简体   繁体   中英

Obfuscating Struts2 web application

I want to obfuscate J2EE application which uses Struts2 framework, I tried using Proguard but its changing package and class names which does not get reflected stuts.xml file, Is it impossible to obfuscate struts2 web application ? Or any other way ?

In fact, once the sources has been obfuscated, ProGuard generates a log file that can be used to replace class names in xml file, in a grep-like way. Otherwise, it is also possible to exclude classes extending a specific class or interface in proGuard. This way, your struts actions won't be ofbuscated (which is a lamer obfuscation strategy) but the rest of your application will be.

In general, it is a bad idea to obfuscate names in an application running on top of a dynamic framework that relies on reflection, being it OSGi or a Web container. You never know what entities the framework would want to load or query by name, and whether obfuscation might upset the numerous third-party components...

Read more about this and about the three alternatives to obfuscation in Protect Your Java Code - Through Obfuscators And Beyond

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM