概述
在软件开发中,代码混淆是故意创建人类难以理解的源代码或机器代码的行为。代码混淆处理修改了可部署的文件,因此黑客很难从中读取信息,但仍然保持完整的功能。这最初是为 android 平台引入的。它现在能够支持 SpringBoot 2。
ProGuard
ProGuard 是一个开源的,最流行的 Java 字节码和 Android 应用程序优化器和代码混淆器。
更多信息:https://www.guardsquare.com/en/products/proguard/manual/usage
在 SpringBoot 中使用 ProGuard
在使用前,你需要配置好 JAVA_HOME 环境变量,并指定主启动类(在 pom.xml 中指定)
配置 pom.xml
<build><plugins><plugin><groupId>com.github.wvengen</groupId><artifactId>proguard-maven-plugin</artifactId><version>2.3.1</version><executions><execution><phase>package</phase><goals><goal>proguard</goal></goals></execution></executions><configuration><proguardVersion>6.2.2</proguardVersion><injar>${project.build.finalName}.jar</injar><outjar>${project.build.finalName}.jar</outjar><obfuscate>true</obfuscate><proguardInclude>${project.basedir}/proguard.cfg</proguardInclude></configuration><dependencies><dependency><groupId>net.sf.proguard</groupId><artifactId>proguard-base</artifactId><version>6.2.2</version></dependency></dependencies></plugin><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId><executions><execution><goals><goal>repackage</goal></goals><configuration><mainClass>com.example.Application</mainClass></configuration></execution></executions></plugin></plugins></build>
配置proguard.cfg
项目根目录下创建 proguard.cfg
-dontshrink -dontoptimize -useuniqueclassmembernames -adaptclassstrings -keepattributes Exceptions, InnerClasses, Signature, Deprecated, SourceFile, LineNumberTable, *Annotation*, EnclosingMethod -keepnames interface ** -keepparameternames -keep class com.shark.example.ExampleApplication { public static void main(java.lang.String[]); } -keep class com.shark.example.dao.** { *; } -keep class com.shark.example.configuration.log.** { *; } -keep interface * extends * { *; } -keeppackagenames com.shark.example.controller -keep class com.shark.example.controller.* -keepclassmembers class * { @org.springframework.beans.factory.annotation.Autowired *; @org.springframework.beans.factory.annotation.Value *; @org.springframework.stereotype.Repository *; @org.springframework.beans.factory.annotation.Qualifier *; @org.springframework.context.annotation.Primary *; } -keepclassmembernames class * { void set*(***); boolean is*(); *** get*(); } -keepclassmembers enum * { *; } -ignorewarnings
运行
配置完成后运行 mvn clean package 即可
参考链接
https://medium.com/@ijayakantha/obfuscate-spring-boot-2-applications-with-proguard-a8a76586b11f
