Contrast配置

Contrast Security 配置过程

Contrast对application的漏洞检测和自动防御功能通过这么个手段：将Contrast 客户端配置到项目依赖中，然后配置Contrast随liberty启动而工作，之后就可在Contrast UI中可视化application漏洞检测结果。

Maven配置Contrast：
在pom.xml中配置下面信息，

<contrast.version>3.6.3</contrast.version>
<contrast.build>8220</contrast.build>

<!--cargo插件中配置如下：-->
<plugin>
    <groupId>org.codehaus.cargo</groupId>
    <artifactId>cargo-maven2-plugin</artifactId>
    <version>1.7.3</version>
    <configuration>
        <container>
        <containerId>Liberty</containerId>
        </container>
        <deployables>
        <deployable>
            <artifactId>contrast-maven-cargo</artifactId>
            <properties>
            <context>/</context>
            </properties>
        </deployable>
        </deployables>
    </configuration>
    <executions>
        <execution>
        <id>start-app-before-IT</id>
        <goals>
            <goal>start</goal>
        </goals>
        <phase>pre-integration-test</phase>
        <configuration>
            <configuration>
            <properties>
                <cargo.jvmargs>
                -javaagent:${project.build.directory}/dependency/contrast-agent-${contrast.version}.jar
                -Dcontrast.config.path=${your contrast path dir}/contrast.yml
                -Dcontrast.application.name=maven-cargo-how-to
                </cargo.jvmargs>
            </properties>
            </configuration>
        </configuration>
        </execution>
        <execution>
        <id>stop-app-after-IT</id>
        <goals>
            <goal>stop</goal>
        </goals>
        <phase>post-integration-test</phase>
        </execution>
    </executions>
</plugin>

在grale中配置Contrast方式如下:
build.gradle配置中添加下面信息,

configurations {
    contrastAgent
}

def contrast_version = "3.6.3"
def contrast_build = "8220"

dependencies {
    contrastAgent "com.contrastsecurity:contrast-agent:${contrast_version}.${contrast_build}"
}

# 添加用于将agent复制到项目目录中的任务
task copyAgent(type: Copy) {
    from configurations.contrastAgent
    into "${projectDir}/lib"
    rename "contrast-agent-*.*.*.jar", "contrast-agent-${contrast_version}.jar"
}

run.dependsOn copyAgent
assemble.dependsOn copyAgent

# 附带Contrast运行应用
application {
    def agentBuildPath = "lib/contrast-agent-${contrast_version}.jar"
    def agentProjectPath = Paths.get(getProjectDir().toURI()).resolve(agentBuildPath)

    applicationDefaultJvmArgs = [
            "-javaagent:${agentProjectPath.toString()}"
    ]
}

如果需要配置分布式插件，使其在运行gradle build时创建的包中包含ContrastJAR，可参考Contrast-Document-Step7.