1. Maven构建

第一步获取Maven构建的项目,只有用Maven构建的java项目,我们才能够Maven进行构建部署。
下面这个是我用来练手的项目。自己也可以到github上找到。

此处Maven环境配置略过。多提一句,这里包括Maven的本地环境变量的配置和本地仓库的配置,自行问度娘

#PS 进入你自己的Maven项目文件夹,我的是G:\yj-work\java-code\jeeplus-open
PS C:\Users\本阿信> cd G:\yj-work\java-code\jeeplus-open
PS G:\yj-work\java-code\jeeplus-open> ls


    目录: G:\yj-work\java-code\jeeplus-open


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        2020/1/10     16:26                .idea
d-----         2020/1/9     11:03                .settings
d-----         2020/1/9     11:03                src
d-----         2020/1/9     11:03                target
-a----         2020/1/9     11:03           1350 .classpath
-a----         2020/1/9     11:03           1444 .project
-a----         2016/9/4      9:11          10252 LICENSE
-a----         2016/9/4      9:11          23054 pom.xml
-a----         2016/9/4      9:11            371 README.md

1.1 effective-pom构建

如上,关键pom属性;
上面可以看到maven构建的pom.xml文件。输入命令mvn help:effective-pom
Maven 将会开始处理并显示 effective-pom。如下:

PS G:\yj-work\java-code\jeeplus-open> mvn help:effective-pom
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for jeeplus:jeeplus:war:1.0.0-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: javax.servlet.jsp:jsp-api:jar -> version 2.1 vs 2.2 @ line 278, column 21
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] --------------------------< jeeplus:jeeplus >---------------------------
[INFO] Building jeeplusx 1.0.0-SNAPSHOT
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-help-plugin:3.2.0:effective-pom (default-cli) @ jeeplus ---
Downloading from alimaven: http://maven.aliyun.com/nexus/content/groups/public/org/apache/maven/maven-model/3.6.1/maven-model-3.6.1.pom
Downloaded from alimaven: http://maven.aliyun.com/nexus/content/groups/public/org/apache/maven/maven-model/3.6.1/maven-model-3.6.1.pom (4.0 kB at 4.1 kB/s)
Downloading from alimaven: http://maven.aliyun.com/nexus/content/groups/public/org/apache/maven/maven/3.6.1/maven-3.6.1.pom
Downloaded from alimaven: http://maven.aliyun.com/nexus/content/groups/public/org/apache/maven/maven/3.6.1/maven-3.6.1.pom (24 kB at 95 kB/s)

###################################################
################中间具体下载过程略:>##################
###################################################

我把这下面的部分,特意区分出来,方便看的更清楚,当我们对项目进行构建时,我们可以看到项目相关的一些元素。有的时候,当我们还是新手的时候,这样的控制台输出真的会令人激动!@-@

`如下,maven回显出有关于jeeplus的Effective POMs`[INFO]
Effective POMs, after inheritance, interpolation, and profiles are applied:

<?xml version="1.0" encoding="GBK"?>
<!-- ====================================================================== -->
<!--                                                                        -->
<!-- Generated by Maven Help Plugin on 2020-01-19T15:52:57+08:00            -->
<!-- See: http://maven.apache.org/plugins/maven-help-plugin/                -->
<!--                                                                        -->
<!-- ====================================================================== -->
<!-- ====================================================================== -->
<!--                                                                        -->
<!-- Effective POM for project 'jeeplus:jeeplus:war:1.0.0-SNAPSHOT'         -->
<!--                                                                        -->
<!-- ====================================================================== -->

###################################################
######中间具体groupid、artifactid等配置略:>###########
###################################################

[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  12.235 s
[INFO] Finished at: 2020-01-19T15:53:00+08:00
[INFO] ------------------------------------------------------------------------

在上面的pom.xml中可以看到 Maven 在执行目标时需要用到的默认工程源码目录结构、输出目录、需要的插件、仓库和报表目录。Maven 的 pom.xml 文件也不需要手工编写。Maven 提供了大量的原型插件来创建工程,包括工程结构和pom.xml

2 properties文件配置

进入jeeplus项目,根据自己电脑的不同环境,对properties文件进行配置,自定义配置sql数据如\src\main\resources\jeeplus.properties;比如本地运行的为mysql数据库,我单单把mysql数据库的配置代码贴出来,如下:

#mysql database setting
jdbc.type=mysql
jdbc.driver=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://localhost:3306/jeeplus_schema?useUnicode=true&characterEncoding=utf-8
jdbc.username=root
jdbc.password=root

把mysql数据库的账号密码设置成本地的数据库账号密码就好,比如我本地的mysql账号密码均为root,填上正确即可,不然会报错。然后打开mysqld,下一步就进行maven构建。

3 maven测试

3.1 test

输入mvn test,查看maven构建java项目是否存在报错:

PS G:\yj-work\java-code\jeeplus-open> mvn test
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for jeeplus:jeeplus:war:1.0.0-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: javax.servlet.jsp:jsp-api:jar -> version 2.1 vs 2.2 @ line 278, column 21
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] --------------------------< jeeplus:jeeplus >---------------------------
[INFO] Building jeeplusx 1.0.0-SNAPSHOT
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ jeeplus ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 65 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.3:compile (default-compile) @ jeeplus ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 258 source files to G:\yj-work\java-code\jeeplus-open\target\classes
[INFO] /G:/yj-work/java-code/jeeplus-open/src/main/java/com/jeeplus/modules/tools/utils/HttpPostTest.java: 某些输入文件使用或覆盖了已过时的 API。
[INFO] /G:/yj-work/java-code/jeeplus-open/src/main/java/com/jeeplus/modules/tools/utils/HttpPostTest.java: 有关详细信息, 请使用 -Xlint:deprecation 重新编译。
[INFO] /G:/yj-work/java-code/jeeplus-open/src/main/java/com/jeeplus/common/json/AjaxJson.java: 某些输入文件使用了未经检查或不安全的操作。
[INFO] /G:/yj-work/java-code/jeeplus-open/src/main/java/com/jeeplus/common/json/AjaxJson.java: 有关详细信息, 请使用 -Xlint:unchecked 重新编译。
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ jeeplus ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory G:\yj-work\java-code\jeeplus-open\src\test\resources
[INFO]
[INFO] --- maven-compiler-plugin:3.3:testCompile (default-testCompile) @ jeeplus ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ jeeplus ---
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  10.063 s
[INFO] Finished at: 2020-01-19T16:46:53+08:00
[INFO] ------------------------------------------------------------------------

3.2 clean package

紧接着输入mvn clean package命令;

PS G:\yj-work\java-code\jeeplus-open> mvn clean package
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for jeeplus:jeeplus:war:1.0.0-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: javax.servlet.jsp:jsp-api:jar -> version 2.1 vs 2.2 @ line 278, column 21
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] --------------------------< jeeplus:jeeplus >---------------------------
[INFO] Building jeeplusx 1.0.0-SNAPSHOT
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ jeeplus ---
[INFO] Deleting G:\yj-work\java-code\jeeplus-open\target
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ jeeplus ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 65 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.3:compile (default-compile) @ jeeplus ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 258 source files to G:\yj-work\java-code\jeeplus-open\target\classes
[INFO] /G:/yj-work/java-code/jeeplus-open/src/main/java/com/jeeplus/modules/tools/utils/HttpPostTest.java: 某些输入文件使用或覆盖了已过时的 API。
[INFO] /G:/yj-work/java-code/jeeplus-open/src/main/java/com/jeeplus/modules/tools/utils/HttpPostTest.java: 有关详细信息, 请使用 -Xlint:deprecation 重新编译。
[INFO] /G:/yj-work/java-code/jeeplus-open/src/main/java/com/jeeplus/common/json/AjaxJson.java: 某些输入文件使用了未经检查或不安全的操作。
[INFO] /G:/yj-work/java-code/jeeplus-open/src/main/java/com/jeeplus/common/json/AjaxJson.java: 有关详细信息, 请使用 -Xlint:unchecked 重新编译。
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ jeeplus ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory G:\yj-work\java-code\jeeplus-open\src\test\resources
[INFO]
[INFO] --- maven-compiler-plugin:3.3:testCompile (default-testCompile) @ jeeplus ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ jeeplus ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ jeeplus ---
[INFO] Packaging webapp
[INFO] Assembling webapp [jeeplus] in [G:\yj-work\java-code\jeeplus-open\target\jeeplus]
[INFO] Processing war project
[INFO] Copying webapp resources [G:\yj-work\java-code\jeeplus-open\src\main\webapp]
[INFO] Webapp assembled in [19918 msecs]
[INFO] Building war: G:\yj-work\java-code\jeeplus-open\target\jeeplus.war
[INFO] WEB-INF\web.xml already added, skipping
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  38.071 s
[INFO] Finished at: 2020-01-19T16:49:31+08:00
[INFO] ------------------------------------------------------------------------

连着build success!可真是令人激动;我们可以看到maven已经构建好了tomcat部署所需要的war包:[INFO] Building war: G:\yj-work\java-code\jeeplus-open\target\jeeplus.war,直接去对应的绝对路径,把war包ctrl+c到tomcat的webapp文件夹里就好了。

至此部署完毕,对项目查看一下,是否已经部署成功。

验证部署

多说无益,上代码:
进入tomcat/bin/目录,启动tomcat

PS E:\java\tomcat\apache-tomcat-8.5.50\bin> .\startup.bat
Using CATALINA_BASE:   "E:\java\tomcat\apache-tomcat-8.5.50"
Using CATALINA_HOME:   "E:\java\tomcat\apache-tomcat-8.5.50"
Using CATALINA_TMPDIR: "E:\java\tomcat\apache-tomcat-8.5.50\temp"
Using JRE_HOME:        "C:\Program Files\Java\jdk1.8.0_231\jre"
Using CLASSPATH:       "E:\java\tomcat\apache-tomcat-8.5.50\bin\bootstrap.jar;E:\java\tomcat\apache-tomcat-8.5.50\bin\tomcat-juli.jar"

验证是否部署成功: curl localhost/jeeplus

PS E:\java\tomcat\apache-tomcat-8.5.50\bin> curl localhost/jeeplus

StatusCode        : 200
StatusDescription :
Content           :

                    <!DOCTYPE html>
                    <html>

                        <head>
                                <meta name="description" content="User login page" />
                                <meta name="viewport" content="width=device-width, initial-scale=1.0" />
                                <script src="/jeeplus...
RawContent        : HTTP/1.1 200
                    Content-Language: zh-CN
                    Content-Length: 19162
                    Content-Type: text/html;charset=UTF-8
                    Date: Sun, 19 Jan 2020 09:23:26 GMT

ParsedHtml        : mshtml.HTMLDocumentClass
RawContentLength  : 19162

如上,部署成功。返回状态值200。

以上。


其他

上面是Maven创建一个标准化的Java项目,举例:即部署一个maven的项目,我们可以通过上面的方式来进行。更多时候,对于我来说,我高频率使用maven是在对于漏洞的验证和利用阶段,即网上公开的java poc代码诸如此类,显而易见我更倾向于使用java的poc代码而非python代码,由于python语言本身的优势,纵观网上很多python poc在我看来,对于我们理解漏洞原理本身无实际意义,我并不是说python的poc代码不好,而是这门语言太便利了以至于我们可以很方便去复现一个漏洞,这样会导致人们尤其是刚入门的小白很少去思考甚至不思考。

废话不多说,回到本小结上来:

E:\java\hadoop> mvn archetype:generate -D archetypeGroupId=org.apache.maven.archetypes -D groupId=org.conan.myhadoop.mr -D artifactId=myHadoop -D packageName=org.conan.myhadoop.mr -D version=1.0-SNAPSHOT -D interactiveMode=false
回显如下:
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------< org.apache.maven:standalone-pom >-------------------
[INFO] Building Maven Stub Project (No POM) 1
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] >>> maven-archetype-plugin:3.1.2:generate (default-cli) > generate-sources @ standalone-pom >>>
[INFO]
[INFO] <<< maven-archetype-plugin:3.1.2:generate (default-cli) < generate-sources @ standalone-pom <<<
[INFO]
[INFO]
[INFO] --- maven-archetype-plugin:3.1.2:generate (default-cli) @ standalone-pom ---
[INFO] Generating project in Batch mode
[WARNING] No archetype found in remote catalog. Defaulting to internal catalog
[INFO] No archetype defined. Using maven-archetype-quickstart (org.apache.maven.archetypes:maven-archetype-quickstart:1.0)
[INFO] ----------------------------------------------------------------------------
[INFO] Using following parameters for creating project from Old (1.x) Archetype: maven-archetype-quickstart:1.0
[INFO] ----------------------------------------------------------------------------
[INFO] Parameter: basedir, Value: E:\java\hadoop
[INFO] Parameter: package, Value: org.conan.myhadoop.mr
[INFO] Parameter: groupId, Value: org.conan.myhadoop.mr
[INFO] Parameter: artifactId, Value: myHadoop
[INFO] Parameter: packageName, Value: org.conan.myhadoop.mr
[INFO] Parameter: version, Value: 1.0-SNAPSHOT
[INFO] project created from Old (1.x) Archetype in dir: E:\java\hadoop\myHadoop
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  3.491 s
[INFO] Finished at: 2020-02-13T14:35:21+08:00
[INFO] ------------------------------------------------------------------------
PS E:\java\hadoop> cd .\myHadoop\
PS E:\java\hadoop\myHadoop> mvn clean install
[INFO] Scanning for projects...
[INFO]
[INFO] -------------------< org.conan.myhadoop.mr:myHadoop >-------------------
[INFO] Building myHadoop 1.0-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ myHadoop ---
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ myHadoop ---
[WARNING] Using platform encoding (GBK actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] skip non existing resourceDirectory E:\java\hadoop\myHadoop\src\main\resources
[INFO]
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ myHadoop ---
[INFO] Changes detected - recompiling the module!
[WARNING] File encoding has not been set, using platform encoding GBK, i.e. build is platform dependent!
[INFO] Compiling 1 source file to E:\java\hadoop\myHadoop\target\classes
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ myHadoop ---
[WARNING] Using platform encoding (GBK actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] skip non existing resourceDirectory E:\java\hadoop\myHadoop\src\test\resources
[INFO]
[INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ myHadoop ---
[INFO] Changes detected - recompiling the module!
[WARNING] File encoding has not been set, using platform encoding GBK, i.e. build is platform dependent!
[INFO] Compiling 1 source file to E:\java\hadoop\myHadoop\target\test-classes
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ myHadoop ---
[INFO] Surefire report directory: E:\java\hadoop\myHadoop\target\surefire-reports
Downloading from alimaven: http://maven.aliyun.com/nexus/content/groups/public/org/apache/maven/surefire/surefire-junit3/2.12.4/surefire-junit3-2.12.4.pom
Downloaded from alimaven: http://maven.aliyun.com/nexus/content/groups/public/org/apache/maven/surefire/surefire-junit3/2.12.4/surefire-junit3-2.12.4.pom (1.7 kB at 2.0 kB/s)
Downloading from alimaven: http://maven.aliyun.com/nexus/content/groups/public/org/apache/maven/surefire/surefire-providers/2.12.4/surefire-providers-2.12.4.pom
Downloaded from alimaven: http://maven.aliyun.com/nexus/content/groups/public/org/apache/maven/surefire/surefire-providers/2.12.4/surefire-providers-2.12.4.pom (2.3 kB at 7.4 kB/s)
Downloading from alimaven: http://maven.aliyun.com/nexus/content/groups/public/org/apache/maven/surefire/surefire-junit3/2.12.4/surefire-junit3-2.12.4.jar
Downloaded from alimaven: http://maven.aliyun.com/nexus/content/groups/public/org/apache/maven/surefire/surefire-junit3/2.12.4/surefire-junit3-2.12.4.jar (26 kB at 60 kB/s)

-------------------------------------------------------
 T E S T S
-------------------------------------------------------
Running org.conan.myhadoop.mr.AppTest
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.02 sec

Results :

Tests run: 1, Failures: 0, Errors: 0, Skipped: 0

[INFO]
[INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ myHadoop ---
[INFO] Building jar: E:\java\hadoop\myHadoop\target\myHadoop-1.0-SNAPSHOT.jar
[INFO]
[INFO] --- maven-install-plugin:2.4:install (default-install) @ myHadoop ---
[INFO] Installing E:\java\hadoop\myHadoop\target\myHadoop-1.0-SNAPSHOT.jar to D:\Workspace\.m2\repository\org\conan\myhadoop\mr\myHadoop\1.0-SNAPSHOT\myHadoop-1.0-SNAPSHOT.jar
[INFO] Installing E:\java\hadoop\myHadoop\pom.xml to D:\Workspace\.m2\repository\org\conan\myhadoop\mr\myHadoop\1.0-SNAPSHOT\myHadoop-1.0-SNAPSHOT.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  6.062 s
[INFO] Finished at: 2020-02-13T14:36:02+08:00
[INFO] ------------------------------------------------------------------------