar package of allatori. The specific address is http://www.allatori.com/downloads/Allatori-7.2-Demo.zip , this is the official sample package. We only need to use the lib.

Add pom dependency

The details are as follows:

<build> <plugins> <!\-\- Allatori plugin start --> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> <version>2.6</version> <executions> <execution> <id>copy-and-filter-allatori-config</id> <phase>package</phase> <goals> <goal>copy-resources</goal> </goals> <configuration> <outputDirectory>$/target</outputDirectory> <resources> <resource> <directory>$/allatori</directory> <includes> <include>allatori.xml</include> </includes> <filtering>true</filtering> </resource> </resources> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>exec-maven-plugin</artifactId> <version>1.2.1</version> <executions> <execution> <id>run-allatori</id> <phase>package</phase> <goals> <goal>exec</goal> </goals> </execution> </executions> <configuration> <executable>java</executable> <arguments> <argument>-Xms128m</argument> <argument>-Xmx512m</argument> <argument>-jar</argument> <argument>$/lib/allatori.jar</argument> <argument>$/target/allatori.xml</argument> </arguments> </configuration> </plugin> <!\-\- Allatori plugin end --> </plugins> </build>

Create write obfuscation rule file

Create an allatori.xml file in the resources directory of the project. The specific name can be modified by yourself, which is consistent with the pom configuration. The details are as follows:

<!--allatori configuration file--> <config> <!\-\- Input and output jar To configure, out Point to encrypted jar --> <input> <jar in="xx-api-service-0.0.1-SNAPSHOT.jar" out="obf-xx-api-service-0.0.1-SNAPSHOT.jar"/> </input> <!\-\- Watermarking --> <watermark key="secure-key-to-extract-watermark" value="developer: xxx"/> <!\-\- You need to keep the configuration of the original class name --> <keep-names> <class access="protected+"> <field access="protected+"/> <method access="protected+"/> </class> <class template="class com.xxx.xxx.*"/> </keep-names> <property name="log-file" value="log.xml"/> <ignore-classes> <class template="class \*springframework\*"/> <class template="class \*shardingjdbc\*"/> <class template="class \*jni\*"/> <class template="class \*alibaba\*"/> <class template="class \*persistence\*"/> <class template="class \*apache\*"/> <class template="class \*mybatis\*"/> <!\-\- Classes under the exclusion package can be individually specific,Note that it must be excluded here springboot Project startup class --> <class template="class com.apache.*"/> <class template="class org.apache.http.entity.StringEntity"/> <class template="class org.apache.cxf.*"/> </ignore-classes> </config>

Start confusing encryption

  1. Execute mvn clean to clear the jar files generated by the original compilation;
  2. Execute mvn compile, this step is very important, otherwise target directory will not be generated;
  3. Copy the allatori.xml configuration file under src/resources to the target directory;
  4. Execute the mvn package and a confused jar will be generated.

Well, that's it.

Matters needing attention

  1. Don't confuse classes like VO and do;
  2. The input parameter in the controller needs the @ RequestParam annotation to specify the parameter name, otherwise it will change after confusion

19 February 2020, 10:06 | Views: 4652

Add new comment

For adding a comment, please log in
or create account

0 comments