SpringBoot自定义maven-plugin插件整合asm代码插桩

郏稳
2023-12-01

背景

公司开发框架增加了web系统license授权证书校验模块,实行一台机器一个授权证书,初步方案是增加拦截器针对全局请求进行拦截校验,评估后认为校验方式单一,应该增加重要工具类,业务service实现中每个方法的进行校验,因为涉及代码量较大硬编码工作困难,故选择通过自定义maven插件在编译期间进行动态代码插桩操作

项目配置

新建maven项目设置打包方式

<packaging>maven-plugin</packaging>

增加依赖项

		 <!--使用doc的方式-->
        <dependency>
            <groupId>org.apache.maven</groupId>
            <artifactId>maven-plugin-api</artifactId>
            <version>3.5.2</version>
        </dependency>
		<!--使用注解的方式-->
        <dependency>
            <groupId>org.apache.maven.plugin-tools</groupId>
            <artifactId>maven-plugin-annotations</artifactId>
            <version>3.5.2</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>org.apache.maven</groupId>
            <artifactId>maven-project</artifactId>
            <version>2.2.1</version>
        </dependency>
        <dependency>
            <groupId>org.ow2.asm</groupId>
            <artifactId>asm</artifactId>
            <version>9.0</version>
        </dependency>

build内容配置

	 <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-plugin-plugin</artifactId>
                <version>3.5</version>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.6.1</version>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                </configuration>
            </plugin>
        </plugins>

编译拦截

创建编译操作类FramePlugin,继承AbstractMojo并使用Mojo注解标注,output参数是class文件编译后路径

@Mojo(name = "deepcompile", defaultPhase = LifecyclePhase.COMPILE)
public class FramePlugin extends AbstractMojo {
    @Parameter(name = "output", defaultValue = "${project.build.directory}")
    private File output;
    public void execute() throws MojoExecutionException {
        File f = ;
        if (!f.exists()) {
            f.mkdirs();
        }
        try {
 			insertPile(f);
        } catch (Exception e) {
            exceptioncount++;
            e.printStackTrace();
        }
    }

ASM插桩

新建ClassVisitor重写visitMethod方法来过滤访问需要插桩的方法,需要排除自带的init方法

public class MethodCoverageClassVisitor extends ClassVisitor {
    public MethodCoverageClassVisitor(ClassVisitor classVisitor) {
        super(Opcodes.ASM9, classVisitor);
    }

    @Override
    public MethodVisitor visitMethod(int access, String name, String descriptor, String signature,
                                     String[] exceptions) {
        final MethodVisitor methodVisitor = super.visitMethod(access, name, descriptor, signature, exceptions);
        if (name.equals("<init>")) {
            return methodVisitor;
        }
        return new MethodCoverageMethodVisitor(Opcodes.ASM9, methodVisitor);
    }
}

新建MethodVisitor重写visitCode方法针对方法内部字节码进行自定义操作,这里是使用框架内部封装好的一个静态方法来校验license证书

public class MethodCoverageMethodVisitor extends MethodVisitor {
    public MethodCoverageMethodVisitor(int api, MethodVisitor methodVisitor) {
        super(api, methodVisitor);
    }

    @Override
    public void visitCode() {
        mv.visitFieldInsn(Opcodes.INVOKESTATIC, "com/xxxx/frame/common/utils/ComplieSDK", "checkLicense", "()V");
    }
}

最后在execute中进行文件递归查找调用,就是将已经编译的class文件读取/自定义操作后保存

 private void insertPile(File root) throws IOException {
        if (root.isDirectory()) {
            for (File file : root.listFiles()) {
                insertPile(file);
            }
        }
        String className = root.getName().replace(".class", "");
        if (root.getName().endsWith(".class")) {
            //class筛选
            boolean flag = false;
         	//自定义的class文件筛选条件代码
            if (flag) {
                System.out.println("【insertPile】:" + className);
                FileOutputStream fos = null;
                try {
                    final byte[] instrumentBytes = doInsertPile(root);
                    fos = new FileOutputStream(root);
                    fos.write(instrumentBytes);
                    fos.flush();
                } catch (MojoExecutionException e) {
                    System.out.println("【insertPile-exception】:" + className);
                    e.printStackTrace();
                } finally {
                    if (fos != null) {
                        fos.close();
                    }
                }
            }
        }
    }

项目使用

maven-plugin项目执行mvn install安装到本地仓库

框架项目配置自定义maven插件进行打包,配置执行的声明周期为complie(编译),这里goal自定义命令名称需要和mojo注解标注类中指定的name名称一致

 		 <plugin>
                <groupId>com.xxxxx</groupId>
                <artifactId>frame-maven-plugin</artifactId>
                <version>1.2.5</version>
                <executions>
                    <execution>
                        <goals>
                            <!-- 执行目标 -->
                            <goal>deepcompile</goal>
                        </goals>
                        <!-- 执行这个目标所在的生命周期 -->
                        <phase>compile</phase>
                    </execution>
                </executions>
            </plugin>
 类似资料: