maven springboot工程 jar包使用ProGuard 混淆代码

最新推荐文章于 2024-07-31 15:17:36 发布

dns007

最新推荐文章于 2024-07-31 15:17:36 发布

阅读量7.3k

点赞数

分类专栏： java 文章标签： ProGuard springboot

本文链接：https://blog.csdn.net/lipei1220/article/details/79416284

版权

java 专栏收录该内容

70 篇文章 1 订阅

订阅专栏

1.ProGuard 混淆只能增加反编译代码的阅读难度，不能根本保护代码安全

2.maven工程使用proguard-maven-plugin这个插件

3.若工程中包含大量第三方框架，混淆后会报错，所以选择性混淆私有的逻辑代码比较容易，框架代码不混淆

添加依赖：

<dependency>
				<groupId>net.sf.proguard</groupId>
				<artifactId>proguard-base</artifactId>
				<version>5.3.3</version>
			</dependency>

pom.xml例子：

<build>
		<finalName>${artifactId}</finalName>
		<plugins>
			<plugin>
				<groupId>com.github.wvengen</groupId>
				<artifactId>proguard-maven-plugin</artifactId>
				<executions>
					<execution>
						<phase>package</phase>
						<goals><goal>proguard</goal></goals>
					</execution>
				</executions>
				<configuration>
					<proguardVersion>5.3.3</proguardVersion>
					<injar>${project.build.finalName}.jar</injar>
					<outjar>${project.build.finalName}.jar</outjar>
					<obfuscate>true</obfuscate>
					<options>
						<option>-dontshrink</option>
						<option>-dontoptimize</option>
						<!-- This option will replace all strings in reflections method invocations with new class names.
                             For example, invokes Class.forName('className')-->
						<option>-adaptclassstrings</option>
						<!-- This option will save all original annotations and etc. Otherwise all we be removed from files.-->
						<option>-keepattributes Exceptions,InnerClasses,Signature,Deprecated,
							SourceFile,LineNumberTable,*Annotation*,EnclosingMethod</option>
						<!-- This option will save all original names in interfaces (without obfuscate).-->
						<option>-keepnames interface **</option>
						<!-- This option will save all original methods parameters in files defined in -keep sections,
                             otherwise all parameter names will be obfuscate.-->
						<option>-keepparameternames</option>
						<option>-keeppackagenames</option>
						<!-- This option will save all original class files (without obfuscate) but obfuscate all in domain package.-->
						<option>-keep class com.abcutil.abcutil.App{ *; }</option>
						<option>-keep class com.abcutil.abcutil.SpringUtil{ *; }</option>
						<option>-keep class com.abcutil.abcutil.config.** { *; }</option>
						<option>-keep class com.abcutil.abcutil.dao.** { *; }</option>
						<option>-keep class com.abcutil.abcutil.entities.** { *; }</option>
						<option>-keep class com.abcutil.abcutil.exception.** { *; }</option>
						<option>-keep class com.abcutil.abcutil.schedule.SchedulerTask</option>
						<option>-keep class com.abcutil.abcutil.service.MainService</option>
						<!-- This option will save all original interfaces files (without obfuscate) in all packages.-->
						<option>-keep interface * extends * { *; }</option>
						<!-- This option will save all original defined annotations in all class in all packages.-->
						<option>-keepclassmembers class * {
							@org.springframework.beans.factory.annotation.Autowired *;
							@org.springframework.beans.factory.annotation.Value *;
							@org.springframework.stereotype.Service *;
							@org.springframework.stereotype.Component *;
							@org.springframework.scheduling.annotation.Scheduled *;
							}
						</option>
					</options>
					<libs>
						<!-- Include main JAVA library required.-->
						<lib>${java.home}/lib/rt.jar</lib>
						<!-- Include crypto JAVA library if necessary.-->
						<lib>${java.home}/lib/jce.jar</lib>
					</libs>
				</configuration>
			</plugin>

			 <!--Maven assembly must be run after proguard obfuscation so it take already obfuscated files.-->
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
				<executions>
					<execution>
						<goals>
							<goal>repackage</goal>
						</goals>
						<configuration>
							<mainClass>com.abcutil.abcutil.App</mainClass>
						</configuration>
					</execution>
				</executions>
			</plugin>
		</plugins>
	</build>