spring boot2X代码混淆
为了防止代码很容易被反编译而造成泄露,所以打包时进行代码混淆
使用 proguard-maven-plugin插件
<build> <finalName>${artifactId}</finalName> <plugins> <plugin> <groupId>com.github.wvengen</groupId> <artifactId>proguard-maven-plugin</artifactId> <executions> <execution> <phase>package</phase> <goals><goal>proguard</goal></goals> </execution> </executions> <configuration> <proguardVersion>6.0.3</proguardVersion> <injar>${project.build.finalName}.jar</injar> <outjar>${project.build.finalName}.jar</outjar> <obfuscate>true</obfuscate> <proguardInclude>${basedir}/proguard.conf</proguardInclude> <libs> <lib>${java.home}/lib/rt.jar</lib> <lib>${java.home}/lib/jce.jar</lib> </libs> </configuration> <dependencies> <dependency> <groupId>net.sf.proguard</groupId> <artifactId>proguard-base</artifactId> <version>6.0.3</version> </dependency> </dependencies> </plugin> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> <executions> <execution> <goals> <goal>repackage</goal> </goals> <configuration> <mainClass>com.abc.xyz.BWMApiApplication</mainClass> </configuration> </execution> </executions> </plugin> </plugins> </build>
proguard的阶段为package
springboot打包在repackage阶段
proguard.conf
-target 1.8 -dontshrink -dontoptimize -adaptclassstrings -ignorewarnings -keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod -keepnames interface ** -keepparameternames -keep class com.abc.xyz.BWMApiApplication { *; } -keep class com.abc.xyz.configure.** { *; } -keep class com.abc.xyz.core.** { *; } -keep class com.abc.xyz.controller.** { *; } -keep class com.abc.xyz.model.** { *; } -keep interface * extends * { *; } -keepclassmembers class * { @org.springframework.beans.factory.annotation.Autowired *; @org.springframework.beans.factory.annotation.Value *; }
proguard混淆不能指定混淆的类名在basePackages下面类名混淆后唯一,不同包名经常有a.class,b.class,c.class之类重复的类名
spring容器初始化bean的时候会报错
修改启动类
package com.xyz.abc; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.support.BeanDefinitionRegistry; import org.springframework.beans.factory.support.BeanNameGenerator; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.builder.SpringApplicationBuilder; @SpringBootApplication public class BWMApiApplication { public static class CustomGenerator implements BeanNameGenerator { @Override public String generateBeanName(BeanDefinition definition, BeanDefinitionRegistry registry) { return definition.getBeanClassName(); } } public static void main(String[] args) { new SpringApplicationBuilder(BWMApiApplication.class) .beanNameGenerator(new CustomGenerator()) .run(args); } }
如果有报错可以手动执行打包命令
mvn clean package -DskipTests=true -P obfuscation