DEVHIDE
Login Or Sign up

How to obfuscate WAR with maven plugin for Proguard?

50 Views Asked by At

How do I obfuscate a WAR using proguard? I have one WAR which contains multiple dependencies as JARs inside and I want to obfuscate only my codebase, by filtering by package name (leaving the rest of dependencies intact).

I'm getting thousands of warnings. How do I even do this? Am I supposed to skim through every single one of them and check if they have to be looked at / suppressed? am I missing a piece of configuration?

why am I getting warnings, shouldn't all dependencies be there?

java version is 8

<plugin>
    <groupId>com.github.wvengen</groupId>
    <artifactId>proguard-maven-plugin</artifactId>
    <version>${proguard.maven.plugin.version}</version>
    <executions>
        <execution>
            <phase>package</phase>
            <goals>
                <goal>proguard</goal>
            </goals>
        </execution>
    </executions>
    <configuration>
        <proguardVersion>${proguard.version}</proguardVersion>
        <injar>${project.build.finalName}.war</injar>
        <outjar>${project.build.finalName}.obfuscated.war</outjar>
        <obfuscate>true</obfuscate>
        <options>
            <option>-dontnote !my.package**</option>

            <option>-dontskipnonpubliclibraryclassmembers</option>
            <option>-dontshrink</option>
            <option>-dontoptimize</option>

            <option>-adaptclassstrings</option>
            <!-- This option will save all original annotations and etc. Otherwise all we be removed from files.-->
            <option>-keepattributes
                Signature,
                *Annotation*
            </option>

            <option>-ignorewarnings</option>
            <!-- This option will save all original class files (without obfuscate) in service package-->
            <!-- <option>-keep class com.slm.proguard.example.spring.boot.service { *; }</option>-->
            <!-- This option will save all original interfaces files (without obfuscate) in all packages.-->
            <option>-keep interface !my.package** { *; }</option>
            <option>-keep class !my.package** { *; }</option>
        </options>
        <injarNotExistsSkip>true</injarNotExistsSkip>
        <libs>
            <!--Put here your libraries if required-->
            <lib>${java.home}/lib/rt.jar</lib>
            <lib>${java.home}/lib/jce.jar</lib>
        </libs>
    </configuration>
    <dependencies>
        <dependency>
            <groupId>com.guardsquare</groupId>
            <artifactId>proguard-base</artifactId>
            <version>${proguard.version}</version>
        </dependency>
    </dependencies>
</plugin>
java proguard war proguard-maven-plugin
Original Q&A
1

There are 1 best solutions below

1
Emmanuel Bourg On

You have to obfuscate the JAR before building the WAR file. The proguard plugin should be only applied to the .war if it contains classes in the WEB-INF/classes directory.

Related Questions in JAVA

Related Questions in PROGUARD

Related Questions in WAR

Related Questions in PROGUARD-MAVEN-PLUGIN

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.