为了保证代码的安全性,需要对打包的Jar包进行混淆,加大代码被反编译的难度(集成maven打包插件)
插件作者:项目gitee地址
背景 Jdk17,SpringBoot3,MyBatisPlus
步骤
1.直接在打包插件里新增标签,完整配置文件如下
<build>
<finalName>${bladex.project.id}</finalName>
<resources>
<resource>
<directory>src/main/resources</directory>
</resource>
<resource>
<directory>src/main/java</directory>
<includes>
<include>**/*.xml</include>
</includes>
</resource>
</resources>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>3.2.4</version>
<configuration>
<finalName>${project.build.finalName}</finalName>
<excludes>
<!-- 打包的 jar 中排除 lombok -->
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<!--代码混淆-->
<plugin>
<groupId>com.idea-aedi</groupId>
<artifactId>class-winter-maven-plugin</artifactId>
<version>2.9.2</version>
<configuration>
<includePrefix>要加密的包或者文件1</includePrefix>
</configuration>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>class-winter</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.11.0</version> <!-- 使用你选择的插件版本 -->
<configuration>
<source>17</source> <!-- 源代码版本 -->
<target>17</target> <!-- 目标字节码版本 -->
<compilerArgs>
<arg>-parameters</arg>
</compilerArgs>
</configuration>
</plugin>
</plugins>
</build>
2.刷新Maven等待插件下载即可,然后直接进行打包,打包完成后的jar名字以 "-encrypted.jar"结尾
3.查看字节码文件如下图所示,即为混淆成功
4. 运行jar包,正常启动即可
命令
nohup java -javaagent:./jar包名 -Dspring.profiles.active=dev --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/sun.net.util=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED -jar ./jar包名 > log 2>&1 &
至此完成代码混淆并成功启动
期间测试了很多方式对jdk17的项目进行混淆,但是都失败了,包括classfinal,如果有更好的方法,期待留言评论区