webpage watermark, SASE, use webpage watermarks to extract and trace data leaks-Secure Access Service Edge(SASE)-阿里云帮助中心

How it works

The feature supports both visible and invisible watermarks on webpages. Invisible watermarks are primarily used for tracing the source of information leaks or copyright disputes.

If you embed a visible watermark, the watermark is visible on the webpage.
If you embed an invisible watermark, it is not visible on the webpage. You must extract the watermark content in the SASE console.

Prerequisites

You have purchased the webpage watermark service. For more information, see Billing of Digital Watermark.

Configuration workflow

Integrate visible and invisible watermarks

You need an x86-based Linux server to deploy the webpage watermark SDK.

This example uses a server running Ubuntu 24.04 64-bit.

Step 1: Download the webpage watermark SDK

Log on to the Workplace Security console.
In the left-side navigation pane, choose Digital Watermarking > Embedding Service.
On the Embedding Service page, find the webpage watermark and click Download SDK in the Actions column.

Download the webpage watermark SDK package to your local machine. Currently, only the Java language is supported.

The downloaded SDK package contains the following files:
- watermark-puretransparent-v1.0.9.jar: The SDK JAR package for embedding watermarks. You need to add it to your Maven repository.
- pureTransparentDemo: A demo of the watermark feature that you can use for testing.
Click the icon in the AK/SK Information column to copy the AK and SK, and then save them locally.

Step 2: Integrate the SDK

This SDK generates images with invisible or transparent watermarks based on the parameters you provide.

Add the JAR package dependency (Maven).

mvn install:install-file  -Dfile=watermark-puretransparent-v1.0.9.jar  -DgroupId=com.aliyun.security.sase -DartifactId=watermark-puretransparent  -Dversion=v1.0.9  -Dpackaging=jar

<dependency>
    <groupId>com.aliyun.security.sase</groupId>
    <artifactId>watermark-puretransparent</artifactId>
    <version>v1.0.9</version>
    <scope>compile</scope>
</dependency>
<dependency>
    <groupId>net.java.dev.jna</groupId>
    <artifactId>jna</artifactId>
    <version>5.13.0</version>
</dependency>

Make an API call to generate a watermark image.

Initialize the AK and SK.

/**
 * Initialize the AK and SK.
 * @param appKey The AccessKey ID.
 * @param secret The AccessKey secret.
 * @param useLocalConfig Specifies whether to use a local configuration. 0: remote configuration (requires an internet connection), 1: local configuration.
 */
WaterMarkPNGUtils.init(appKey, secret,useLocalConfig);

Generate a watermark image.

Method 1: Generate a watermark image and output it to a file.

ParamsFile paramsFile = new ParamsFile();
// The watermark content, a decimal string like "10012". Its size is limited by the configuration. If not configured, the value can range from 1 to 4294967295.
paramsFile.setWatermarkbitsStr(watermarkbitsStr);
// The width.
paramsFile.setWidth(width);
// The height.
paramsFile.setHeight(height);
// The transparency, with a value range of [1, 255]. For service-based scenarios, we recommend setting this to 255 and controlling the transparency during rendering to reduce server load.
paramsFile.setAlpha(alpha);
// Set to 0 for webpage and app watermarks, and 1 for screen watermarks.
paramsFile.setH_idx(h_idx);
// The scale.
paramsFile.setScale(scale);
// The path of the destination file.
paramsFile.setDestFilePath(dest);
/**
 * Generate a watermark file.
 * @param baseParam
 * @return
 * @throws PureTransparentException with an error code and message. For more information, see the "Error codes" section.
 */
WaterMarkPNGUtils.waterMarkPngFile(paramsFile);

Method 2: Generate a watermark image into a byte array.

// The watermark content, a decimal string like "10012". Its size is limited by the configuration. If not configured, the value can range from 1 to 4294967295.
paramsBytes.setWatermarkbitsStr(watermarkbitsStr);
// The width.
paramsBytes.setWidth(width);
// The height.
paramsBytes.setHeight(height);
// The transparency, with a value range of [1, 255]. For service-based scenarios, we recommend setting this to 255 and controlling the transparency during rendering to reduce server load.
paramsBytes.setAlpha(alpha);
// Set to 0 for webpage and app watermarks, and 1 for screen watermarks.
paramsBytes.setH_idx(h_idx);
// The scale.
paramsBytes.setScale(scale);
/**
 * Generate a watermark file.
 * @param baseParam
 * @return
 * @throws PureTransparentException with an error code and message. For more information, see the "Error codes" section.
 */
byte[] destFileBytes =  WaterMarkPNGUtils.waterMarkPngFile(paramsBytes);
System.out.println("destFileBytes len "+destFileBytes.length);

Step 3: Embed the transparent watermark image

In the HTML file, import the watermark file (wm.min.js) in the <head></head> section.

<script src="https://g.alicdn.com/csfe/yd-watermark-loader/1.1.4/wm.min.js"></script>

Add the following code at the end of the <body></body> section in the HTML file.

After you add the code, the HTML file contains the visible and invisible watermarks that you configured. When you open the HTML file in a browser, the visible watermark appears, and the invisible watermark remains hidden.

<script>
          // Calling the method below renders the visible watermark.
        window.YD_WATERMARK.render({
            horizontalSpace: 300, // Horizontal spacing between visible watermarks in pixels.
            verticalSpace: 300, // Vertical spacing between visible watermarks in pixels.
            opacity: 1, // Opacity of the visible watermark. The value ranges from 0 to 1.
            rotateDegree: 30, //  Rotation angle. The value ranges from -180 to 180.
            fontColor: "#ff0000", // Text color in RGB format.
            rows: ["<Account Name>", "<Email>"], // Multi-line visible watermark text.
        })
        // Calling the method below renders the invisible watermark.
        window.YD_WATERMARK.renderInvisible({
            imgSrc: "URL of the transparent watermark base image", // The public URL of the generated transparent watermark image.
            opacity: 8 // Opacity of the invisible watermark, from 1 to 255. Recommended: 8 to 10.
        })
    </script>

Error codes

Error code	Description
null_parameters	A required parameter is empty.
wrong_parameters	Invalid parameter for embedding.
jvm_error	JVM error during embedding.
jni_exception	JNI initialization error (specific to Office 2003 watermarks). Check for POI reference conflicts, JDK version, and system environment.
wrong_fileFormat	Incorrect file format.
imgDecodeError	Image decoding error.
imgSizeError	Incorrect image size.
embedException	An exception occurred during embedding.
embedExceptionUnKnow	An unknown error occurred during embedding.
invalid_carrier	Invalid carrier or incorrect parameters.
embed_success	Embedding successful.
extract_success	Extraction successful.
extract_fail	Extraction failed.
extract_id_exceed	The extracted ID exceeds the valid range.
extract_exception	An exception occurred during extraction.
ossp_error_code_success	The SDK function executed successfully.
ossp_error_code_invalid_param	Invalid parameter provided to the SDK.
ossp_error_code_fail_to_download_config	The SDK failed to download the configuration.
ossp_error_code_fail_to_read_config	The SDK failed to read the configuration.
ossp_error_code_invalid_config	Invalid SDK configuration.
ossp_error_code_unauthorized_device	Unauthorized device.
ossp_error_code_license_expired	The license has expired.
ossp_error_code_config_mismatch	SDK configuration mismatch.
ossp_error_code_unauthorized_api	The API call is not authorized.
ossp_error_code_invalid_session_id	Invalid session ID for the SDK.
ossp_error_code_api_not_implemented	The called SDK API is not implemented.
ossp_error_code_unknown	Unknown SDK error.

Extract invisible watermark content

You have a leaked image of the watermarked webpage.

Step 1: Create an extraction task

Log on to the Workplace Security console.
In the left-side navigation pane, choose Digital Watermarking > Extraction Service.

Click Create Extraction Task. In the Create Extraction Task panel, set the following parameters for the extraction task.

Parameter	Description
Watermark Version	Select the version you purchased.
Watermark Type	Select webpage watermark.
Embedded Watermark Size	Set the bit width of the watermark content. This must match the bit width used when generating the watermark image (default is 32-bit).
Upload file for Watermark Extraction	Follow the on-screen instructions to upload the leaked file.

Click OK.

After the task is created, its information appears on the Extraction Service page.

Step 2: View the extraction result

After the extraction task is complete, view the result to get the watermark content.

On the Extraction Service page, click Show in the Extract Information column.
The expanded information shows the extracted watermark content, which is a decimal number.

The expanded information also includes the watermark content type field (for example, a base64-encoded string) and its corresponding watermark content value.

Trace and identify the leak source

On the Extraction Service page, click Show in the Extract Information column.
The expanded information shows the extracted watermark content, which is a decimal number.

For example, if the extracted content is 123456 and your mapping table links this value to John Doe, you have identified John Doe as the source of the leak.

The expanded extraction information also displays the watermark content type, such as Embedded 64-bit uint information.

Webpage watermark