我的客户有一台符合JavaEE的服务器。我向他发送了一些war-Files和相应的校验和以进行部署。现在,我想防止操作员在部署之前操纵war文件。
是否有可能在服务器启动时验证war文件和校验和?是否有可能获取当前已部署的war文件的校验和?例如是否已经有这样的功能JBoss EAP?
问候,六甲
答案 0 :(得分:0)
在部署时会对托管部署(war / ear / jar)进行哈希处理:可通过jboss-cli访问此哈希值:
/deployment=helloworld-mdb.war:read-resource(include-runtime) {
"outcome" => "success",
"result" => {
"content" => [{"hash" => bytes {
0xd1, 0xa1, 0x0a, 0xb1, 0x0a, 0xe5, 0xd9, 0xeb,
0x9d, 0x86, 0xba, 0x66, 0x8e, 0x24, 0x14, 0xc0,
0x13, 0x72, 0xd1, 0x1a
}}],
"disabled-time" => undefined,
"disabled-timestamp" => undefined,
"enabled" => true,
"enabled-time" => 1546534691069L,
"enabled-timestamp" => "2019-01-03 17:58:11,069 CET",
"managed" => true,
"name" => "helloworld-mdb.war",
"owner" => undefined,
"persistent" => true,
"runtime-name" => "helloworld-mdb.war",
"status" => "OK",
"subdeployment" => undefined,
"subsystem" => {
"messaging-activemq" => undefined,
"undertow" => undefined,
"ejb3" => undefined,
"logging" => undefined
}
} }
您可以看到以字节为单位的“哈希”