Java代码混淆工具ProGuard是比较流行的,集成到Maven中需要使用相关插件。
通过比较,笔者认为IDFC Maven ProGuard Plug-in是较好些(也是ProGuard官方推荐)。
下面是pom的一个配置示例,这个示例是对项目中一个公共lib(有其特殊性)进行混淆,除了plugin之外的配置,还有一个.pro的配置文件(存放在${basedir}/src/main/config/${project.artifactId}-maven.pro)。
<plugin>
<groupId>com.idfconnect.devtools</groupId>
<artifactId>idfc-proguard-maven-plugin</artifactId>
<version>1.0.1</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>obfuscate</goal>
</goals>
</execution>
</executions>
<configuration>
<inputFile>${project.build.outputDirectory}</inputFile>
<libraryJarPaths>
<libraryJarPath>${java.home}/lib/jce.jar</libraryJarPath>
</libraryJarPaths>
<excludeManifests>false</excludeManifests>
<excludeMavenDescriptor>false</excludeMavenDescriptor>
<outputArtifacts>
<outputArtifact>
<file>${project.build.finalName}.${project.packaging}</file>
</outputArtifact>
</outputArtifacts>
</configuration>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>4.11</version>
</dependency>
</dependencies>
</plugin>
...maven.pro的内容:
-renamesourcefileattribute SourceFile
-dontskipnonpubliclibraryclassmembers
-keepattributes Exceptions,InnerClasses,Signature,Deprecated,
SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
-keep public class * {
public protected *;
-dontskipnonpubliclibraryclassmembers
-keepattributes Exceptions,InnerClasses,Signature,Deprecated,
SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
-keep public class * {
public protected *;
}
-keepclassmembernames class * {
java.lang.Class class$(java.lang.String);
java.lang.Class class$(java.lang.String, boolean);
}
-keepclasseswithmembernames class * {
native <methods>;
}
-keepclassmembers,allowoptimization enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keepclassmembers class * implements java.io.Serializable {
static final long serialVersionUID;
private static final java.io.ObjectStreamField[] serialPersistentFields;
private void writeObject(java.io.ObjectOutputStream);
private void readObject(java.io.ObjectInputStream);
java.lang.Object writeReplace();
java.lang.Object readResolve();
}