Java代码混淆工具ProGuard是比较流行的,集成到Maven中需要使用相关插件。
通过比较,笔者认为IDFC Maven ProGuard Plug-in是较好些(也是ProGuard官方推荐)。
下面是pom的一个配置示例,这个示例是对项目中一个公共lib(有其特殊性)进行混淆,除了plugin之外的配置,还有一个.pro的配置文件(存放在${basedir}/src/main/config/${project.artifactId}-maven.pro)。
- <plugin>
- <groupId>com.idfconnect.devtools</groupId>
- <artifactId>idfc-proguard-maven-plugin</artifactId>
- <version>1.0.1</version>
- <executions>
- <execution>
- <phase>package</phase>
- <goals>
- <goal>obfuscate</goal>
- </goals>
- </execution>
- </executions>
- <configuration>
- <inputFile>${project.build.outputDirectory}</inputFile>
- <libraryJarPaths>
- <libraryJarPath>${java.home}/lib/jce.jar</libraryJarPath>
- </libraryJarPaths>
- <excludeManifests>false</excludeManifests>
- <excludeMavenDescriptor>false</excludeMavenDescriptor>
- <outputArtifacts>
- <outputArtifact>
- <file>${project.build.finalName}.${project.packaging}</file>
- </outputArtifact>
- </outputArtifacts>
- </configuration>
- <dependencies>
- <dependency>
- <groupId>net.sf.proguard</groupId>
- <artifactId>proguard-base</artifactId>
- <version>4.11</version>
- </dependency>
- </dependencies>
- </plugin>
...maven.pro的内容:
- -renamesourcefileattribute SourceFile
-
- -dontskipnonpubliclibraryclassmembers
-
- -keepattributes Exceptions,InnerClasses,Signature,Deprecated,
- SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
-
- -keep public class * {
- public protected *;
-
- -dontskipnonpubliclibraryclassmembers
-
- -keepattributes Exceptions,InnerClasses,Signature,Deprecated,
- SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
-
- -keep public class * {
- public protected *;
- }
-
- -keepclassmembernames class * {
- java.lang.Class class$(java.lang.String);
- java.lang.Class class$(java.lang.String, boolean);
- }
-
- -keepclasseswithmembernames class * {
- native <methods>;
- }
-
- -keepclassmembers,allowoptimization enum * {
- public static **[] values();
- public static ** valueOf(java.lang.String);
- }
-
- -keepclassmembers class * implements java.io.Serializable {
- static final long serialVersionUID;
- private static final java.io.ObjectStreamField[] serialPersistentFields;
- private void writeObject(java.io.ObjectOutputStream);
- private void readObject(java.io.ObjectInputStream);
- java.lang.Object writeReplace();
- java.lang.Object readResolve();
- }
|