springboot-xjar加密打包

springboot-xjar加密打包

最近项目需要部署到外网客户的服务器上,为了提高安全性需要将jar包加密,在网上找到了一个组件xjar发特此记录下。

项目结构

就是一个特别简单的springboot项目:

src/main/resources

└─resources
        application-dev.yml
        application-pre.yml
        application-test.yml
        application.yml 
        bootstrap.yml # 测试空文件
        logback.xml # 测试空文件

application.yml

server:
  port: 8080

spring:
  profiles:
    active: '@profileActive@' 
  jackson: # 配置日期格式化方式
    date-format: yyyy-MM-dd HH:mm:ss
    time-zone: GMT+8
    serialization: 
      write-dates-as-timestamps: false

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

	<modelVersion>4.0.0</modelVersion>
	<groupId>com.bart.springboot</groupId>
	<artifactId>springboot-xjar</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<packaging>jar</packaging>
	<description>springboot-xjar</description>
	<!-- 配置编译版本和编码格式 -->
	<properties>
		<maven.compiler.encoding>UTF-8</maven.compiler.encoding>
		<maven.compiler.target>1.8</maven.compiler.target>
		<maven.compiler.source>1.8</maven.compiler.source>
        <skipTests>true</skipTests>
	</properties>

	<!-- Inherit defaults from Spring Boot -->
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.1.4.RELEASE</version>
	</parent>

	<dependencies>
	
		<!-- springcloud 的 starter  -->
		<dependency>
			<groupId>org.springframework.cloud</groupId>
			<artifactId>spring-cloud-starter</artifactId>
			<version>2.0.1.RELEASE</version>
		</dependency>	
			
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>


		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-configuration-processor</artifactId>
			<optional>true</optional>
		</dependency>

		<!-- https://mvnrepository.com/artifact/com.github.core-lib/xjar -->
		<dependency>
			<groupId>com.github.core-lib</groupId>
			<artifactId>xjar</artifactId>
			<version>v2.0.6</version>
		</dependency>


	</dependencies>

	<!-- 设置 jitpack.io 仓库 -->
	<repositories>
		<repository>
			<id>jitpack.io</id>
			<url>https://jitpack.io</url>
		</repository>
	</repositories>

	<!-- 设置 jitpack.io 插件仓库 -->
	<pluginRepositories>
		<pluginRepository>
			<id>jitpack.io</id>
			<url>https://jitpack.io</url>
		</pluginRepository>
	</pluginRepositories>

	<!-- profile配置 -->
	<profiles>
		<profile>
			<id>dev</id>
			<properties>
				<profileActive>dev</profileActive>
			</properties>
			<activation>
				<activeByDefault>true</activeByDefault>
			</activation>
		</profile>
		<profile>
			<id>test</id>
			<properties>
				<profileActive>test</profileActive>
			</properties>
		</profile>
		<profile>
			<id>pre</id>
			<properties>
				<profileActive>pre</profileActive>
			</properties>
		</profile>
	</profiles>
	
	
	<build>
		<resources>
			<resource>
				<directory>src/main/resources</directory>
				<includes>
					<include>application-${profileActive}.yml</include>
					<include>application.yml</include>
					<include>logback.xml</include>
					<include>com/**</include>
					<include>delivery/**</include>
				</includes>
				<filtering>true</filtering>
			</resource>
		</resources>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
				<!-- <version>2.1.4.RELEASE</version> -->
				<executions>
					<execution>
						<goals>
							<goal>repackage</goal>
						</goals>
					</execution>
				</executions>
			</plugin>
			<plugin>
				<groupId>com.github.core-lib</groupId>
				<artifactId>xjar-maven-plugin</artifactId>
				<version>v2.0.6</version>
				<executions>
					<execution>
						<id>xjar</id>
						<goals>
							<goal>build</goal>
						</goals>
						<phase>package</phase>
						<configuration>
							<password>${xjar.password}</password>
							<includes>
								<include>com/**</include>
							</includes>
						</configuration>
					</execution>
				</executions>
			</plugin>
		</plugins>
	</build>
	
</project>

springboot项目启动类

import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@SpringBootApplication
@RestController
public class Application {
	
	public static void main(String[] args) {
		SpringApplication.run(Application.class, args);
	}
	
	@Value("${server.port}")
	Integer port;
	
	@Value("${spring.profiles.active}")
	String active ;
	
	@GetMapping("/")
	public String hello() {
		return "hello springboot! port = "+ port +", active = "+ active;
	}
	
	
}

打包测试

mvn clean package -Dmaven.test.skip=true -Pdev -U -pl ./ -am -e -Dxjar.password=123456 -Dxjar.targetDir=./target
# 命令解释
-P: 触发dev环境的profile
-U: 强制更新
-pl: 打包聚合工程的时候用到
clean deploy -Dmaven.test.skip=true -pl project-a (只构建其中一个)
clean deploy -Dmaven.test.skip=true -pl project-a,project-b,project-c (只构建其中三个个)

-am: 打当前项目的及依赖的包
-e: 打印详情

打包成功后在target目录生成后缀为.xjar文件就是加密后的jar包:

例如:springboot-xjar-0.0.1-SNAPSHOT.xjar启动该jar包方式和正常jar包一样只不过需要输入密码。

C:\Users\springboot-xjar\target>java -jar springboot-xjar-0.0.1-SNAPSHOT.xjar
password:****** # 这里手动输入密码就是 -Dxjar.password 的值

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v2.1.4.RELEASE)

2022-03-25 23:29:52.001 [main] INFO  com.spboot.Application - The following profiles are active: dev
2022-03-25 23:29:53.919 [main] INFO  org.apache.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8081"]
2022-03-25 23:29:53.943 [main] INFO  org.apache.catalina.core.StandardService - Starting service [Tomcat]
2022-03-25 23:29:53.944 [main] INFO  org.apache.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.17]
2022-03-25 23:29:54.087 [main] INFO  o.a.c.core.ContainerBase.[Tomcat].[localhost].[/] - Initializing Spring embedded WebApplicationContext
2022-03-25 23:29:56.464 [main] INFO  org.apache.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8081"]
2022-03-25 23:29:56.773 [main] INFO  com.spboot.Application - Started Application in 16.799 seconds (JVM running for 21.149)

结束语

但是该组件严格意义上来说也不算绝对安全,网上已经有破解的方法,但是作为一般的加密也够用了。

参考博客1

参考博客2

破解xjar

posted @ 2022-03-25 23:34  bartggg  阅读(1202)  评论(0编辑  收藏  举报