我正在使用Spring Boot和bootRepackage gradle来构建发布jar文件。在交付给客户之前,我的项目需要混淆代码。我试过proguard和其他一些工具,但很多问题发生。我可以建议如何为春季启动配置这样的工具。
我用这些配置尝试了ProGuard
-injars ./build/libs/webservice-1.0.jar
-outjars ./build/libs/webservice-obs-1.0.jar
-libraryjars <java.home>/lib/rt.jar
-keep class !myapplicationpackage.** { *; }
-keep class myapplicationpackage.Application { *; }
-ignorewarnings
-keepdirectories **
-dontshrink
-keepattributes *Annotation*
-keepclassmembers class com.yumyumlabs.** { java.lang.Long id; }
-keepnames class com.yumyumlabs.** implements java.io.Serializable
-keepclassmembers class * implements java.io.Serializable {
static final long serialVersionUID;
private static final java.io.ObjectStreamField[] serialPersistentFields;
!static !transient <fields>;
private void writeObject(java.io.ObjectOutputStream);
private void readObject(java.io.ObjectInputStream);
java.lang.Object writeReplace();
java.lang.Object readResolve();
}
-keepclassmembers class * {
@org.springframework.beans.factory.annotation.Autowired *;
@org.springframework.beans.factory.annotation.Qualifier *;
@org.springframework.beans.factory.annotation.Value *;
@org.springframework.beans.factory.annotation.Required *;
@org.springframework.context.annotation.Bean *;
@javax.annotation.PostConstruct *;
@javax.annotation.PreDestroy *;
@org.aspectj.lang.annotation.AfterReturning *;
@org.aspectj.lang.annotation.Pointcut *;
@org.aspectj.lang.annotation.AfterThrowing *;
@org.aspectj.lang.annotation.Around *;
}
-keep @org.springframework.stereotype.Service class *
-keep @org.springframework.stereotype.Controller class *
-keep @org.springframework.stereotype.Component class *
-keep @org.springframework.stereotype.Repository class *
-keep @org.springframework.cache.annotation.EnableCaching class *
-keep @org.springframework.context.annotation.Configuration class *
-keepattributes Signature
-dontwarn com.yumyumlabs.web.controllers.auth.AuthController
-dontwarn com.google.apphosting.api.ReflectionUtils
-dontwarn sun.misc.Unsafe
-dontwarn org.tartarus.snowball.**
-dontnote
-keepattributes Signature,RuntimeVisibleAnnotations,AnnotationDefault
但生成的jar无法运行
java.lang.IllegalStateException: Unable to open nested entry 'lib/spring-boot-starter-web-1.2.0.RELEASE.jar'. It has been compressed and nested jar files must be stored without compression. Please check the mechanism used to create your executable jar file
at org.springframework.boot.loader.jar.JarFile.createJarFileFromFileEntry(Unknown Source)
at org.springframework.boot.loader.jar.JarFile.createJarFileFromEntry(Unknown Source)
at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(Unknown Source)
at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchive(Unknown Source)
at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchives(Unknown Source)
at org.springframework.boot.loader.ExecutableArchiveLauncher.getClassPathArchives(Unknown Source)
at org.springframework.boot.loader.Launcher.launch(Unknown Source)
at org.springframework.boot.loader.JarLauncher.main(Unknown Source)
它告诉你这个问题。它正在压缩不允许的嵌入式JAR文件。你需要让它跳过子元素的压缩。可能最好完全跳过压缩。
真的,你可以跳过所有这一切,因为这使得逆向工程更难,但不能阻止它。如果你真的需要保密,那么你唯一真正的选择是将你的应用程序作为服务出售,而不是提供JAR,WAR,EAR等。
IllegalStateException:无法打开嵌套条目“lib / spring-boot-starter-web-1.2.0.RELEASE.jar”。它已被压缩,嵌套的jar文件必须在没有压缩的情况下存储。请检查用于创建可执行jar文件的机制
这可以通过重新打包未压缩的库来完成。这可以使用jar工具和以下bash脚本完成。该脚本只需在项目主目录中执行即可。
# some constant settings we use
work_dir=work
uncompress_dir=uncompress
library_dir=lib
# parameters for input and output files
# the name of the library that should be uncompressed
library_name="spring-boot-starter-web-1.2.0.RELEASE.jar"
# the obfuscated artifact
original_jar='webservice-obs-1.0.jar'
# the new obfuscated artifact (can be the same)
repacked_jar='webservice-obs-repack-1.0.jar'
# build the obfuscated library
mvn clean package -Dobfuscation
# create working directory and copy obfuscated artifact
mkdir target/$work_dir
cp target/$original_jar target/$work_dir
cd target/$work_dir
# extract contents of obfuscated artifact
jar xvf $original_jar
rm $original_jar
# uncompress the target library and jar again without compression (c0)
mkdir $uncompress_dir
mv $library_dir/$library_name $uncompress_dir
cd $uncompress_dir
jar xvf $library_name
rm $library_name
jar c0mf ./META-INF/MANIFEST.MF $library_name *
mv $library_name ../$library_dir
cd ..
rm -r $uncompress_dir
# jar the complete obfuscated artifact again
# it is important here to copy the manifest as otherwise the library would not be executeable any more by spring-boot
jar c0mf ./META-INF/MANIFEST.MF ../$repacked_jar *
# cleanup work dir
cd ..
rm -r $work_dir
如果有更多文件需要这种特殊处理,你可能需要再次这样做。执行此操作的库之一是例如石英。