开发者

Obfuscating Struts2 web application

I want to obfuscate J2EE application which uses Struts2 framework, I tried using Proguard but its changing package and class names which does not get reflected stuts.xml file, Is it impossible to obfuscate struts2 web application ? Or any 开发者_开发百科other way ?


In fact, once the sources has been obfuscated, ProGuard generates a log file that can be used to replace class names in xml file, in a grep-like way. Otherwise, it is also possible to exclude classes extending a specific class or interface in proGuard. This way, your struts actions won't be ofbuscated (which is a lamer obfuscation strategy) but the rest of your application will be.


In general, it is a bad idea to obfuscate names in an application running on top of a dynamic framework that relies on reflection, being it OSGi or a Web container. You never know what entities the framework would want to load or query by name, and whether obfuscation might upset the numerous third-party components...

Read more about this and about the three alternatives to obfuscation in Protect Your Java Code - Through Obfuscators And Beyond

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜