Introduce how to encrypt webapp overall
Introduction
Webapp serves as a website which will be accessed by a browser or API client. This page will introduce what need to do if we want to encrypt a webapp by Jar2Exe.
And then we will introduce 2 ways to do the encryption: manually steps and automatical packer tool.
Purpose
Our purpose is to encrypt and protect all the classes and resources which are loaded through class loader, and only remain static resources which are needed to be accessed directly.
Let's take a look at the structure of webapp:
├── WEB-INF
│ ├── applicationContext.xml (default place)
│ ├── classes
│ │ ├── applicationContext.xml (alternative place)
│ │ ├── mapper
│ │ │ └── mapper.xml
│ │ └── yourclass.class
│ ├── lib
│ │ └── some-lib.jar
│ ├── views
│ │ └── mvcpage.jsp (jsp page not direct access)
│ └── web.xml
├── commonpage.jsp (jsp page visited from url)
├── index.html
└── static
└── script.js
The red files are loaded by ClassLoader and needs to be encrypted.
Steps
In order to use Jar2Exe to encrypt webapp, we need to split webapp into several jar files:
-
Pre-compile jsp files. We don't want to write temp files when running, so we pre-compile jsp files into servlet classes. After the pre-compile, we will get:
(Webapp Root)
├── WEB-INF
│ ├── applicationContext.xml (default place)
│ ├── classes
│ │ ├── applicationContext.xml (alternative place)
│ │ ├── mapper
│ │ │ └── mapper.xml
│ │ ├── org
│ │ │ └── apache
│ │ │ └── jsp
│ │ │ ├── commonpage_jsp.class
│ │ │ └── WEB_002dINF
│ │ │ └── views
│ │ │ └── mvcpage_jsp.class
│ │ └── yourclass.class
│ ├── lib
│ │ └── some-lib.jar
│ ├── views
│ │ └──mvcpage.jsp (jsp page not direct access)
│ └── web.xml
├──commonpage.jsp (jsp page visited from url)
├── index.html
└── static
└── script.jsThe jsp files will be compiled into 'org/apache/***.class' files. The web.xml is modified. The original jsp files are not not needed.
-
Separate static resources and class loader's resources. Put jar files in 'WEB-INF/lib' outside, and wrap all files in 'WEB-INF/classes' into a new zip file 'web-classes.zip'. Wrap remain static files into another zip file 'web-static.zip'. Then we get:
(web-static.zip)
├── WEB-INF
│ ├── applicationContext.xml (default place)
│ └── web.xml
├── index.html
└── static
└── script.js
(web-classes.zip)
├── applicationContext.xml (alternative place)
├── mapper
│ └── mapper.xml
├── org
│ └── apache
│ └── jsp
│ ├── commonpage_jsp.class
│ └── WEB_002dINF
│ └── views
│ └── mvcpage_jsp.class
└── yourclass.class
(some-lib.jar) - Prepare starter program to start embed webserver. The webserver should regard 'generated exe' file as a war file, that is to say, the webserver should treat System.getProperty("j2e.app.path") as a war file. Then we compile and pack the starter program as 'starter.zip'.
- Wrap to exe with Jar2Exe. After all we wrap all files into an exe file, including: starter.zip, web-classes.zip, (some-lib.jar), web-static.zip. We keep web-static.zip not encypted.
Live demos
We provide 2 live demos:
- Manually steps. Using ANT to pre-compile, and wrap your program manually.
- Automatical packer tool. Using Maven Plugin to pre-compile and using a "packer" program to run Jar2Exe automatically.
Special Comment On Spring-MVC
Because the encryption of Jar2Exe does not allow to list files within a jar file, so any kind of 'component-scan' is not allowed. Beans should be declared explicitly one by one.
Please refer to: https://github.com/sswater/webapp-cases
Add new comment