在 Jetty 中使用自定义 WebAppClassloader
我正在为我们公司编写一个基于 Spring 的 Web 应用程序,我收到了应该对我们应用程序的类进行加密的命令。
我在此处找到了一个简单的类加载器实现。它基本上是一个实现自己的 loadClass 和 findClass 方法的 URLClassLoader。
我按照 Jetty wiki @ eclipse 的说明进行操作,通过扩展 WebAppClassLoader 创建了自己的类加载器。我已经按照第一个链接中的建议实现了 findClass() 和 loadClass() 方法(几乎是复制和粘贴)。
我的类加载器的完整代码可以在这里要点查看。
我已经使用码头中的上下文设置了类加载器。
<Configure id="clsLdrCtx" class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="contextPath">/server</Set>
<Set name="war">
/home/me/workz/protection/classloading/server/target/server-0.0.0-SNAPSHOT.war</Set>
<Set name="classLoader">
<New class="org.eclipse.jetty.webapp.WebAppClassLoaderEncrypted">
<Arg><Ref id="clsLdrCtx"/></Arg>
</New>
</Set>
</Configure>
我启动了jetty(没有任何加密的类,只是为了看看类加载器是否工作)并且得到了以下异常:(
2011-10-11 14:59:58.401:WARN::FAILED encodingFilter: java.lang.IllegalStateException: class org.springframework.web.filter.CharacterEncodingFilter is not a javax.servlet.Filter
完整的堆栈跟踪也在与上面相同的要点链接上)
(如果我不实现findClass()< /b> 它使用 URLClassLoader 的实现并且运行得很好。)
你能看出可能是什么问题吗?我很高兴得到任何答复,谢谢
I'm writing a spring based web application for our company and I received orders that I should encrypt classes of our app.
I found a simple implementation of classloader that might do the trick here. It's basically a URLClassLoader that implements its own loadClass and findClass methods.
I followed instructions from Jetty wiki @ eclipse, I created my own classloader by extending WebAppClassLoader. I've implemented findClass() and loadClass() methods as suggested in the first link (almost copy & paste).
Full code of my classloader can be seen here on gist.
I've set the classloader using context in jetty.
<Configure id="clsLdrCtx" class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="contextPath">/server</Set>
<Set name="war">
/home/me/workz/protection/classloading/server/target/server-0.0.0-SNAPSHOT.war</Set>
<Set name="classLoader">
<New class="org.eclipse.jetty.webapp.WebAppClassLoaderEncrypted">
<Arg><Ref id="clsLdrCtx"/></Arg>
</New>
</Set>
</Configure>
I started jetty (without any encrypted classes, just to see if the classloader workz) and I got following exception:
2011-10-11 14:59:58.401:WARN::FAILED encodingFilter: java.lang.IllegalStateException: class org.springframework.web.filter.CharacterEncodingFilter is not a javax.servlet.Filter
(Full stack trace also on the same gist link as above)
(If I don't implement findClass() it uses implementation from URLClassLoader and it runs just fine.)
Can you see what might be the problem? I'll be glad for any answer, thank you
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
抛开在 Web 应用程序内加密类的(缺乏)优点...
看起来您的类加载器无法正常工作,因为您未能维护/复制 WebAppClassLoader 中的适当
行为查看 WebAppClassLoader 的源代码,您会发现它对“System”和“Server”类有特殊处理。您需要包含该行为。
您得到的结果(可能)是您的过滤器正在实现您的“Filter”接口(即由您自己的类加载器加载的 Filter 类),而不是服务器的“Filter”接口(由 Jetty 的根类加载器加载的接口)
Putting aside the (lack of) merits to encrypting classes inside a web-app...
It looks like your classloader isn't working because you have failed to maintain/duplicate the appropriate behaviours from WebAppClassLoader
Have a look at the source to the WebAppClassLoader and you will see that it has special handling for "System" and "Server" classes. You need to include that behaviour.
The result you are getting (probably) is that your filter is implementing your "Filter" interface (i.e. the Filter class loaded by your own classloader), rather than the server's "Filter" interface (the one loaded by Jetty's root classloader)