springboot-xjar加密打包
springboot-xjar加密打包
最近项目需要部署到外网客户的服务器上,为了提高安全性需要将jar包加密,在网上找到了一个组件xjar发特此记录下。
项目结构
就是一个特别简单的springboot项目:
src/main/resources
└─resources
application-dev.yml
application-pre.yml
application-test.yml
application.yml
bootstrap.yml # 测试空文件
logback.xml # 测试空文件
application.yml
server:
port: 8080
spring:
profiles:
active: '@profileActive@'
jackson: # 配置日期格式化方式
date-format: yyyy-MM-dd HH:mm:ss
time-zone: GMT+8
serialization:
write-dates-as-timestamps: false
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.bart.springboot</groupId>
<artifactId>springboot-xjar</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<description>springboot-xjar</description>
<!-- 配置编译版本和编码格式 -->
<properties>
<maven.compiler.encoding>UTF-8</maven.compiler.encoding>
<maven.compiler.target>1.8</maven.compiler.target>
<maven.compiler.source>1.8</maven.compiler.source>
<skipTests>true</skipTests>
</properties>
<!-- Inherit defaults from Spring Boot -->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.4.RELEASE</version>
</parent>
<dependencies>
<!-- springcloud 的 starter -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter</artifactId>
<version>2.0.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<!-- https://mvnrepository.com/artifact/com.github.core-lib/xjar -->
<dependency>
<groupId>com.github.core-lib</groupId>
<artifactId>xjar</artifactId>
<version>v2.0.6</version>
</dependency>
</dependencies>
<!-- 设置 jitpack.io 仓库 -->
<repositories>
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
</repositories>
<!-- 设置 jitpack.io 插件仓库 -->
<pluginRepositories>
<pluginRepository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</pluginRepository>
</pluginRepositories>
<!-- profile配置 -->
<profiles>
<profile>
<id>dev</id>
<properties>
<profileActive>dev</profileActive>
</properties>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
</profile>
<profile>
<id>test</id>
<properties>
<profileActive>test</profileActive>
</properties>
</profile>
<profile>
<id>pre</id>
<properties>
<profileActive>pre</profileActive>
</properties>
</profile>
</profiles>
<build>
<resources>
<resource>
<directory>src/main/resources</directory>
<includes>
<include>application-${profileActive}.yml</include>
<include>application.yml</include>
<include>logback.xml</include>
<include>com/**</include>
<include>delivery/**</include>
</includes>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<!-- <version>2.1.4.RELEASE</version> -->
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.github.core-lib</groupId>
<artifactId>xjar-maven-plugin</artifactId>
<version>v2.0.6</version>
<executions>
<execution>
<id>xjar</id>
<goals>
<goal>build</goal>
</goals>
<phase>package</phase>
<configuration>
<password>${xjar.password}</password>
<includes>
<include>com/**</include>
</includes>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
springboot项目启动类
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@SpringBootApplication
@RestController
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@Value("${server.port}")
Integer port;
@Value("${spring.profiles.active}")
String active ;
@GetMapping("/")
public String hello() {
return "hello springboot! port = "+ port +", active = "+ active;
}
}
打包测试
mvn clean package -Dmaven.test.skip=true -Pdev -U -pl ./ -am -e -Dxjar.password=123456 -Dxjar.targetDir=./target
# 命令解释
-P: 触发dev环境的profile
-U: 强制更新
-pl: 打包聚合工程的时候用到
clean deploy -Dmaven.test.skip=true -pl project-a (只构建其中一个)
clean deploy -Dmaven.test.skip=true -pl project-a,project-b,project-c (只构建其中三个个)
-am: 打当前项目的及依赖的包
-e: 打印详情
打包成功后在target目录生成后缀为.xjar文件就是加密后的jar包:
例如:springboot-xjar-0.0.1-SNAPSHOT.xjar启动该jar包方式和正常jar包一样只不过需要输入密码。
C:\Users\springboot-xjar\target>java -jar springboot-xjar-0.0.1-SNAPSHOT.xjar
password:****** # 这里手动输入密码就是 -Dxjar.password 的值
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.1.4.RELEASE)
2022-03-25 23:29:52.001 [main] INFO com.spboot.Application - The following profiles are active: dev
2022-03-25 23:29:53.919 [main] INFO org.apache.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8081"]
2022-03-25 23:29:53.943 [main] INFO org.apache.catalina.core.StandardService - Starting service [Tomcat]
2022-03-25 23:29:53.944 [main] INFO org.apache.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.17]
2022-03-25 23:29:54.087 [main] INFO o.a.c.core.ContainerBase.[Tomcat].[localhost].[/] - Initializing Spring embedded WebApplicationContext
2022-03-25 23:29:56.464 [main] INFO org.apache.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8081"]
2022-03-25 23:29:56.773 [main] INFO com.spboot.Application - Started Application in 16.799 seconds (JVM running for 21.149)
结束语
但是该组件严格意义上来说也不算绝对安全,网上已经有破解的方法,但是作为一般的加密也够用了。
