CN113238762B - Remote deployment method, device and equipment for java application - Google Patents

Remote deployment method, device and equipment for java application Download PDF

Info

Publication number
CN113238762B
CN113238762B CN202110507250.4A CN202110507250A CN113238762B CN 113238762 B CN113238762 B CN 113238762B CN 202110507250 A CN202110507250 A CN 202110507250A CN 113238762 B CN113238762 B CN 113238762B
Authority
CN
China
Prior art keywords
binary code
shell
code file
service
java application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110507250.4A
Other languages
Chinese (zh)
Other versions
CN113238762A (en
Inventor
黄善荣
卢道和
罗锶
边元乔
黄叶飞
黄彦淇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN202110507250.4A priority Critical patent/CN113238762B/en
Publication of CN113238762A publication Critical patent/CN113238762A/en
Application granted granted Critical
Publication of CN113238762B publication Critical patent/CN113238762B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/73Program documentation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Library & Information Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a java application remote deployment method, which comprises the following steps: acquiring an operation shell of a service provider; starting the running shell through a customized development tool to obtain an encrypted binary code file corresponding to java application of the service provider; and converting the encrypted binary code file into a target binary code file for loading by calling security conversion logic in a core class loader for loading the core java class so as to deploy the java application. The method and the device solve the technical problem of low safety when java applications are deployed remotely.

Description

Remote deployment method, device and equipment for java application
Technical Field
The application relates to the technical field of computers in financial science and technology (Fintech), in particular to a java application remote deployment method, device and equipment.
Background
With the continuous development of financial science and technology, especially internet science and technology finance, more and more technologies (such as distributed, artificial intelligence, etc.) are applied in the finance field, but the finance industry also puts higher demands on technologies, such as distribution of corresponding backlog in the finance industry.
Along with the continuous development of computer technology, the application field of computer technology is also more and more extensive, at present, when the service provider is in remote deployment of java application on the server of the service partner, generally, directly delivering an encrypted jar packet and an encrypted basis to the service partner, and further, the service partner can decrypt the encrypted jar packet by using a decryption tool to run so as to complete the deployment of the java application, but the service partner can deliver the decryption tool and the encrypted jar packet to a third party for use, and can also leak codes for deploying the java application to the third party, so that the problem of source code leakage exists when the java application is in remote deployment, and the safety when the java application is deployed is low.
Disclosure of Invention
The application mainly aims to provide a remote deployment method, device and equipment for java applications, and aims to solve the technical problem of low safety in remote deployment of java applications in the prior art.
In order to achieve the above object, the present application provides a remote deployment method for java applications, where the remote deployment method for java applications is applied to a service partner, and the remote deployment method for java applications includes:
acquiring an operation shell of a service provider;
starting the running shell through a customized development tool to obtain an encrypted binary code file corresponding to java application of the service provider;
and converting the encrypted binary code file into a target binary code file for loading by calling security conversion logic in a core class loader for loading the core java class so as to deploy the java application.
The application also provides a java application remote deployment method which is applied to the service provider and comprises the following steps:
acquiring equipment address information of a service partner, and generating a shell packet with the equipment address information corresponding to java application;
the shell package is sent to the service partner, so that the service partner can start the operation shell corresponding to the shell package through a customized development tool, and a code file request is sent to the service provider;
And sending an encrypted binary code file to the service partner in response to the code file request, so that the service partner can convert the encrypted binary code file into a target binary code file to load by calling security conversion logic in a core class loader for loading a core java class in the customized development tool, and deploying the java application.
The application also provides a java application remote deployment device, which is a virtual device and is applied to a service partner, and the java application remote deployment device comprises:
the installation module is used for acquiring the operation shell of the service provider;
the acquisition module is used for starting the running shell through a customized development tool and acquiring an encrypted binary code file corresponding to the java application of the service provider;
the loading module is used for converting the encrypted binary code file into a target binary code file for loading by calling security conversion logic in a core class loader for loading the core java class so as to deploy the java application.
The application also provides a java application remote deployment device, which is a virtual device and is applied to a service provider, and the java application remote deployment device comprises:
the generation module is used for acquiring the equipment address information of the service partner and generating a shell packet with the equipment address information corresponding to the java application;
The sending module is used for sending the shell package to the service partner so that the service partner can start the operation shell corresponding to the shell package through a customized development tool and send a code file request to the service provider;
And the response module is used for transmitting the encrypted binary code file to the service partner by responding to the code file request so that the service partner can convert the encrypted binary code file into a target binary code file to load by calling the security conversion logic in the core class loader for loading the core java class in the customized development tool so as to deploy the java application.
The application also provides a java application remote deployment device, which is entity equipment, and comprises: the remote deployment method comprises a memory, a processor and a program of the remote deployment method of the java application, wherein the program of the remote deployment method of the java application is stored in the memory and can run on the processor, and the steps of the remote deployment method of the java application can be realized when the program of the remote deployment method of the java application is executed by the processor.
The application also provides a readable storage medium, wherein the readable storage medium is stored with a program for realizing the remote deployment method of the java application, and the steps of the remote deployment method of the java application are realized when the program of the remote deployment method of the java application is executed by a processor.
The application also provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the java application remote deployment method as described above.
Compared with the technical means adopted in the prior art that an encrypted jar package and encryption are directly delivered to a service partner to deploy the java application, the method, the device and the equipment provided by the application have the advantages that firstly, the operation shell of the service provider is obtained, then, the operation shell is started through a customized development tool, the encrypted binary code file corresponding to the java application of the service provider is obtained, and further, the purpose that the binary code of the code and the algorithm corresponding to the java application is sent to the service partner in an encrypted state is realized, so that the code and the algorithm corresponding to the java application can be prevented from being leaked in the data transmission process.
In addition, the encryption binary code file is converted into the target binary code file to be loaded by calling the security conversion logic in the core class loader for loading the core java class, so that the java application is deployed, even if a service partner delivers a shell package corresponding to an operation shell to a third party, under the condition that the third party does not have a customized development tool, the third party cannot decrypt the encryption binary code file, and further cannot successfully deploy the java application, and because the core class loader is a class loader for loading the core java class, the core class loader is a class loader written based on a C language, the core class loader has good capability of hiding the security conversion logic, the service partner can be prevented from acquiring the target binary code file by stealing the security conversion logic, and therefore the capability of directly transmitting the operation shell and the target binary code file to the third party for deploying the java application by the third party is not ensured, codes corresponding to the java application and algorithms cannot be leaked to the third party, and the defect that the remote application can be leaked by the third party when the java application is deployed by the remote party is overcome.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
In order to more clearly illustrate the embodiments of the application or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, and it will be obvious to a person skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1 is a flowchart of a first embodiment of a remote deployment method for java applications according to the present application;
FIG. 2 is a flowchart of a second embodiment of the remote deployment method for java applications of the present application;
FIG. 3 is a flowchart of a third embodiment of the remote deployment method for java applications of the present application;
FIG. 4 is a schematic flow chart of a java application deployment in the java application remote deployment method of the present application;
FIG. 5 is a flowchart of a fourth embodiment of the remote deployment method for java applications of the present application;
fig. 6 is a schematic device structure diagram of a hardware running environment according to an embodiment of the present application.
The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
In a first embodiment of the java application remote deployment method, the java application remote deployment method is applied to a service partner, and referring to fig. 1, the java application remote deployment method includes:
step S10, acquiring an operation shell of a service provider;
In this embodiment, it should be noted that, before executing step S10, the service partner needs to send the public key in the target machine mac value, the network segment, and the generated partner key pair acquired at this time to the service provider, and then the service provider enters the public key in the target machine mac value, the network segment, and the generated partner key pair in the management background server, and compresses the target machine mac value, the public key in the generated provider key pair, and the running shell jar packet encrypted by the random value into the shell packet.
Additionally, it should be noted that, the running shell may be started by a customized development tool, where the customized development tool may be bound with a machine on which the java application is installed, so as to prevent a third party machine from stealing the customized development tool, or may set installation rights for the customized development tool, so that only a authorized service partner may perform installation, where the service partner is a service demander for locally deploying the java application, the service provider is a provider for providing a service for deploying the java application, and the java application is a service based on java development, such as a face-brushing access service, a fingerprint access service, and the like, and the running shell is a running package with a code capability after encryption and decryption, where the running shell does not include a service-related algorithm and a service logic, such as a face-brushing algorithm and a fingerprint recognition algorithm, where the customized development tool is a development tool for starting the running shell.
Additionally, it should be noted that the customized development tool may be installed by the service partner before the service provider remotely deploys the java application, or may be installed when the service provider remotely deploys the java application. The customized development tool at least comprises a sub tool, wherein one sub tool corresponds to one java application, the sub tool is used for starting a running shell of the corresponding java application, and different java applications can be set to correspond to different sub tools.
The method comprises the steps of obtaining an operation shell of a service provider, specifically, receiving a shell package sent by the service provider, decompressing the shell package to obtain shell package equipment address information, a public key in a preset provider key pair and an operation shell jar package encrypted through a random number, wherein the shell package equipment address information is a target machine mac value of the service partner stored in the shell package in advance, the preset provider key pair is generated by the service provider, the operation shell jar package is an operation shell encrypted through the random number, verifying whether the federal partner is a valid partner or not based on the shell package equipment address information and the local equipment address information which is obtained currently, if the federal partner is the valid partner, initiating a random number obtaining request to the service provider, further receiving an encrypted random number sent by the service provider in response to the random number obtaining request, decrypting the encrypted random number based on the public key in the preset provider key pair, and obtaining the target random number, and decrypting the random number based on the target random number, and obtaining the random number by the operation shell.
In step S10, the step of acquiring a running shell from a service provider includes:
step S11, receiving a shell packet sent by a service provider and acquiring local equipment address information;
In this embodiment, it should be noted that the local device address information is a machine mac value obtained locally at the current time.
Step S12, decompressing the shell package to obtain a text to be decrypted and a jar package to be decrypted;
In this embodiment, it should be noted that the jar packet to be decrypted is the running shell jar packet, and the text to be decrypted is an encrypted text having device address information encrypted by a private key in a provider key pair.
Step S13, decrypting the text to be decrypted in the shell package to obtain shell package equipment address information;
In this embodiment, the text to be decrypted in the shell packet is decrypted to obtain the shell packet device address information, and specifically, the text to be decrypted in the shell packet is decrypted based on the public key in the provider key pair to obtain the shell packet device address information.
Step S14, if the shell package equipment address information is not matched with the local equipment address information, destroying the shell package;
In this embodiment, if the address information of the shell packet device does not match the address information of the local device, the shell packet is destroyed, specifically, if the address information of the shell packet device does not match the address information of the local device, the binary code corresponding to the shell packet is randomly rewritten, stored and deleted, so that the shell packet is deleted on a physical machine and logically at the same time.
And step S15, if the shell package equipment address information is matched with the local equipment address information, decrypting the jar package to be decrypted based on the target random value obtained by requesting the service provider to obtain the running shell.
In this embodiment, specifically, the local device address information is compared with the shell packet device address information to determine whether the local device address information is consistent with the shell packet device address information, if so, the shell packet device address information is matched with the local device address information, and then an encrypted random number request is initiated to the service provider, and then the service provider feeds back the encrypted random number to the service provider, where the encrypted random number is a random number encrypted based on a public key in a secret key pair of the provider, and then the service provider receives the encrypted random number, decrypts the encrypted random number based on a private key in the secret key pair of the provider, obtains a target random number, and then decrypts the jar packet to be decrypted based on the target random number, obtains the running shell, and if not, the shell packet device address information is not matched with the local device address information, and then the shell packet is prevented from being illegally deployed by the service provider who is not an effective provider, and remote deployment of java application is promoted.
Step S20, starting the running shell through a customized development tool, and acquiring an encrypted binary code file corresponding to the java application of the service provider;
in this embodiment, it should be noted that, the running shell is started by using the customized development tool, at this time, the main thread normally loads the shell code corresponding to the running shell and the dependency corresponding to the customized development tool, at this time, since the running shell does not include the algorithm and the service logic of the service, and further the service partner needs to load the encrypted binary code file corresponding to the java application from the service provider, but because the main thread already runs the main method at this time, in order that the system process can function normally, a thread needs to be recreated for loading the encrypted binary code file, and another thread needs to request the encrypted binary code file from the service provider.
The running shell is started through a customized development tool, an encrypted binary code file corresponding to a java application of the service provider is obtained, specifically, a sub tool corresponding to the running shell is matched in the customized development tool based on a java application identifier corresponding to the running shell, the running shell is started through the sub tool corresponding to the running shell, so that a main thread is switched to a target thread, and the encrypted binary code file is requested to the service provider through the target thread.
And step S30, converting the encrypted binary code file into a target binary code file for loading by calling security conversion logic in a core class loader for loading the core java class so as to deploy the java application.
In this embodiment, it should be noted that, the core class loader (boostrapclassloader) is a class loader for loading a core java class, and since the core class loader is written based on c++, the core class loader has a natural hidden attribute, and the security conversion logic in the core class loader cannot be obtained by a simple decompilation means.
The method comprises the steps of transferring an encrypted binary code file into a target binary code file to be loaded through calling security conversion logic in a core class loader for loading a core java class, specifically, switching the target thread to a first thread to deploy the java application, calling the security conversion logic in the core class loader for loading the core java class through a first thread, decrypting the encrypted binary code file and eliminating a data mark to obtain a target binary code, further loading the target binary code, switching the first thread to a second thread, calling a start-up type main method through a reflection mechanism, and running the target binary code to realize deployment of the java application, wherein the encrypted binary code file is encrypted based on a public key in a partner key pair, and a preset number of data marks are inserted in the encrypted binary code file to disguise the target binary code, for example, assuming that the target binary code in the target binary code file is 0110 marks, and the target binary code in which is inserted is 110 bits, namely, three bits of binary code are 110 bits and three bits of binary code are digital binary code in the target binary code.
Further, in step S30, the transcoding security transformation logic includes decryption logic and data flag removal logic,
The step of converting the encrypted binary code file into a target binary code file for loading by calling security conversion logic in a core class loader for loading a core java class comprises the following steps:
Step S31, decrypting the encrypted binary code file into a binary code disguised file by calling the decryption logic;
in this embodiment, the encrypted binary code file is decrypted into a binary code masquerading file by calling the decryption logic, and specifically, the encrypted binary code file is decrypted by calling the decryption logic and using a private key in a partner key pair to obtain the binary code masquerading file, where the binary code masquerading file is a target binary code file into which a data flag is inserted.
Step S32, removing the data mark in the binary code disguised file by calling the data mark removing logic to obtain the target binary code file;
In this embodiment, the data mark in the binary code masquerading file is removed by calling the data mark removing logic, so as to obtain the target binary code file, specifically, each data mark in the binary code masquerading file is located by calling the data mark removing logic, and then each data mark is deleted in the binary code masquerading file, so as to obtain the target binary code file.
Further, in step S32, the step of calling the data tag removal logic to remove the data tag in the binary code masquerading file, and the step of obtaining the target binary code file includes:
step S321, obtaining the ip address of the local equipment of the service partner;
In this embodiment, it should be noted that the ip address of the local device is an ip address of a machine that deploys java applications in the service partner.
Step S322, carrying out byte polling on the binary code disguised file based on the local equipment ip address, and positioning each data mark in the binary code disguised file;
In this embodiment, byte polling is performed on the binary code masquerade file based on the local device ip address, and each data flag in the binary code masquerade file is located, specifically, based on each address value in the local device ip address, the target byte polling frequency and the number of data flags are determined, further byte polling is performed on the binary code masquerade file, when the number of byte polling reaches the target byte polling frequency, the current polling position is used as the data flag insertion position, further, based on the number of data flags, for example, assuming that the local device ip address is 10.23.36.69, the address values are respectively 10, 23, 36 and 69, and the number of data flags is 2n+1, n is the address value, so when byte polling is performed to the 10 th time, the current polling position is determined as the data flag insertion position, and the values on 21 bits from the data flag insertion position are all data flags, and similarly, when byte polling is performed to the 23 th time, 36 th time, and 69 th time, corresponding data can be set as the data flag, or the data can be set as 0.
And step S323, deleting each data mark in the binary code disguising file to obtain the target binary code file.
In this embodiment, each data flag is deleted in the binary code masquerade file to obtain the target binary code file, specifically, each located data flag is deleted directly in the binary code masquerade file to obtain the target binary code file.
And step S33, loading the target binary code file.
In this embodiment, the target binary code file is loaded by calling the core class loader.
Compared with the technical means adopted in the prior art that an encrypted jar packet and encryption are directly delivered to a service partner to deploy the java application, the embodiment of the application firstly obtains the operation shell of the service provider, and then starts the operation shell through a customized development tool, obtains the encrypted binary code file corresponding to the java application of the service provider, further achieves the purpose that the binary code corresponding to the java application and the binary code of the algorithm are sent to the service partner in an encrypted state, can ensure that the code and the algorithm corresponding to the java application cannot leak in a data transmission process, further converts the encrypted binary code file into a target binary code file to be loaded by invoking security conversion logic in a core class loader for loading a core java class, further ensures that the core class is not successfully converted into the binary code by the application, and further prevents the core class from being loaded by the security class loader because the binary code is directly loaded to the core class loader, and the core class is not successfully converted into the core class loader by the binary code, and the core class loader is not successfully converted into the security class by the security class loader, and the core class is further prevented from being loaded by the security class loader, therefore, the technical defect that source codes are leaked due to the fact that a service partner can leak codes for deploying the java application to a third party when the java application is deployed remotely in the prior art is overcome, and safety of the java application in remote deployment is improved.
Further, referring to fig. 2, according to a first embodiment of the present application, in another embodiment of the present application, the step of obtaining an encrypted binary code file corresponding to a java application of the service provider by starting the running shell through a customized development tool includes:
step S21, starting the running shell through the customized development tool to switch the main thread to the target thread;
In this embodiment, the running shell is started by using the customized development tool, at this time, the main thread normally loads the shell code corresponding to the running shell and the dependency corresponding to the customized development tool, at this time, since the running shell does not include the algorithm and the business logic of the service, and further the service partner needs to load the encrypted binary code file corresponding to the java application from the service provider, but since the main thread has already run the main method once, in order for the system process to function normally, a thread needs to be re-created for loading the encrypted binary code file, and another thread is required to request the encrypted binary code file from the service provider, where the target thread is a thread for requesting the encrypted binary code file from the service provider.
Further, in step S21, the step of switching the main thread to the target thread includes:
step S211, detecting a specific quiet shutdown abnormality caused by a system start event thrown by the main thread;
In this embodiment, it should be noted that, because there is a problem of occupation of port resources when the main thread is switched to the target thread, the main thread needs to be turned off, but when a new thread is started, the main thread throws out a specific quiet off exception, so that the port resources are released by turning off the whole process, and thus all threads under the process are turned off, which affects the thread switching efficiency, so that the deployment efficiency of java application becomes low.
Detecting a specific quiet shutdown abnormality caused by a system startup event thrown by the main thread, specifically, detecting whether a startup event occurs or not by monitoring based on a monitoring class in an operation shell, and detecting the specific quiet shutdown abnormality caused by the system startup event thrown by the main thread, wherein when the startup event occurs, the main thread throws the specific shutdown abnormality, and the startup event is an event for starting a new thread.
Step S212, intercepting the specific quiet closing exception through a preset specific exception handling class in the operation shell;
in this embodiment, it should be noted that, in the embodiment of the present application, a preset specific exception handling class is preset in an operation shell, where the preset specific exception handling class is a java class for intercepting the specific security shutdown exception, so that a process is not shutdown.
Step S213, the main thread is instructed to execute the graceful shutdown logic, and after the main thread has completed executing the graceful shutdown logic, the target thread is started.
In this embodiment, the main thread is instructed to execute the graceful shutdown logic, and after the main thread has completed executing the graceful shutdown logic, the target thread is started, specifically, the main thread is instructed to execute the graceful shutdown logic, so that the main thread is closed, and the whole process is not closed at the same time, and then after the main thread has completed executing the graceful shutdown logic, the target thread is started and initialized.
Step S22, the current equipment address information of the service partner is obtained through the target thread, and a code file request with the current equipment address information is sent to the service provider so that the service provider can verify whether the service partner is a valid partner or not;
In this embodiment, it should be noted that the effective partner is a partner in an effective cooperation service interval.
The method comprises the steps of obtaining current equipment address information of a service partner through a target thread, sending a code file request with the current equipment address information to a service provider, and enabling the service provider to verify whether the service partner is a valid partner or not, specifically obtaining the current equipment address information of the service partner through the target thread, wherein the current equipment address information is equipment address information, obtained by the target thread, at the current moment, and can be ip address or other types of addresses (such as mac address and the like), and further sending the code file request with the current equipment address information, encrypted based on a public key in a provider key pair, to the service provider.
Step S23, if the service provider verifies that the service partner is a valid partner, receiving an encrypted binary code file which is fed back by the service provider and responds to the code file request;
And step S24, if the service provider verifies that the service partner is not a valid partner, an abnormal instruction which is fed back by the service provider and is in response to the code file request is received, and the step of acquiring the current equipment address information of the service partner through the target thread is executed in a returning mode.
In this embodiment, specifically, after receiving a code file request, the service provider decrypts an encrypted code file request with the current device address information based on a private key in a provider key pair, so as to obtain the current device address information, further, the service provider determines whether the current device address information is an effective device address information, if the current device address information is the effective device address information, the service provider determines that the service partner is the effective partner, and sends an encrypted binary code file to the service partner, further, the service partner receives the encrypted binary code file in response to the code file request fed back by the service provider, if the current device address information is not the effective device address information, the service provider determines that the service partner is not the effective partner, and sends an abnormal command to the service partner, further, the service partner receives the abnormal command fed back by the service provider in response to the code file request, and returns to execute the step of obtaining the current device address information of the service partner through the target thread.
Further, in step S24, after the step of receiving the abnormal instruction fed back by the service provider in response to the code file request, the java application remote deployment method further includes:
step A10, counting the accumulated times of receiving the abnormal instruction;
In this embodiment, the accumulated number of times is the accumulated number of times the service partner receives the abnormal command.
And step A20, if the accumulated times are greater than a preset accumulated times threshold value, invoking self-destruction logic in the customized development tool through the target thread, and executing a preset program self-destruction flow.
In this embodiment, if the number of accumulated times is greater than a preset number of accumulated times threshold, invoking self-destruction logic in the customized development tool through the target thread, and executing a preset program self-destruction process, specifically, if the number of accumulated times is greater than a preset number of accumulated times threshold, determining that a service partner is violently cracking the customized development tool, and further invoking self-destruction logic in the customized development tool through the target thread, and executing a preset program self-destruction process to destroy the customized development tool.
The embodiment of the application provides a method for safely acquiring an encrypted binary code file, namely, starting an operation shell through a customized development tool so as to switch a main thread to a target thread;
The method comprises the steps of acquiring current equipment address information of a service partner through a target thread, sending a code file request with the current equipment address information to the service provider, verifying whether the service partner is an effective partner or not by the service provider, further receiving an encrypted binary code file fed back by the service provider in response to the code file request if the service provider verifies that the service partner is the effective partner, further receiving an abnormal instruction fed back by the service provider in response to the code file request if the service provider verifies that the service partner is not the effective partner, and returning to execute the step of acquiring the current equipment address information of the service partner through the target thread, further ensuring that only the effective partner can acquire the encrypted binary code file, further realizing the purposes of detecting whether the service partner is breaking a customized development tool by force or not, and immediately controlling to promote the customized development tool by a user to be broken by a user when the service partner is determined to break the customized development tool by force, and further improving the safety of remote development of the customized development tool.
Further, referring to fig. 3, in another embodiment of the present application, after the step of converting the encrypted binary code file into a target binary code file for loading by calling security conversion logic in a core class loader for loading a core java class to deploy the java application, the java application remote deployment method further includes:
step B10, acquiring the running time of the java application, and judging whether the running time is larger than a preset running time threshold;
In this embodiment, it should be noted that the preset operation time threshold is determined for a service time for providing a service to the service partner based on the service providing direction.
Step B20, if the running time is greater than the preset running time threshold, returning to execute the step of acquiring the encrypted binary code file corresponding to the java application from the service provider, loading the encrypted binary code file, and judging whether the service provider is in the service validity period;
In this embodiment, specifically, if the running time is greater than the preset running time threshold, the step of executing the step of obtaining the encrypted binary code file corresponding to the java application from the service provider and loading the encrypted binary code file is returned to redeploy the java application, so as to determine whether the service provider is in the service validity period.
Step B30, if the service provider is in the service validity period, returning to the step of executing the step of acquiring the running time of the java application;
in this embodiment, if the service provider is in the service validity period, the step of executing the step of acquiring the running time of the java application is returned, and specifically if the service provider is in the service validity period, the step of executing the step of acquiring the running time of the java application is returned, so as to continuously acquire the running time of the java application.
And step B40, if the service provider is not in the service validity period, clearing the loaded java class file corresponding to the java application.
In this embodiment, if the service provider is not in the service validity period, the loaded java class file corresponding to the java application, for example, the target binary code file, is cleared, so as to prevent the service partner from using the java application offline, in an implementation manner, as shown in fig. 4, a flowchart of deploying the java application is shown, where the custom classloader is the core class loader with secure loading logic, webank-aiot is a management background server of the service provider, the binary file is the encrypted binary code file, one hour is the preset running time threshold, and service cannot be provided, that is, the service provider cannot provide the java application service.
The application provides a service validity control method of a java application, namely, acquiring the running time of the java application, judging whether the running time is larger than a preset running time threshold, further, if the running time is larger than the preset running time threshold, returning to execute the step of acquiring an encrypted binary code file corresponding to the java application from a service provider, and loading the encrypted binary code file, so that the java application can be prevented from being periodically redeployed by the service provider after the service validity expires, the service provider can still use the java application, judging whether the service provider is in the service validity period, if the service provider is in the service validity period, returning to execute the step of acquiring the running time of the java application, and if the service provider is not in the service validity period, clearing the loaded java class file corresponding to the java application, namely, after the service validity period expires, using the java application to prevent the java class from being loaded by the java application after the service validity period expires.
Further, referring to fig. 5, in another embodiment of the present application, the java application remote deployment method is applied to a service provider, and the java application remote deployment method includes:
Step C10, acquiring equipment address information of a service partner, and generating a shell packet with the equipment address information corresponding to java application;
In this embodiment, it should be noted that the device address information is a machine mac value of a device for deploying a java application in a service partner.
The method comprises the steps of obtaining equipment address information of a service partner, generating a shell packet with the equipment address information corresponding to java application, specifically obtaining the equipment address information of the service partner, and compressing a target machine mac value, a public key in a generated provider key pair and an operation shell jar packet encrypted by a random value into the shell packet.
Step C20, the shell package is sent to the service partner, so that the service partner can start the operation shell corresponding to the shell package through a customized development tool, and a code file request is sent to the service provider;
In this embodiment, the shell package is sent to the service partner, so that the service partner starts the operation shell corresponding to the shell package through the customized development tool, specifically, the shell package is sent to the service partner, and further, the service partner obtains the operation shell jar package encrypted through the random value by decompressing the shell package, decrypts the operation shell jar package encrypted through the random value based on the random value from the service provider, obtains the operation shell, further starts the operation shell corresponding to the shell package through the customized development tool, and sends the code file request to the service provider, wherein, the specific step of sending the code file request to the service provider can refer to the content in step S20 and the refinement step thereof, and further, the code file request is sent to the service provider by starting the operation shell corresponding to the shell package through the customized development tool.
And step C30, transmitting an encrypted binary code file to the service partner by responding to the code file request, so that the service partner can convert the encrypted binary code file into a target binary code file to load by calling security conversion logic in a core class loader for loading a core java class in the customized development tool, so as to deploy the java application.
In this embodiment, the code security conversion logic includes decryption logic and data flag removal logic.
Specifically, by responding to the code file request, sending an encrypted binary code file to the service partner, so that the service partner can decrypt the encrypted binary code file into a binary code disguise file by calling decryption logic in a core class loader for loading a core java class in the customized development tool, and further, removing a data mark in the binary code disguise file by calling data mark removal logic in the core class loader, so as to obtain the target binary code file, and further, loading the target binary code file to deploy the java application, wherein the specific process of loading the target binary code file by the service partner based on the encrypted binary code file can refer to the content in step S30 and the refinement step thereof, and is not repeated herein.
Further, in step C30, the step of sending the encrypted binary code file to the service partner by responding to the code file request includes:
step C31, receiving the code file request, and verifying whether the service partner is a valid partner or not based on the current equipment address information in the code file request;
In this embodiment, the code file request is received, and based on the current device address information in the code file request, it is verified whether the service partner is a valid partner, specifically, the code file request is received, and by judging whether the current device address information in the code file request is valid device address information, it is verified whether the service partner is a valid partner,
And step C32, if the service partner is verified to be the valid partner, sending the encrypted binary code file to the service partner.
In this embodiment, if the current device address information in the code file request is valid device address information, it is verified that the service partner is the valid partner, the encrypted binary code file is sent to the service partner, and if the current device address information in the code file request is not valid device address information, it is verified that the service partner is not the valid partner, an abnormal command is sent to the service partner to indicate that the service partner is not a valid partner.
Compared with the technical means adopted in the prior art that an encrypted jar package and encryption are directly delivered to a service partner to deploy the java application, the embodiment of the application firstly obtains the equipment address information of the service partner and generates the shell package corresponding to the java application and provided with the equipment address information, then the shell package is sent to the service partner, so that the service partner starts an operating shell corresponding to the shell package through a customized development tool, sends a code file request to the service provider, further sends an encrypted binary code file to the service partner through responding to the code file request, so that the service partner can load a security conversion logic in a core class loader of a core java class by calling the customized development tool, converts the encrypted binary code file into a target binary code file to load the java class, deploys the java application, even if the service partner delivers the shell package corresponding to a third party, the service partner can not start an operating shell corresponding to the shell package through the customized development tool, the service partner can not be successfully loaded with the core class, the security conversion logic can not be directly loaded into the core class loader, and the security class can not be successfully loaded by the aid of the binary code loader, the security conversion logic can not be successfully loaded into the core class loader, and the security class can be deployed by the service partner can not be directly loaded into the core class loader, and further, the technical defect that the source code is leaked due to the fact that the code for deploying the java application is leaked to the third party by the service partner when the java application is remotely deployed in the prior art is overcome, and the safety of the java application in remote deployment is improved.
Referring to fig. 6, fig. 6 is a schematic device structure diagram of a hardware running environment according to an embodiment of the present application.
As shown in fig. 6, the java application remote deployment device may include: a processor 1001, such as a CPU, memory 1005, and a communication bus 1002. Wherein a communication bus 1002 is used to enable connected communication between the processor 1001 and a memory 1005. The memory 1005 may be a high-speed RAM memory or a stable memory (non-volatile memory), such as a disk memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
Optionally, the java application remote deployment device may further include a rectangular user interface, a network interface, a camera, an RF (Radio Frequency) circuit, a sensor, an audio circuit, a WiFi module, and so on. The rectangular user interface may include a Display screen (Display), an input sub-module such as a Keyboard (Keyboard), and the optional rectangular user interface may also include a standard wired interface, a wireless interface. The network interface may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface).
Those skilled in the art will appreciate that the java application remote deployment device architecture shown in fig. 6 does not constitute a limitation of the java application remote deployment device, and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
As shown in fig. 6, an operating system, a network communication module, and a java application remote deployment program may be included in the memory 1005 as one type of computer storage medium. The operating system is a program for managing and controlling the remote deployment of equipment hardware and software resources by the java application, and supports the remote deployment of the java application and the running of other software and/or programs. The network communication module is used for realizing communication among components in the memory 1005 and communication among other hardware and software in the java application remote deployment system.
In the java application remote deployment device shown in fig. 6, the processor 1001 is configured to execute a java application remote deployment program stored in the memory 1005, to implement the steps of the java application remote deployment method described in any one of the foregoing.
The specific implementation manner of the java application remote deployment device is basically the same as that of each embodiment of the java application remote deployment method, and is not repeated here.
The embodiment of the application also provides a java application remote deployment device, which is applied to a service partner and comprises:
the installation module is used for acquiring the operation shell of the service provider;
the acquisition module is used for starting the running shell through a customized development tool and acquiring an encrypted binary code file corresponding to the java application of the service provider;
the loading module is used for converting the encrypted binary code file into a target binary code file for loading by calling security conversion logic in a core class loader for loading the core java class so as to deploy the java application.
Optionally, the loading module is further configured to:
decrypting the encrypted binary code file into a binary code masquerade file by invoking the decryption logic;
removing the data mark in the binary code disguised file by calling the data mark removing logic to obtain the target binary code file;
and loading the target binary code file.
Optionally, the loading module is further configured to:
Acquiring a local equipment ip address of the service partner;
based on the local equipment ip address, carrying out byte polling on the binary code disguised file, and positioning each data mark in the binary code disguised file;
Deleting each data mark in the binary code disguising file to obtain the target binary code file.
Optionally, the acquiring module is further configured to:
starting the running shell through the customized development tool to switch the main thread to the target thread;
Acquiring current equipment address information of the service partner through the target thread, and sending a code file request with the current equipment address information to the service provider so that the service provider can verify whether the service partner is a valid partner;
If the service provider verifies that the service partner is a valid partner, receiving an encrypted binary code file which is fed back by the service provider and is in response to the code file request;
And if the service provider verifies that the service partner is not a valid partner, receiving an abnormal instruction which is fed back by the service provider and is in response to the code file request, and returning to execute the step of acquiring the current equipment address information of the service partner through the target thread.
Optionally, the java application remote deployment device is further configured to:
counting the accumulated times of receiving the abnormal instructions;
and if the accumulated times are greater than a preset accumulated times threshold, invoking self-destruction logic in the customized development tool through the target thread, and executing a preset program self-destruction flow.
Optionally, the acquiring module is further configured to:
detecting a specific quiet shutdown exception caused by a system start event thrown by the main thread;
intercepting the specific quiet closing exception through a preset specific exception handling class in the operation shell;
and commanding the main thread to execute the graceful shutdown logic, and starting the target thread after the main thread finishes executing the graceful shutdown logic.
Optionally, the mounting module is further configured to:
receiving a shell packet sent by a service provider and acquiring local equipment address information;
decompressing the shell package to obtain a text to be decrypted and a jar package to be decrypted;
Decrypting the text to be decrypted in the shell package to obtain the shell package equipment address information;
if the shell package equipment address information is not matched with the local equipment address information, destroying the shell package;
And if the shell package equipment address information is matched with the local equipment address information, decrypting the jar package to be decrypted based on the target random value obtained by requesting the service provider to obtain the operation shell.
Optionally, the java application remote deployment device is further configured to:
acquiring the running time of the java application, and judging whether the running time is larger than a preset running time threshold;
If the running time is greater than the preset running time threshold, returning to execute the step of acquiring the encrypted binary code file corresponding to the java application from the service provider, loading the encrypted binary code file, and judging whether the service provider is in the service validity period;
If the service provider is in the service validity period, returning to the step of executing the operation time of obtaining the java application;
And if the service provider is not in the service validity period, clearing the loaded java class file corresponding to the java application.
The specific implementation manner of the java application remote deployment device is basically the same as the above-mentioned java application remote deployment method embodiments, and will not be described in detail herein.
The embodiment of the application also provides a java application remote deployment device, which is applied to the service provider and comprises:
the generation module is used for acquiring the equipment address information of the service partner and generating a shell packet with the equipment address information corresponding to the java application;
The sending module is used for sending the shell package to the service partner so that the service partner can start the operation shell corresponding to the shell package through a customized development tool and send a code file request to the service provider;
And the response module is used for transmitting the encrypted binary code file to the service partner by responding to the code file request so that the service partner can convert the encrypted binary code file into a target binary code file to load by calling the security conversion logic in the core class loader for loading the core java class in the customized development tool so as to deploy the java application.
Optionally, the response module is further configured to:
receiving the code file request, and verifying whether the service partner is a valid partner based on current equipment address information in the code file request;
and if the service partner is verified to be the valid partner, sending the encrypted binary code file to the service partner.
The specific implementation manner of the java application remote deployment device is basically the same as the above-mentioned java application remote deployment method embodiments, and will not be described in detail herein.
An embodiment of the present application provides a readable storage medium, where one or more programs are stored, and the one or more programs are further executable by one or more processors to implement the steps of the java application remote deployment method described in any one of the above.
The specific implementation manner of the readable storage medium of the present application is basically the same as the above-mentioned embodiments of the java application remote deployment method, and will not be described herein.
Embodiments of the present application provide a computer program product, and the computer program product includes one or more computer programs, which may be further executed by one or more processors to implement the steps of the java application remote deployment method described in any of the above.
The specific implementation manner of the computer program product of the present application is basically the same as the above-mentioned embodiments of the java application remote deployment method, and will not be described herein.
The foregoing description is only of the preferred embodiments of the present application, and is not intended to limit the scope of the application, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein, or any application, directly or indirectly, within the scope of the application.

Claims (11)

1. The remote deployment method for the java application is characterized by being applied to a service partner and comprising the following steps of:
acquiring an operation shell of a service provider; the operation shell is an operation program package with the capability of encrypting, decrypting and compiling codes;
Starting the running shell through a customized development tool to obtain an encrypted binary code file corresponding to java application of the service provider; the customized development tool is a development tool for starting the running shell;
Decrypting the encrypted binary code file into a binary code masquerade file by calling a decryption logic;
Acquiring a local equipment ip address of the service partner;
Determining target byte polling times and the number of data marks based on the address values in the ip address of the local device, performing byte polling on the binary code masquerade file according to the target byte polling times and the number of the data marks, and when the number of the byte polling times reaches the target byte polling times, taking the current polling position as a data mark inserting position, and positioning each data mark based on the data mark inserting position and the number of the data marks; each of the data flags is set to 0 or 1;
Deleting each data mark in the binary code disguised file to obtain a target binary code file;
And loading the target binary code file to deploy the java application.
2. The remote deployment method of java applications according to claim 1, wherein the step of obtaining the encrypted binary code file corresponding to the java applications of the service provider by starting the running shell through a customized development tool comprises:
starting the running shell through the customized development tool to switch the main thread to the target thread;
Acquiring current equipment address information of the service partner through the target thread, and sending a code file request with the current equipment address information to the service provider so that the service provider can verify whether the service partner is a valid partner;
If the service provider verifies that the service partner is a valid partner, receiving an encrypted binary code file which is fed back by the service provider and is in response to the code file request;
And if the service provider verifies that the service partner is not a valid partner, receiving an abnormal instruction which is fed back by the service provider and is in response to the code file request, and returning to execute the step of acquiring the current equipment address information of the service partner through the target thread.
3. The remote deployment method of java application according to claim 2, further comprising, after the step of receiving an exception instruction fed back by the service provider in response to the code file request:
counting the accumulated times of receiving the abnormal instructions;
and if the accumulated times are greater than a preset accumulated times threshold, invoking self-destruction logic in the customized development tool through the target thread, and executing a preset program self-destruction flow.
4. The java application remote deployment method according to claim 2, wherein the step of switching the main thread to the target thread comprises:
detecting a specific quiet shutdown exception caused by a system start event thrown by the main thread;
intercepting the specific quiet closing exception through a preset specific exception handling class in the operation shell;
and commanding the main thread to execute the graceful shutdown logic, and starting the target thread after the main thread finishes executing the graceful shutdown logic.
5. The method for remotely deploying a java application according to claim 1, wherein the step of obtaining the runtime shell from the service provider comprises:
receiving a shell packet sent by a service provider and acquiring local equipment address information;
decompressing the shell package to obtain a text to be decrypted and a jar package to be decrypted;
Decrypting the text to be decrypted in the shell package to obtain the shell package equipment address information;
if the shell package equipment address information is not matched with the local equipment address information, destroying the shell package;
And if the shell package equipment address information is matched with the local equipment address information, decrypting the jar package to be decrypted based on the target random value obtained by requesting the service provider to obtain the operation shell.
6. The remote deployment method of java applications according to any one of claims 1-5, further comprising, after the step of deploying the java applications:
acquiring the running time of the java application, and judging whether the running time is larger than a preset running time threshold;
If the running time is greater than the preset running time threshold, returning to execute the step of acquiring the encrypted binary code file corresponding to the java application from the service provider, loading the encrypted binary code file, and judging whether the service provider is in the service validity period;
If the service provider is in the service validity period, returning to the step of executing the operation time of obtaining the java application;
And if the service provider is not in the service validity period, clearing the loaded java class file corresponding to the java application.
7. The remote deployment method for the java application is characterized by being applied to a service provider and comprising the following steps of:
acquiring equipment address information of a service partner, and generating a shell packet with the equipment address information corresponding to java application;
The shell package is sent to the service partner, so that the service partner can start the operation shell corresponding to the shell package through a customized development tool, and a code file request is sent to the service provider; the operation shell is an operation program package with the capability of encrypting, decrypting and compiling codes; the customized development tool is a development tool for starting the running shell;
Sending an encrypted binary code file to the service partner in response to the code file request, so that the service partner decrypts the encrypted binary code file into a binary code disguised file by calling decryption logic; acquiring a local equipment ip address of the service partner; determining target byte polling times and the number of data marks based on the address values in the ip address of the local device, performing byte polling on the binary code masquerade file according to the target byte polling times and the number of the data marks, and when the number of the byte polling times reaches the target byte polling times, taking the current polling position as a data mark inserting position, and positioning each data mark based on the data mark inserting position and the number of the data marks; each of the data flags is set to 0 or 1; deleting each data mark in the binary code disguised file to obtain a target binary code file; and loading the target binary code file to deploy the java application.
8. The remote deployment method of java applications according to claim 7, wherein said step of transmitting an encrypted binary code file to said service partner by responding to said code file request comprises:
receiving the code file request, and verifying whether the service partner is a valid partner based on current equipment address information in the code file request;
and if the service partner is verified to be the valid partner, sending the encrypted binary code file to the service partner.
9. The java application remote deployment device is characterized by comprising:
the installation module is used for acquiring the operation shell of the service provider; the operation shell is an operation program package with the capability of encrypting, decrypting and compiling codes;
The acquisition module is used for starting the running shell through a customized development tool and acquiring an encrypted binary code file corresponding to the java application of the service provider; the customized development tool is a development tool for starting the running shell;
The loading module is used for decrypting the encrypted binary code file into a binary code disguising file by calling decryption logic; acquiring a local equipment ip address of the service partner; determining target byte polling times and the number of data marks based on the address values in the ip address of the local device, performing byte polling on the binary code masquerade file according to the target byte polling times and the number of the data marks, and when the number of the byte polling times reaches the target byte polling times, taking the current polling position as a data mark inserting position, and positioning each data mark based on the data mark inserting position and the number of the data marks; each of the data flags is set to 0 or 1; deleting each data mark in the binary code disguised file to obtain a target binary code file; and loading the target binary code file to deploy the java application.
10. The java application remote deployment device is characterized by comprising:
the generation module is used for acquiring the equipment address information of the service partner and generating a shell packet with the equipment address information corresponding to the java application;
The sending module is used for sending the shell package to the service partner so that the service partner can start the operation shell corresponding to the shell package through a customized development tool and send a code file request to the service provider; the operation shell is an operation program package with the capability of encrypting, decrypting and compiling codes; the customized development tool is a development tool for starting the running shell;
The response module is used for sending an encrypted binary code file to the service partner by responding to the code file request so that the service partner can decrypt the encrypted binary code file into a binary code disguise file by calling decryption logic; acquiring a local equipment ip address of the service partner; determining target byte polling times and the number of data marks based on the address values in the ip address of the local device, performing byte polling on the binary code masquerade file according to the target byte polling times and the number of the data marks, and when the number of the byte polling times reaches the target byte polling times, taking the current polling position as a data mark inserting position, and positioning each data mark based on the data mark inserting position and the number of the data marks; each of the data flags is set to 0 or 1; deleting each data mark in the binary code disguised file to obtain a target binary code file; and loading the target binary code file to deploy the java application.
11. The java application remote deployment device is characterized by comprising: a memory, a processor and a program stored on the memory for implementing the java application remote deployment method,
The memory is used for storing a program for realizing a java application remote deployment method;
The processor is configured to execute a program for implementing the java application remote deployment method, so as to implement the steps of the java application remote deployment method according to any one of claims 1 to 6 or 7 to 8.
CN202110507250.4A 2021-05-10 2021-05-10 Remote deployment method, device and equipment for java application Active CN113238762B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110507250.4A CN113238762B (en) 2021-05-10 2021-05-10 Remote deployment method, device and equipment for java application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110507250.4A CN113238762B (en) 2021-05-10 2021-05-10 Remote deployment method, device and equipment for java application

Publications (2)

Publication Number Publication Date
CN113238762A CN113238762A (en) 2021-08-10
CN113238762B true CN113238762B (en) 2024-07-02

Family

ID=77133023

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110507250.4A Active CN113238762B (en) 2021-05-10 2021-05-10 Remote deployment method, device and equipment for java application

Country Status (1)

Country Link
CN (1) CN113238762B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115292747B (en) * 2022-08-01 2024-01-30 国投智能科技有限公司 File protection method and device, electronic equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103218549A (en) * 2012-01-19 2013-07-24 阿里巴巴集团控股有限公司 Method and device for encrypting and decrypting Java source code
CN112733094A (en) * 2021-01-12 2021-04-30 深圳伯医科技有限公司 Safety protection method for Java application program

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0024918D0 (en) * 2000-10-11 2000-11-22 Sealedmedia Ltd Method of providing java tamperproofing
US7398523B2 (en) * 2004-08-19 2008-07-08 International Business Machines Corporation Adaptive class loading
US8510728B2 (en) * 2010-06-30 2013-08-13 International Business Machines Corporation Dynamic determination of application server runtime classloading
CN103440161B (en) * 2013-08-15 2017-03-29 北京京东尚科信息技术有限公司 A kind of Java virtual machine internal object monitoring method, device and system
CN103544415B (en) * 2013-10-25 2015-08-12 江苏通付盾信息科技有限公司 A kind of reinforcement means of mobile platform application software
KR101749209B1 (en) * 2015-05-22 2017-06-20 한양대학교 산학협력단 Method and apparatus for hiding information of application, and method and apparatus for executing application
CN106203005A (en) * 2016-07-11 2016-12-07 福建方维信息科技有限公司 A kind of various dimensions authorization encryption method based on WEB platform software and system
CN106650341A (en) * 2016-11-18 2017-05-10 湖南鼎源蓝剑信息科技有限公司 Android application reinforcement method based on the process confusion technology
CN107480478B (en) * 2017-08-14 2019-08-13 钟尚亮 A kind of encryption method and operation method of JAVA application program
CN108958927B (en) * 2018-05-31 2023-04-18 康键信息技术(深圳)有限公司 Deployment method and device of container application, computer equipment and storage medium
CN110659468B (en) * 2019-08-21 2022-02-15 江苏大学 File encryption and decryption system based on C/S architecture and speaker identification technology
CN111310218A (en) * 2020-02-28 2020-06-19 云知声智能科技股份有限公司 Method and device for protecting java class core file
CN111552931A (en) * 2020-04-30 2020-08-18 平安科技(深圳)有限公司 Method and system for adding shell of java code
CN111737718A (en) * 2020-07-17 2020-10-02 平安国际智慧城市科技股份有限公司 Encryption and decryption method and device for jar packet, terminal equipment and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103218549A (en) * 2012-01-19 2013-07-24 阿里巴巴集团控股有限公司 Method and device for encrypting and decrypting Java source code
CN112733094A (en) * 2021-01-12 2021-04-30 深圳伯医科技有限公司 Safety protection method for Java application program

Also Published As

Publication number Publication date
CN113238762A (en) 2021-08-10

Similar Documents

Publication Publication Date Title
US9934375B2 (en) Secured execution of a web application
CN107220083B (en) Method and system for installation-free operation of application program in android system
US8447970B2 (en) Securing out-of-band messages
CN110866226B (en) JAVA application software copyright protection method based on encryption technology
US20090276620A1 (en) Client authentication during network boot
JP6880071B2 (en) Processing methods to prevent copy attacks, servers and clients
CN109145628B (en) Data acquisition method and system based on trusted execution environment
WO2023151504A1 (en) Internet of things-based data processing method and apparatus
CN112257093A (en) Authentication method of data object, terminal and storage medium
CN111460410A (en) Server login method, device and system and computer readable storage medium
CN113238762B (en) Remote deployment method, device and equipment for java application
US7721100B2 (en) Granting an access to a computer-based object
CN112751866B (en) Network data transmission method and system
CN103034811B (en) A kind of method, system and device of file process
EP1998575A2 (en) Wireless Terminal Apparatus and Method of Protecting System Resources
CN106648770B (en) Generation method, loading method and device of application program installation package
CN116305005A (en) Application method, device and system of software encryption service
JP2008040853A (en) Application execution method and application execution device
CN109145599B (en) Protection method for malicious viruses
CN112738643B (en) System and method for realizing safe transmission of monitoring video by using dynamic key
CN114579145A (en) Software deployment method and device, computer equipment and storage medium
US11108744B2 (en) Network encryption methods for realizing encryption of local area networks at the bottom layer driver of network cards of embedded devices
CN117527267B (en) Method and system for controlling remote data based on secret calculation
KR100844846B1 (en) Method for secure booting in IP-TV end system
CN112395604B (en) System monitoring login protection method, client, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant