Spring – Preemptive Support Center

DashO supports both Spring Boot and Spring Framework projects. Read the corresponding section below for details.

Spring Boot

DashO can directly process Spring Boot Jars and WARs. To do that, the Spring Boot handler type needs be configured for the Spring Boot input.

DashO looks for the Spring Boot MANIFEST.MF file to gather information about the project. It automatically treats the classes that are in the folder specified by the Spring-Boot-Classes field (e.g. WEB-INF/classes/ for WARs, BOOT-INF/classes/ for Jars) as the input classes that need to be protected. It automatically treats the libraries in the folder specified by the Spring-Boot-Lib field (e.g. WEB-INF/lib/ for WARs, BOOT-INF/lib/ for Jars) as the support libraries. It automatically treats the package specified by the Start-Class field as an Entry Point for the project.

Because Spring Boot is a convention-based framework relying on annotations, the annotated components discovered at runtime, and things like REST endpoints, database models will be named after the class/method/field names. This means that lots of things should not be renamed to prevent changing the runtime behavior. In-app protection should not change the runtime behavior, but it should make the software harder to reverse-engineer. To make everything work correctly at runtime, certain components should be excluded from Renaming and/or Removal.

The simplest way to configure the required exclusions is to use the Project Wizard with the Web project type. Just provide the Spring Boot package as an input for the wizard and it will configure all the required exclusions and settings to successfully protect the package.

The Web Project Wizard does the following when it discovers a Spring Boot Jar or WAR:

Configures the input to use the Spring Boot handler type.
Configures all the important Spring Boot annotations e.g. org.springframework. packages and javax.persistence. annotations as entry points.
Enables Removal and excludes the Spring Boot and other important packages.
Enables Renaming with the Maintain hierarchy Package Renaming setting and excludes the Spring Boot and other important packages.
Enables Make Synthetic and excludes the Spring Boot and other important packages.

Note: Use Renaming with the Maintain hierarchy Package Renaming setting for a Spring Boot project to work because it can potentially break the Spring Boot component scan at runtime.

Spring Framework

Spring Bean support in PreEmptive Protection™ DashO™ is provided primarily by the Spring Bean special class. It is configured with the class name (or name pattern) and optional entry points (e.g. init, destroy, and factory methods). During processing, the property methods (get*(), is*(), and set*(*)), public constructors, and configured entry points, will be followed to determine unused methods. The class, configured entry points, property methods and non-property methods can be configured to be renamed.

DashO will scan the Spring XML files during each build and will update any class references in the XML if DashO has renamed the corresponding Java class. It will update direct class references as well as class names listed in parameters or argument types. It will also update bean property names and entry point method names if DashO renamed them. Abstract beans (e.g. bean definitions without classes) will also have related property names and method names updated as it is assumed they are related to the renamed beans.

To get the most benefit out of DashO's Spring support, we suggest starting your project by using the New Project Wizard, and then making individual adjustments to the special classes as needed.

The New Project Wizard will identify Spring XML files, scan them for bean class references and configure Spring Bean special classes. When the New Project Wizard finds a bean definition in a Spring XML file, it:

Creates a new Spring Bean special class for the identified class.
Looks for configured init-method or destroy-method attributes in the XML and adds them to the special class as entry points. If no init-method or destroy-method attribute was found, it will check for default-init-method or default-destroy-method attributes, respectively, and instead adds them to the special class as entry points.
Looks for a configured factory-method directly on the bean and adds it to the special class as an entry point.
Looks for configured lookup-method or replaced-method elements and adds them to the special class as entry points.
Looks for constant values referenced using util:constant static-field or the org.springframework.beans.factory.config.FieldRetrievingFactoryBean bean.

Please take a look at the SpringBean sample project as it provides examples of DashO's support.

Note: If you use the factory-bean attribute, you will need to manually add the corresponding factory-method as an entry point on the appropriate class.
If you use replaced-method functionality, you may need to specify the signature using the arg-type elements so the correct method will be identified after renaming.
If you use the FieldRetrievingFactoryBean the targetObject attribute is not supported.