上文介绍了单个springboot的maven工程实现代码混淆,本文将会介绍多maven工程实现代码混淆。
多模块跟单模块一样,在需要混淆模块的pom文件中加入proguard依赖及配置。
演练版本
springboot:2.5.8
jdk:1.8
proguard: 7.1.0
新建springboot多Maven工程
新建springboot多maven工程,结构如下图,proguard-root 是顶级父工程,proguard-modu01、proguard-mudu02是两个业务模块,proguard-server是springboot启动服务类模块。
接下来会对proguard-modu01、proguard-mudu02两个模块实现proguard代码混淆。
下面以proguard-modu01工程为例介绍。
proguard-modu01 工程结构
proguard-modu01 的pom.xml配置代码混淆
本次我将proguard配置项放入 <options> </options>内,也可以单独配置在proguard.cfg文件内。
特别注意避坑:多maven工程代码混淆一定要配置:<option>-keepdirectories</option>,否则在以后访问代码混淆子模块的controller时会提示404错误。
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.proguard</groupId>
<artifactId>proguard-root</artifactId>
<version>1.0</version>
</parent>
<artifactId>proguard-modu02</artifactId>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
</dependencies>
<!-- 配置代码混淆 开始-->
<build>
<plugins>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.6.0</version>
<executions>
<!-- 以下配置说明执行mvn的package命令时候,会执行proguard-->
<execution>
<phase>package</phase>
<goals>
<goal>proguard</goal>
</goals>
</execution>
</executions>
<configuration>
<proguardVersion>7.1.0</proguardVersion>
<!-- 原始jar -->
<injar>${project.build.finalName}.jar</injar>
<!-- 混淆后的jar -->
<outjar>${project.build.finalName}.jar</outjar>
<!-- 是否混淆 默认是true -->
<obfuscate>true</obfuscate>
<!-- 是否将生成的PG文件安装部署 -->
<!-- <attach>true</attach> -->
<!--指定生成文件分类-->
<!--<attachArtifactClassifier>pg</attachArtifactClassifier>-->
<!-- 将pom.xml打包至jar文件中 -->
<addMavenDescriptor>true</addMavenDescriptor>
<!-- 混淆配置文件proguard.cfg
<proguardInclude>${project.basedir}/proguard.cfg</proguardInclude>-->
<!-- 项目编译所需要的jar -->
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<!-- 对输入jar进行过滤比如,如下配置就是对META-INFO文件不处理。
<inLibsFilter>!META-INF/**,!META-INF/versions/9/**.class</inLibsFilter>-->
<!-- 输出路径配置,但是要注意这个路径必须要包括injar标签填写的jar -->
<outputDirectory>${project.basedir}/target</outputDirectory>
<!--配置混淆的一些细节选项,可在proguard.cfg中配置-->
<options>
<!-- JDK目标版本1.8-->
<option>-target 1.8</option>
<!-- 不做收缩(删除注释、未被引用代码)-->
<option>-dontshrink</option>
<!-- 不做优化(变更代码实现逻辑)-->
<option>-dontoptimize</option>
<!-- 不混忽略非公用类文件及成员-->
<option>-dontskipnonpubliclibraryclasses</option>
<option>-dontskipnonpubliclibraryclassmembers</option>
<!--不用大小写混合类名机制-->
<option>-dontusemixedcaseclassnames</option>
<!-- 优化时允许访问并修改有修饰符的类和类的成员 -->
<option>-allowaccessmodification</option>
<!-- 确定统一的混淆类的成员名称来增加混淆-->
<option>-useuniqueclassmembernames</option>
<!-- 保持目录结构-->
<option>-keepdirectories</option>
<!-- 不混淆所有包名-->
<!--<option>-keeppackagenames</option>-->
<!-- 混淆类名之后,对使用Class.forName('className')之类的地方进行相应替代-->
<option>-adaptclassstrings</option>
<!-- 需要保持的属性:异常,注解等-->
<option>-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LocalVariable*Table,*Annotation*,Synthetic,EnclosingMethod</option>
<!-- 此选项将保存所有软件包中的所有原始接口文件(不进行混淆) -->
<option>-keepnames interface ** { *; }</option>
<!-- 此选项将保存所有软件包中的所有原始接口文件(不进行混淆) -->
<option>-keep interface * extends * { *; }</option>
<!-- 保留参数名,因为控制器,或者Mybatis等接口的参数如果混淆会导致无法接受参数,xml文件找不到参数 -->
<option>-keepparameternames</option>
<!-- 保留枚举成员及方法 -->
<option>-keepclassmembers enum * { *; }</option>
<!-- 不混淆所有类,保存原始定义的注释 -->
<option>
-keepclassmembers class * {
@org.springframework.context.annotation.Bean *;
@org.springframework.beans.factory.annotation.Autowired *;
@org.springframework.beans.factory.annotation.Value *;
@org.springframework.stereotype.Service *;
@org.springframework.stereotype.Component *;
@org.springframework.web.bind.annotation.RestController *;
}
</option>
<!-- 忽略warn消息 -->
<option>-ignorewarnings</option> -->
<!-- 忽略note消息 -->
<option>-dontnote</option> -->
<!-- 打印配置信息 -->
<option>-printconfiguration</option>
<!-- 不混淆controller入口类
<option>-keep class com.platform.scamp.entity.** {*;}</option>
<option>-keep class com.platform.scamp.service.ScampVehicleTrackService {*;}</option>
<option>-keep class com.platform.scamp.controller.** {*;}</option>-->
</options>
<injarNotExistsSkip>true</injarNotExistsSkip>
<!-- 把jar包放到临时目录以便缩短命令行 -->
<putLibraryJarsInTempDir>true</putLibraryJarsInTempDir>
</configuration>
<dependencies>
<dependency>
<groupId>com.guardsquare</groupId>
<artifactId>proguard-base</artifactId>
<version>7.1.0</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>com.guardsquare</groupId>
<artifactId>proguard-core</artifactId>
<version>7.1.0</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>
<!-- 配置代码混淆 结束-->
</project>
此时,已完成proguard-modu01模块的代码混淆配置,proguard-modu02模块同上配置即可。
proguard-server 启动服务模块的启动类配置
由于代码混淆,会存在大量的类名重名问题,因此需要在springboot启动类中修改 BeanName 生成策略。
方式一:
package com.proguard;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
import org.springframework.beans.factory.support.BeanNameGenerator;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
@SpringBootApplication
public class ProguardServerApplication {
public static class CustomGenerator implements BeanNameGenerator {
public String generateBeanName(BeanDefinition definition, BeanDefinitionRegistry registry) {
return definition.getBeanClassName();
}
}
public static void main(String[] args) {
new SpringApplicationBuilder(ProguardServerApplication.class)
.beanNameGenerator(new CustomGenerator())
.run(args);
}
}
方式二:若是maven工程师引用了springfox-boot-starter组件、springfox-*.jar相关组件,会产生异常,重写springboot启动类,如下:
@SpringBootApplication
public class ProguardServerApplication {
public static void main(String[] args) {
new SpringApplicationBuilder(ProguardServerApplication .class)
.beanNameGenerator(new ProGuardBeanNameGenerator()).run();
}
/**
* 代码混淆后,包名、类名会存在重复,重写buildDefaultBeanName方法,获取全限定的类名
*/
static class ProGuardBeanNameGenerator extends AnnotationBeanNameGenerator {
@Override
protected String buildDefaultBeanName(BeanDefinition definition) {
return definition.getBeanClassName();
}
}
}
启动,验证
通过Java反编译工具 查看源代码结果如下图,包名、类名已经重新命名,代表代码混淆已生效。
proguard-modu01:
proguard-modu02:
启动访问
- 访问proguard-modu01中接口:
- 访问proguard-modu02中接口:
踩过坑
1. proguard-modu01、proguard-modu02配置混淆后,访问接口提示404。去掉代码混淆恢复正常访问。
解决:在proguard-modu01、proguard-modu02的pom.xml文件中配置保持目录结构:<option>-keepdirectories</option>
2. 若是maven工程师引用了springfox-boot-starter组件、springfox-*.jar相关组件,会产生异常。
2023-06-05 17:07:38.322[0;39m [31mERROR[0;39m [35m19088[0;39m [2m---[0;39m [2m[ restartedMain][0;39m [36mo.s.boot.SpringApplication [0;39m [2m:[0;39m Application run failed
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'springfox.documentation.spring.web.scanners.ApiDocumentationScanner' defined in URL [jar:file:/D:/maven/maven-repository/io/springfox/springfox-spring-web/3.0.0/springfox-spring-web-3.0.0.jar!/springfox/documentation/spring/web/scanners/ApiDocumentationScanner.class]: Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'springfox.documentation.spring.web.scanners.ApiListingScanner' defined in URL [jar:file:/D:/maven/maven-repository/io/springfox/springfox-spring-web/3.0.0/springfox-spring-web-3.0.0.jar!/springfox/documentation/spring/web/scanners/ApiListingScanner.class]: Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'springfox.documentation.spring.web.scanners.ApiModelReader' defined in URL [jar:file:/D:/maven/maven-repository/io/springfox/springfox-spring-web/3.0.0/springfox-spring-web-3.0.0.jar!/springfox/documentation/spring/web/scanners/ApiModelReader.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'springfox.documentation.schema.CachingModelProvider' defined in URL [jar:file:/D:/maven/maven-repository/io/springfox/springfox-schema/3.0.0/springfox-schema-3.0.0.jar!/springfox/documentation/schema/CachingModelProvider.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'springfox.documentation.schema.DefaultModelProvider' defined in URL [jar:file:/D:/maven/maven-repository/io/springfox/springfox-schema/3.0.0/springfox-schema-3.0.0.jar!/springfox/documentation/schema/DefaultModelProvider.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'springfox.documentation.schema.property.CachingModelPropertiesProvider' defined in URL [jar:file:/D:/maven/maven-repository/io/springfox/springfox-schema/3.0.0/springfox-schema-3.0.0.jar!/springfox/documentation/schema/property/CachingModelPropertiesProvider.class]: Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'springfox.documentation.schema.property.ModelPropertiesProvider' available: expected at least 1 bean which qualifies as autowire candidate. Dependency annotations: {@org.springframework.beans.factory.annotation.Qualifier(value=optimized)}
at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:800) ~[spring-beans-5.3.14.jar:5.3.14]
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:229) ~[spring-beans-5.3.14.jar:5.3.14]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1372) ~[spring-beans-5.3.14.jar:5.3.14]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1222) ~[spring-beans-5.3.14.jar:5.3.14]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:582) ~[spring-beans-5.3.14.jar:5.3.14]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542) ~[spring-beans-5.3.14.jar:5.3.14]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335) ~[spring-beans-5.3.14.jar:5.3.14]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-5.3.14.jar:5.3.14]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333) ~[spring-beans-5.3.14.jar:5.3.14]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208) ~[spring-beans-5.3.14.jar:5.3.14]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:953) ~[spring-beans-5.3.14.jar:5.3.14]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) ~[spring-context-5.3.14.jar:5.3.14]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583) ~[spring-context-5.3.14.jar:5.3.14]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:145) ~[spring-boot-2.5.8.jar:2.5.8]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:765) ~[spring-boot-2.5.8.jar:2.5.8]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:445) ~[spring-boot-2.5.8.jar:2.5.8]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:338) ~[spring-boot-2.5.8.jar:2.5.8]
at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:143) [spring-boot-2.5.8.jar:2.5.8]
at com.proguard.ProguardServerApplication.main(ProguardServerApplication.java:22) [classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_192]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_192]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_192]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_192]
at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49) [spring-boot-devtools-2.5.8.jar:2.5.8]
解决方式:重写springboot启动类
@SpringBootApplication
public class ProguardServerApplication {
public static void main(String[] args) {
new SpringApplicationBuilder(ProguardServerApplication .class)
.beanNameGenerator(new ProGuardBeanNameGenerator()).run();
}
/**
* 代码混淆后,包名、类名会存在重复,重写buildDefaultBeanName方法,获取全限定的类名
*/
static class ProGuardBeanNameGenerator extends AnnotationBeanNameGenerator {
@Override
protected String buildDefaultBeanName(BeanDefinition definition) {
return definition.getBeanClassName();
}
}
}