springboot项目使用proguard配置代码混淆
springboot项目使用proguard配置代码混淆
代码混淆是一些软件开发过程中必不可少的步骤。
常用的代码混淆技术有
proguard maven plugin ,
yguard maven plugin,
procyon maven plugin,
dex maven plugin .
这些代码混淆技术大同小异,都是对maven打包生成class时进行干预,来完成对java字节码的代码混淆。
本文以springboot项目使用proguard为例,讲一下如何使用proguard完成代码混淆。
物料准备:
1.pom引入proguard-maven-plugin插件
2.在proguard.cfg配置文件里设置具体的代码混淆配置
3.maven package 打包测试
pom.xml配置proguard插件
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0modelVersion>
<groupId>cn.thinkpetgroupId>
<artifactId>springboot-app-scaffoldartifactId>
<version>0.0.1-SNAPSHOTversion>
<name>springboot-app-scaffoldname>
<description>Demo project for Spring Bootdescription>
<properties>
<java.version>1.8java.version>
<project.build.sourceEncoding>UTF-8project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8project.reporting.outputEncoding>
<spring-boot.version>2.4.2spring-boot.version>
properties>
<dependencies>
<dependency>
<groupId>cn.hutoolgroupId>
<artifactId>hutool-allartifactId>
<version>5.8.16version>
dependency>
<dependency>
<groupId>org.dom4jgroupId>
<artifactId>dom4jartifactId>
<version>2.0.0version>
dependency>
<dependency>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-starter-webartifactId>
dependency>
<dependency>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-starter-validationartifactId>
dependency>
<dependency>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-configuration-processorartifactId>
dependency>
<dependency>
<groupId>org.apache.cxfgroupId>
<artifactId>cxf-spring-boot-starter-jaxwsartifactId>
<version>3.2.4version>
dependency>
<dependency>
<groupId>org.projectlombokgroupId>
<artifactId>lombokartifactId>
<optional>trueoptional>
dependency>
<dependency>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-starter-testartifactId>
<scope>testscope>
dependency>
dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-dependenciesartifactId>
<version>${spring-boot.version}version>
<type>pomtype>
<scope>importscope>
dependency>
dependencies>
dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.pluginsgroupId>
<artifactId>maven-compiler-pluginartifactId>
<version>3.8.1version>
<configuration>
<source>1.8source>
<target>1.8target>
<encoding>UTF-8encoding>
configuration>
plugin>
<plugin>
<groupId>com.github.wvengengroupId>
<artifactId>proguard-maven-pluginartifactId>
<version>2.6.0version>
<executions>
<execution>
<phase>packagephase>
<goals>
<goal>proguardgoal>
goals>
execution>
executions>
<configuration>
<proguardVersion>7.2.2proguardVersion>
<injar>${project.build.finalName}.jarinjar>
<outjar>${project.build.finalName}.jaroutjar>
<proguardInclude>${project.basedir}/proguard.cfgproguardInclude>
<libs>
<lib>${java.home}/lib/rt.jarlib>
<lib>${java.home}/lib/jce.jarlib>
<lib>${java.home}/lib/jsse.jarlib>
libs>
<outputDirectory>${project.basedir}/targetoutputDirectory>
configuration>
plugin>
<plugin>
<groupId>org.springframework.bootgroupId>
<artifactId>spring-boot-maven-pluginartifactId>
<version>${spring-boot.version}version>
<executions>
<execution>
<id>repackageid>
<goals>
<goal>repackagegoal>
goals>
<configuration>
<mainClass>cn.thinkpet.springbootappscaffold.SpringbootAppScaffoldApplicationmainClass>
configuration>
execution>
executions>
<configuration>
<addResources>trueaddResources>
configuration>
plugin>
plugins>
<resources>
<resource>
<directory>src/main/javadirectory>
<includes>
<include>**/*.propertiesinclude>
<include>**/*.xmlinclude>
includes>
<filtering>falsefiltering>
resource>
<resource>
<directory>src/main/resourcesdirectory>
<includes>
<include>**/*.propertiesinclude>
<include>**/*.xmlinclude>
<include>**/*.ymlinclude>
<include>**/Dockerfileinclude>
<include>**/*.xdbinclude>
<include>**/*.xlsxinclude>
includes>
<filtering>falsefiltering>
resource>
resources>
build>
project>
配置proguard.cfg文件
需要注意这个文件要配置到maven项目的根目录下
#jdk版本1.8
#-target 1.8
#不做收缩(不删除注释以及未被引用的代码)
-dontshrink
#不做优化(不变更代码实现逻辑)
-dontoptimize
#-dontobfuscate
#-microedition
#不使用大小写混合,混淆后的类名为小写
-dontusemixedcaseclassnames
#使用唯一的类名来混淆
-useuniqueclassmembernames
#允许访问并修改有修饰符的类和类的成员
-allowaccessmodification
#保持 包名不变
-keeppackagenames
#需要保持的属性:异常,内部类,注解等
-keepattributes Exceptions,InnerClass,Signature,Deprecated,SourceFile,LineNumberTable,LocalVariable*Table,*Annotation*,Synthetic,EnclosingMethod
#spring 相关的注解,不要混淆
-keepclassmembers class * {
@org.springframework.** *;
@org.springframework.beans.factory.annotation.Autowired >;
@org.springframework.beans.factory.annotation.Autowired >;
@javax.annotation.PostConstruct *;
@javax.annotation.PreDestroy *;
@javax.annotation.Resource *;
@org.springframework.scheduling.annotation.Async >;
}
#不混淆所有的get/set方法
-keepclassmembers public class *{
void set*(***); *** get*();
}
-keepnames interface ** {*;}
-keep interface * extends * {*;}
-keepparameternames
-keepclassmembers enum * {*;}
# 保持启动类不变
-keep public class cn.thinkpet.springbootappscaffold.SpringbootAppScaffoldApplication {*;}
#不混淆被Component等注解标记的类
-keep @org.springframework.stereotype.Component class * {*;}
-keep @org.springframework.stereotype.Service class * {*;}
-keep @org.springframework.web.bind.annotation.RestController class * {*;}
-keep @org.springframework.context.annotation.Configuration class * {*;}
#-keep @org.aspectj.lang.annotation.Aspect class * {*;}
-adaptclassstrings
#跳过非公共库的类
-skipnonpubliclibraryclasses
#忽略警告
-ignorewarnings
-dontnote
# 打印配置内容
-printconfiguration
# 配置不混淆某些类
-keep class org.slf4j.** {*;}
打包测试
执行命令
mvn clean package -DskipTests
观察控制台,等待打包完成后,看下target目录如下
图中的
springboot-app-springbootappscaffold-0.0.1-SNAPSHOT.jar 即为代码混淆后的jar包
proguard_map.txt里记录了jar里哪些代码被混淆了,
如Apple.class 被混淆成 a.class 这种详细的内容 ,它是依据proguard.cfg里配置的项目来进行代码混淆的。