您现在的位置是:首页 >技术杂谈 >springboot项目使用proguard配置代码混淆网站首页技术杂谈

springboot项目使用proguard配置代码混淆

ThinkPet 2024-10-20 12:01:04
简介springboot项目使用proguard配置代码混淆

springboot项目使用proguard配置代码混淆

代码混淆是一些软件开发过程中必不可少的步骤。
常用的代码混淆技术有
proguard maven plugin ,
yguard maven plugin,
procyon maven plugin,
dex maven plugin .
这些代码混淆技术大同小异,都是对maven打包生成class时进行干预,来完成对java字节码的代码混淆。
本文以springboot项目使用proguard为例,讲一下如何使用proguard完成代码混淆。

物料准备:
1.pom引入proguard-maven-plugin插件
2.在proguard.cfg配置文件里设置具体的代码混淆配置
3.maven package 打包测试

pom.xml配置proguard插件

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>cn.thinkpet</groupId>
    <artifactId>springboot-app-scaffold</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>springboot-app-scaffold</name>
    <description>Demo project for Spring Boot</description>
    <properties>
        <java.version>1.8</java.version>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <spring-boot.version>2.4.2</spring-boot.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>cn.hutool</groupId>
            <artifactId>hutool-all</artifactId>
            <version>5.8.16</version>
        </dependency>
        <dependency>
            <groupId>org.dom4j</groupId>
            <artifactId>dom4j</artifactId>
            <version>2.0.0</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-validation</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-configuration-processor</artifactId>
        </dependency>
         
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-spring-boot-starter-jaxws</artifactId>
            <version>3.2.4</version>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>
    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-dependencies</artifactId>
                <version>${spring-boot.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>

        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.8.1</version>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                    <encoding>UTF-8</encoding>
                </configuration>
            </plugin>

<!--
注意maven插件需要配置到plugins标签下
 -->
            <plugin>
    <!-- 这里引入的是2.6.0版本的proguard maven插件 -->            <groupId>com.github.wvengen</groupId>
                <artifactId>proguard-maven-plugin</artifactId>
                <version>2.6.0</version>
                <executions>
                    <execution>
                        <phase>package</phase>
                        <goals>
                            <goal>proguard</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
        
 <!-- 这里要指定一下proguard的版本
2.6.0版本的proguard-maven-plugin
对应的 proguard-base版本是7.2.2
所以这里要声明使用的是7.2.2的proguardVersion
 -->                   <proguardVersion>7.2.2</proguardVersion>
          
    <!--
    输入的jar 
-->                <injar>${project.build.finalName}.jar</injar>
       <!--
    输出的jar 
-->               <outjar>${project.build.finalName}.jar</outjar>
   <!--
    详细的代码混淆配置在
    配置文件proguard.cfg里展示
-->                   <proguardInclude>${project.basedir}/proguard.cfg</proguardInclude>

<!--
    代码混淆需要引入的jdk里的部分jar
-->  
                    <libs>
                        <lib>${java.home}/lib/rt.jar</lib>
                        <lib>${java.home}/lib/jce.jar</lib>
                        <lib>${java.home}/lib/jsse.jar</lib>
                    </libs>
   
   <!--
    输出目录,配置target目录即可
-->                   <outputDirectory>${project.basedir}/target</outputDirectory>
                </configuration>
            </plugin>


            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <version>${spring-boot.version}</version>

                <executions>
                    <execution>
                        <id>repackage</id>
                        <goals>
                            <goal>repackage</goal>
                        </goals>
                        <configuration>
                            <mainClass>cn.thinkpet.springbootappscaffold.SpringbootAppScaffoldApplication</mainClass>
                        </configuration>
                    </execution>
                </executions>
                <configuration>
                    <addResources>true</addResources>
                </configuration>
            </plugin>
        </plugins>

        <resources>
            <resource>
                <directory>src/main/java</directory>
                <includes>
                    <include>**/*.properties</include>
                    <include>**/*.xml</include>
                </includes>
                <filtering>false</filtering>
            </resource>
            <resource>
                <directory>src/main/resources</directory>
                <includes>
                    <include>**/*.properties</include>
                    <include>**/*.xml</include>
                    <include>**/*.yml</include>
                    <include>**/Dockerfile</include>
                    <include>**/*.xdb</include>
                    <include>**/*.xlsx</include>
                </includes>
                <filtering>false</filtering>
            </resource>
        </resources>

    </build>

</project>

配置proguard.cfg文件

需要注意这个文件要配置到maven项目的根目录下
#jdk版本1.8
#-target 1.8
#不做收缩(不删除注释以及未被引用的代码)
-dontshrink
#不做优化(不变更代码实现逻辑)
-dontoptimize

#-dontobfuscate
#-microedition

#不使用大小写混合,混淆后的类名为小写
-dontusemixedcaseclassnames

#使用唯一的类名来混淆
-useuniqueclassmembernames

#允许访问并修改有修饰符的类和类的成员
-allowaccessmodification

#保持 包名不变
-keeppackagenames

#需要保持的属性:异常,内部类,注解等
-keepattributes Exceptions,InnerClass,Signature,Deprecated,SourceFile,LineNumberTable,LocalVariable*Table,*Annotation*,Synthetic,EnclosingMethod

#spring 相关的注解,不要混淆
-keepclassmembers class * {
  @org.springframework.** *;
  @org.springframework.beans.factory.annotation.Autowired <fields>;
  @org.springframework.beans.factory.annotation.Autowired <methods>;
  @javax.annotation.PostConstruct *;
  @javax.annotation.PreDestroy *;
  @javax.annotation.Resource *;
  @org.springframework.scheduling.annotation.Async <methods>;
}

#不混淆所有的get/set方法
-keepclassmembers public class *{
  void set*(***); *** get*();
}

-keepnames interface ** {*;}
-keep interface * extends * {*;}
-keepparameternames
-keepclassmembers enum * {*;}

# 保持启动类不变
-keep public class cn.thinkpet.springbootappscaffold.SpringbootAppScaffoldApplication {*;}


#不混淆被Component等注解标记的类
-keep @org.springframework.stereotype.Component class * {*;}
-keep @org.springframework.stereotype.Service class * {*;}
-keep @org.springframework.web.bind.annotation.RestController class * {*;}
-keep @org.springframework.context.annotation.Configuration class * {*;}
#-keep @org.aspectj.lang.annotation.Aspect class * {*;}



-adaptclassstrings
#跳过非公共库的类
-skipnonpubliclibraryclasses


#忽略警告
-ignorewarnings
-dontnote
# 打印配置内容
-printconfiguration


# 配置不混淆某些类
-keep class org.slf4j.** {*;}





打包测试

执行命令

mvn clean package -DskipTests

观察控制台,等待打包完成后,看下target目录如下
在这里插入图片描述
图中的
springboot-app-springbootappscaffold-0.0.1-SNAPSHOT.jar 即为代码混淆后的jar包

proguard_map.txt里记录了jar里哪些代码被混淆了,
如Apple.class 被混淆成 a.class 这种详细的内容 ,它是依据proguard.cfg里配置的项目来进行代码混淆的。

风语者!平时喜欢研究各种技术,目前在从事后端开发工作,热爱生活、热爱工作。