1. Problem of configuration obfuscation
When configuration is confused, many version errors may be reported, including but not limited to the Java version, the Springboot version is wrong, and the log4j version is wrong. . . . .
In fact, as long as the proguard version is launched, you have to go to the next higher version.
Since proguard obfuscation seems to be unable to specify that the obfuscated class name is unique after the class name is obfuscated under basePackages, different package names often have duplicate class names such as, so an error will be reported when the spring container initializes the bean, because spring does not allow the class name under different packages. We need to change the naming strategy of the spring bean to solve this problem (see step 2.4)
Don't confuse dao and domain layers
2. Configuration process
2.1 Download first
Download proguard 6.2.2, other versions are fine, so change the pom configuration and change the version number, and then put the proguard file in the same level as pom. Don't put it in src, otherwise it will be equivalent to letting this jar package confuse yourself and you will definitely report an error.
2.2 The following is added to the maven pom configuration
<!-- ProGuardObfuscation plugin-->
<plugin>
<groupId></groupId>
<artifactId>proguard-maven-plugin</artifactId>
<executions>
<execution>
<!-- Confusing moments,Here is confusion when packing-->
<phase>package</phase>
<goals>
<!-- Specify obfuscation features for using plugins -->
<goal>proguard</goal>
</goals>
</execution>
</executions>
<configuration>
<proguardVersion>6.2.2</proguardVersion>
<!-- Will it be generatedPGFile installation and deployment-->
<attach>true</attach>
<!-- Is it confusing-->
<obfuscate>true</obfuscate>
<!-- Specify the generated file classification -->
<attachArtifactClassifier>pg</attachArtifactClassifier>
<proguardInclude>${basedir}/</proguardInclude>
<libs>
<lib>${}/lib/</lib>
<lib>${}/lib/</lib>
<lib>${}/lib/</lib>
</libs>
<!-- What to load,Only hereclassessuccess,It is impossible to configure the configuration file andJSPConfused-->
<injar>classes</injar>
<outjar>${}-</outjar>
<!-- Output directory-->
<outputDirectory>${}</outputDirectory>
</configuration>
<dependencies>
<dependency>
<groupId></groupId>
<artifactId>proguard-base</artifactId>
<version>6.2.2</version>
<scope>system</scope>
<systemPath>${basedir}/lib/</systemPath>
</dependency>
</dependencies>
</plugin>2.3 Add files in the pom directory
# Ignore all warnings, otherwise the confusion will stop when there is a warning.-ignorewarnings
# JDK Target Version 1.8-target 1.8
# No shrinking (delete comments, uncited code)-dontshrink
# No optimization (change the code implementation logic)-dontoptimize
# Do not pass non-public documents and members-dontskipnonpubliclibraryclasses
-dontskipnonpubliclibraryclassmembers
## When obfuscating, the class name does not generate a case mix. The default is that it can be mixed case.-dontusemixedcaseclassnames
# Allow access and modify classes with modifiers during optimization-allowaccessmodification
# Determine the member name of the unified obfuscation class to add obfuscation-useuniqueclassmembernames
# Don't confuse all package names. After my test, there are too many problems with WEB project. After all, there are a lot of fixed-write package names in Spring configuration.-keeppackagenames
# Do not confuse local variable names-keepparameternames
# Do not delete the annotation-keepattributes *Annotation*
# Do not confuse all special classes LocalVariable*Table,-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,Synthetic,EnclosingMethod
# Do not confuse all set/get methods. After all, some third-party frameworks used in the project (such as Shiro) will use a large number of set/get mappings.-keepclassmembers public class * {void set*(***);*** get*();}
##Reserve exceptions and annotation information in runtime, otherwise it will affect springboot startup-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
##Reserve the main method class and its method name-keepclasseswithmembers public class * { public static void main([]);}
##Keep enumeration members and methods-keepclassmembers enum * { *; }
# Don't confuse generics-keepattributes Signature
#! ! ! ! ! ! ! Don't confuse dao and domain! ! ! ! !-keep class .** {*;}
-keep class .** {*;}
#You can add obfuscation dictionary by yourself through this configuration#-classobfuscationdictionary ./
## After obfuscating the class name, use ('className') and other places as corresponding substitutions#-adaptclassstrings
# Keep class protected from being confused#-keep public class * { public protected <fields>;public protected <methods>; }2.4 Modify springboot startup file
Let springboot name the package name on the bean, otherwise there will be conflicts due to the same name class in different packages after confusion.
@SpringBootApplication
public class ManagerplateApplication {
public static class CustomGenerator implements BeanNameGenerator {
@Override
public String generateBeanName(BeanDefinition definition, BeanDefinitionRegistry registry) {
return ();
}
}
public static void main(String[] args) {
new SpringApplicationBuilder()
.beanNameGenerator(new CustomGenerator())
.run(args);
}
}2.5 Execute sudo mvn clean package -DskipTests
(It's better to add sudo, don't ask me how I know)
2.6 Obfuscation is completed, generating executable jar package
4 files will be generated in the target directory:
- The obfuscated classes file contains the complete project structure
- proguard_map.txt Mapping of obfuscated content
- proguard_seed.txt class involved in obfuscation
- There is also an unconfused original jar package
#Extract and unconfused jar packageunzip unzip UnconfusedjarBag #Replace all uncompressed contents. All files under unobfuscated jar package/BOOT-INF/classes#Repackage replaced jar packagejar cvfM0 *
Summarize
The above is personal experience. I hope you can give you a reference and I hope you can support me more.