DashO supports both Spring Boot and Spring Framework projects. Read the corresponding section below for details.
DashO can directly process Spring Boot Jars and WARs. To do that, the Spring Boot handler type needs be configured for the Spring Boot input.
DashO looks for the Spring Boot
MANIFEST.MF file to gather information about the project.
It automatically treats the classes that are in the folder specified by the
Spring-Boot-Classes field (e.g.
WEB-INF/classes/ for WARs,
BOOT-INF/classes/ for Jars) as the input classes that need to be protected.
It automatically treats the libraries in the folder specified by the
Spring-Boot-Lib field (e.g.
WEB-INF/lib/ for WARs,
BOOT-INF/lib/ for Jars) as the support libraries.
It automatically treats the package specified by the
Start-Class field as an Entry Point for the project.
Because Spring Boot is a convention-based framework relying on annotations, the annotated components discovered at runtime, and things like REST endpoints, database models will be named after the class/method/field names. This means that lots of things should not be renamed to prevent changing the runtime behavior. In-app protection should not change the runtime behavior, but it should make the software harder to reverse-engineer. To make everything work correctly at runtime, certain components should be excluded from Renaming and/or Removal.
The simplest way to configure the required exclusions is to use the Project Wizard with the Web project type. Just provide the Spring Boot package as an input for the wizard and it will configure all the required exclusions and settings to successfully protect the package.
The Web Project Wizard does the following when it discovers a Spring Boot Jar or WAR:
- Configures the input to use the Spring Boot handler type.
- Configures all the important Spring Boot annotations e.g. org.springframework. packages and javax.persistence. annotations as entry points.
- Enables Removal and excludes the Spring Boot and other important packages.
- Enables Renaming with the Maintain hierarchy Package Renaming setting and excludes the Spring Boot and other important packages.
- Enables Make Synthetic and excludes the Spring Boot and other important packages.
Note: Use Renaming with the Maintain hierarchy Package Renaming setting for a Spring Boot project to work because it can potentially break the Spring Boot component scan at runtime.
Spring Bean support in PreEmptive Protection™ DashO™ is provided primarily by the Spring Bean special class.
It is configured with the class name (or name pattern) and optional entry points (e.g. init, destroy, and factory methods).
During processing, the property methods (
set*(*)), public constructors, and configured entry points, will be followed to determine unused methods.
The class, configured entry points, property methods and non-property methods can be configured to be renamed.
DashO will scan the Spring XML files during each build and will update any class references in the XML if DashO has renamed the corresponding Java class. It will update direct class references as well as class names listed in parameters or argument types. It will also update bean property names and entry point method names if DashO renamed them. Abstract beans (e.g. bean definitions without classes) will also have related property names and method names updated as it is assumed they are related to the renamed beans.
To get the most benefit out of DashO's Spring support, we suggest starting your project by using the New Project Wizard, and then making individual adjustments to the special classes as needed.
The New Project Wizard will identify Spring XML files, scan them for bean class references and configure Spring Bean special classes. When the New Project Wizard finds a bean definition in a Spring XML file, it:
Creates a new Spring Bean special class for the identified
Looks for configured
destroy-methodattributes in the XML and adds them to the special class as entry points. If no
destroy-methodattribute was found, it will check for
default-destroy-methodattributes, respectively, and instead adds them to the special class as entry points.
Looks for a configured
factory-methoddirectly on the bean and adds it to the special class as an entry point.
Looks for configured
replaced-methodelements and adds them to the special class as entry points.
Looks for constant values referenced using
util:constant static-fieldor the
Please take a look at the SpringBean sample project as it provides examples of DashO's support.
Note: If you use the
factory-beanattribute, you will need to manually add the corresponding
factory-methodas an entry point on the appropriate class.
If you use
replaced-methodfunctionality, you may need to specify the signature using the
arg-typeelements so the correct method will be identified after renaming.
If you use the
targetObjectattribute is not supported.