import cn.hutool.core.util.ObjectUtil;
import com.alibaba.cloud.nacos.NacosDiscoveryProperties;
import com.zo.config.starter.config.ZoConfigStarterProperties;
import com.zo.config.starter.util.CommonCryptogramUtil;
import javassist.*;
/**
* nacos启动后会有个定时任务定时进行鉴权,com.alibaba.nacos.client.auth.impl.process.HttpLoginProcessor
* <p>
* 此处利用字节码技术在系统启动时动态修改类,将解密后的账号密码设置进去,达到改变代码的目的
* <p>
* nacosDiscoveryProperties是被{@link NacosConnectionEncryption} 解密的
*/
public class NacosHttpLoginProcessorEncryption {
private ZoConfigStarterProperties configProperties;
private NacosDiscoveryProperties nacosDiscoveryProperties;
public NacosHttpLoginProcessorEncryption(ZoConfigStarterProperties properties, NacosDiscoveryProperties nacosDiscoveryProperties) {
this.configProperties = properties;
this.nacosDiscoveryProperties = nacosDiscoveryProperties;
// Nacos账号密码解密后,重写字节码
if (null != this.configProperties && this.configProperties.getMiddleware().getNacos().getActPwdDeciphering()) {
modifyClazz();
}
}
/**
* 解密后设置新的账号及密码
*/
private void modifyClazz() {
try {
ClassPool cp = ClassPool.getDefault();
CtClass cc = cp.get("com.alibaba.nacos.client.auth.impl.process.HttpLoginProcessor");
CtMethod m = cc.getDeclaredMethod("getResponse");
String username = nacosDiscoveryProperties.getUsername();
String password = nacosDiscoveryProperties.getPassword();
if (ObjectUtil.isNotEmpty(username)) {
username = CommonCryptogramUtil.doSm4CbcDecrypt(username);
}
if (ObjectUtil.isNotEmpty(password)) {
password = CommonCryptogramUtil.doSm4CbcDecrypt(password);
}
// 在该类的第一行代码覆盖username/password
m.insertBefore("{properties.setProperty(" + "\"" + "username" + "\"" + "," + "\"" + username + "\"" + ");" +
"properties.setProperty(" + "\"" + "password" + "\"" + "," + "\"" + password + "\"" + ");}");
// 让JVM重新加载字节码
cc.toClass();
} catch (NotFoundException | CannotCompileException e) {
// 直接让系统停止启动
throw new RuntimeException(e);
}
}
}
使用javassist动态修改非spring管理的对象
最新推荐文章于 2023-12-15 15:02:26 发布
该代码段展示了如何在Java中使用Hutool和javassist库动态修改Nacos客户端的HttpLoginProcessor类,以便在系统启动时用解密后的账号密码替换原有的凭证。这个过程涉及到NacosDiscoveryProperties和自定义的解密工具类,目的是在Nacos启动后自动进行鉴权。
摘要由CSDN通过智能技术生成