The spring boot project is packaged into a jar package, and the encrypted deployment service allows the server to start automatically

Keywords: Java Spring jar

         The last article talked about the use of remote tools to remotely deploy the service, which allows it to run in the background without hanging up. This can basically meet the needs of normal projects, but we can continue to optimize the operation on this basis and do better.

        The optimized solution is to encrypt the jar package + convert the service into a server system level service, and set it to allow startup and self startup.

        Each company has its own set of framework and algorithm, and each project is modified and optimized on this basis, as well as customized development according to customer needs.

         When we normally use idea to package the spring boot project, we will convert the editable. Java project into a jar package of non editable. class files. Although it is not editable, the jar package is actually visual. You can get the compiled code by copying and pasting, You can also decompile through some decompilation tools on the market, such as jad, and convert it into editable Java projects again. Imagine that the framework and algorithm in the project are hard written by a company. They were originally used to make money, but they were whored for nothing. Thank you!!! Therefore, jar package encryption is imperative!

Native environment: Windows10 system

The server system is Windows system

Use Xjar to encrypt jar package under Windows system:

        Create a project to run the encryption conversion code, and introduce maven dependency into the pom file of the project:

    <!-- set up jitpack.io Warehouse -->
    <repositories>
        <repository>
            <id>jitpack.io</id>
            <url>https://jitpack.io</url>
        </repository>
    </repositories>



<dependencies>
        <!--Import xjar yes jar Encrypt packets -->
        <dependency>
            <groupId>com.github.core-lib</groupId>
            <artifactId>xjar</artifactId>
            <version>4.0.1</version>
        </dependency>

        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-compress</artifactId>
            <version>1.19</version>
        </dependency>

        <dependency>
            <groupId>com.github.core-lib</groupId>
            <artifactId>loadkit</artifactId>
            <version>v1.0.1</version>
        </dependency>
</dependencies>

Windows system installation go environment:

        Because the encryption conversion code needs to use the go environment, it needs to be deployed. Of course, this is only for the encryption conversion of jar packages. There is no need to install the go environment on the server.

Download go installation package: Go download - go language Chinese network - Gong Chinese community

Install all the way to next until the installation is completed

Environment deployment:

Configure the environment variable GOROOT installation directory:

To configure the path variable:

 

cmd view go version:

 

 

 

Encryption conversion code:

The encrypted password is set by yourself, and the file path and name before and after encryption are modified by yourself

package com.example.demo.utils;

import io.xjar.XCryptos;

public class XjarPackage {
    /**
     *jar Packet encryption
     */
    public static void main(String[] args) {
        try {
            XCryptos.encryption()
                    .from("D:\\xjar\\Before encryption\\webdemo-0.0.1-SNAPSHOT.jar")
                    // Encrypted password
                    .use("123")
                    // Resources to encrypt
                    .include("/**/*.class")
                    .include("/**/*.xml")
                    .include("/**/*.yml")
                    // Encrypted jar, at this time: decompilation through JD GUI fails
                    .to("D:\\xjar\\After encryption\\webdemo-0.0.1-SNAPSHOT.jar");
            System.out.println("Encryption complete");
        }catch (Exception e){
            e.printStackTrace();
        }
    }
}



Run code:

        After running the code, draw the encrypted file under the encrypted file path you set. At this time, after double clicking the. class file in the jar package, the content will not be displayed, and the decompilation tool cannot be used to decompile. Moreover, the encrypted jar package cannot be run with the normal Java jar command

 

Change the jar package to a working project:

        Enter the cmd command window in the encrypted folder, and use the go build xjar.go command to create the xjar.exe running file

go build xjar.go

  use     xjar java -jar xx.jar   Command to run the jar package normally

xjar java -jar xx.jar

          Upload the xjar.exe file and the encrypted jar package to the same path in the server of windows system, and use this command to run normally.

        

Since many remote servers belong to Linux system, I'd like to add the encryption operation of jar package under Linux system.

The server system is Linux:

Here is a tutorial: Use xjar to encrypt the jar package and deploy it to the linux server_ Bright moon, xiaoshuihan - CSDN blog

         For xjar encryption, we trace back to the source and find out the source code. We will find that the reason why we can't use Java jar to directly run the encrypted jar package is that you set the password during encryption, and the jar package will let you enter the correct password when running. If you enter the correct password, it can also run successfully directly.

          The return value here is       AES/CBC/PKCS5Padding         one hundred and twenty-eight       one hundred and twenty-eight         Set password

         If you input these four parameters correctly, you can also run the jar package project correctly (the password I set here is 123)

Windows system started successfully:

  Linux system started successfully:    

 

  From this, I think that the ordinary compressed package can also set a password. You need to enter a password to view and decompress. What's the difference between the two? Can I also set the jar package to add a password like this, and let me enter the password when opening, viewing and running, which can actually achieve the purpose that we want to encrypt the jar package without leakage.

Use winsw to deploy the spring boot project as a server system level service to run startup and self startup

        Although we can run the service in the background without hanging up, it is difficult to ensure that there will be power failure on the project site, so we need to set the service to start automatically.

The server is a Windows system:

         Download from github     https://github.com/winsw/winsw/releases

        The. xml file is a sample file for. exe, which can be downloaded according to the model of your computer

Deployment Services:

  I modified the configuration file and renamed it winsw

<service>
  <id>webDemo</id>
  <name>webDemo</name>
  <description>One for testing springboot project</description>
  <executable>java</executable>
  <arguments>-jar D:\xjar\After encryption\webdemo-0.0.1-SNAPSHOT.jar</arguments>
  <workingdirectory>D:\xjar\After encryption</workingdirectory>
  <log mode="roll"></log>
</service>

Start the cmd window under this directory and enter     winsw install     The spring boot service can be changed to a system level service, which can be viewed in the task manager, started and stopped. Or use the command line:       net start/stop webDemo

 

  Delete service:

Enter cmd to execute the command under this directory       winsw uninstall

 

The server is a Linux system:

Set as system level service:

Run the following command on the terminal and set the project name on my side to webDemo

sudo In -s /home/admin/Demo/webdemo-0.0.1-SNAPSHOT.jar /etc/init.d/webDemo

Start stop service:

The terminal executes the following commands to start and stop the service

service gdmm-wms start/stop

Set startup and self startup:

The terminal executes the following commands to set the startup and self startup

systemctl enable webDemo

Posted by NoBullMan on Fri, 15 Oct 2021 12:49:13 -0700