1.ProGuard 混淆 只能增加反编译代码的阅读难度,不能根本保护代码安全
2.maven工程使用proguard-maven-plugin这个插件
3.若工程中包含大量第三方框架,混淆后会报错,所以选择性混淆私有的逻辑代码比较容易,框架代码不混淆
添加依赖:
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.3.3</version>
</dependency>
pom.xml例子:
<build>
<finalName>${artifactId}</finalName>
<plugins>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.3.3</proguardVersion>
<injar>${project.build.finalName}.jar</injar>
<outjar>${project.build.finalName}.jar</outjar>
<obfuscate>true</obfuscate>
<options>
<option>-dontshrink</option>
<option>-dontoptimize</option>
<!-- This option will replace all strings in reflections method invocations with new class names.
For example, invokes Class.forName('className')-->
<option>-adaptclassstrings</option>
<!-- This option will save all original annotations and etc. Otherwise all we be removed from files.-->
<option>-keepattributes Exceptions,InnerClasses,Signature,Deprecated,
SourceFile,LineNumberTable,*Annotation*,EnclosingMethod</option>
<!-- This option will save all original names in interfaces (without obfuscate).-->
<option>-keepnames interface **</option>
<!-- This option will save all original methods parameters in files defined in -keep sections,
otherwise all parameter names will be obfuscate.-->
<option>-keepparameternames</option>
<option>-keeppackagenames</option>
<!-- This option will save all original class files (without obfuscate) but obfuscate all in domain package.-->
<option>-keep class com.abcutil.abcutil.App{ *; }</option>
<option>-keep class com.abcutil.abcutil.SpringUtil{ *; }</option>
<option>-keep class com.abcutil.abcutil.config.** { *; }</option>
<option>-keep class com.abcutil.abcutil.dao.** { *; }</option>
<option>-keep class com.abcutil.abcutil.entities.** { *; }</option>
<option>-keep class com.abcutil.abcutil.exception.** { *; }</option>
<option>-keep class com.abcutil.abcutil.schedule.SchedulerTask</option>
<option>-keep class com.abcutil.abcutil.service.MainService</option>
<!-- This option will save all original interfaces files (without obfuscate) in all packages.-->
<option>-keep interface * extends * { *; }</option>
<!-- This option will save all original defined annotations in all class in all packages.-->
<option>-keepclassmembers class * {
@org.springframework.beans.factory.annotation.Autowired *;
@org.springframework.beans.factory.annotation.Value *;
@org.springframework.stereotype.Service *;
@org.springframework.stereotype.Component *;
@org.springframework.scheduling.annotation.Scheduled *;
}
</option>
</options>
<libs>
<!-- Include main JAVA library required.-->
<lib>${java.home}/lib/rt.jar</lib>
<!-- Include crypto JAVA library if necessary.-->
<lib>${java.home}/lib/jce.jar</lib>
</libs>
</configuration>
</plugin>
<!--Maven assembly must be run after proguard obfuscation so it take already obfuscated files.-->
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
<configuration>
<mainClass>com.abcutil.abcutil.App</mainClass>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>