概述
在軟體開發中,代碼混淆是故意建立人類難以了解的源代碼或機器代碼的行為。代碼混淆處理修改了可部署的檔案,是以黑客很難從中讀取資訊,但仍然保持完整的功能。這最初是為 android 平台引入的。它現在能夠支援 SpringBoot 2。
ProGuard
ProGuard 是一個開源的,最流行的 Java 位元組碼和 Android 應用程式優化器和代碼混淆器。
更多資訊:
https://www.guardsquare.com/en/products/proguard/manual/usage在 SpringBoot 中使用 ProGuard
在使用前,你需要配置好 JAVA_HOME 環境變量,并指定主啟動類(在 pom.xml 中指定)
配置 pom.xml
<build>
<plugins>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.3.1</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>proguard</goal>
</goals>
</execution>
</executions>
<configuration>
<proguardVersion>6.2.2</proguardVersion>
<injar>${project.build.finalName}.jar</injar>
<outjar>${project.build.finalName}.jar</outjar>
<obfuscate>true</obfuscate>
<proguardInclude>${project.basedir}/proguard.cfg</proguardInclude>
</configuration>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>6.2.2</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
<configuration>
<mainClass>com.example.Application</mainClass>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
配置proguard.cfg
項目根目錄下建立 proguard.cfg
-dontshrink
-dontoptimize
-useuniqueclassmembernames
-adaptclassstrings
-keepattributes Exceptions, InnerClasses, Signature, Deprecated, SourceFile, LineNumberTable, *Annotation*, EnclosingMethod
-keepnames interface **
-keepparameternames
-keep class com.shark.example.ExampleApplication {
public static void main(java.lang.String[]);
}
-keep class com.shark.example.dao.** {
*;
}
-keep class com.shark.example.configuration.log.** {
*;
}
-keep interface * extends * { *; }
-keeppackagenames com.shark.example.controller
-keep class com.shark.example.controller.*
-keepclassmembers class * {
@org.springframework.beans.factory.annotation.Autowired *;
@org.springframework.beans.factory.annotation.Value *;
@org.springframework.stereotype.Repository *;
@org.springframework.beans.factory.annotation.Qualifier *;
@org.springframework.context.annotation.Primary *;
}
-keepclassmembernames class * {
void set*(***);
boolean is*();
*** get*();
}
-keepclassmembers enum * { *; }
-ignorewarnings
運作
配置完成後運作 mvn clean package 即可