弹簧靴混淆器 [英] Spring Boot obfuscator

问题描述

我正在使用带有bootRepackage gradle的Spring Boot来构建发布jar文件.我的项目需要先混淆代码，然后再交付给客户.我尝试了proguard和其他一些工具，但是发生了许多问题.我可以咨询如何配置此类工具以进行春季启动.

I'm using Spring Boot with bootRepackage gradle to build release jar file. My project need to obfuscator code before deliver to customer. I tried proguard and some other tool but many problem occur. Can i have advice how to config such tools for spring boot.

我尝试了使用这些配置的ProGuard

I tried ProGuard with these config

-injars  ./build/libs/webservice-1.0.jar
-outjars ./build/libs/webservice-obs-1.0.jar
-libraryjars <java.home>/lib/rt.jar
-keep class !myapplicationpackage.** { *; }
-keep class myapplicationpackage.Application { *; }

-ignorewarnings
-keepdirectories **
-dontshrink
-keepattributes *Annotation*

-keepclassmembers class com.yumyumlabs.** { java.lang.Long id; }
-keepnames class com.yumyumlabs.** implements java.io.Serializable

-keepclassmembers class * implements java.io.Serializable {
    static final long serialVersionUID;
    private static final java.io.ObjectStreamField[] serialPersistentFields;
    !static !transient <fields>;
    private void writeObject(java.io.ObjectOutputStream);
    private void readObject(java.io.ObjectInputStream);
    java.lang.Object writeReplace();
    java.lang.Object readResolve();
}


-keepclassmembers class * { 
    @org.springframework.beans.factory.annotation.Autowired *; 
    @org.springframework.beans.factory.annotation.Qualifier *; 
    @org.springframework.beans.factory.annotation.Value *; 
    @org.springframework.beans.factory.annotation.Required *;
    @org.springframework.context.annotation.Bean *;
    @javax.annotation.PostConstruct *;
    @javax.annotation.PreDestroy *;
    @org.aspectj.lang.annotation.AfterReturning *;
    @org.aspectj.lang.annotation.Pointcut *;
    @org.aspectj.lang.annotation.AfterThrowing *;
    @org.aspectj.lang.annotation.Around *;
}
-keep @org.springframework.stereotype.Service class *
-keep @org.springframework.stereotype.Controller class *
-keep @org.springframework.stereotype.Component class *
-keep @org.springframework.stereotype.Repository class *
-keep @org.springframework.cache.annotation.EnableCaching class *
-keep @org.springframework.context.annotation.Configuration class *
-keepattributes Signature

-dontwarn com.yumyumlabs.web.controllers.auth.AuthController



-dontwarn com.google.apphosting.api.ReflectionUtils
-dontwarn sun.misc.Unsafe




-dontwarn org.tartarus.snowball.**
-dontnote

-keepattributes Signature,RuntimeVisibleAnnotations,AnnotationDefault

但是生成的jar无法运行

But the generated jar cant run

java.lang.IllegalStateException: Unable to open nested entry 'lib/spring-boot-starter-web-1.2.0.RELEASE.jar'. It has been compressed and nested jar files must be stored without compression. Please check the mechanism used to create your executable jar file
at org.springframework.boot.loader.jar.JarFile.createJarFileFromFileEntry(Unknown Source)
at org.springframework.boot.loader.jar.JarFile.createJarFileFromEntry(Unknown Source)
at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(Unknown Source)
at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchive(Unknown Source)
at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchives(Unknown Source)
at org.springframework.boot.loader.ExecutableArchiveLauncher.getClassPathArchives(Unknown Source)
at org.springframework.boot.loader.Launcher.launch(Unknown Source)
at org.springframework.boot.loader.JarLauncher.main(Unknown Source)

推荐答案

这可以通过重新打包未压缩的库来完成.这可以通过jar工具和以下bash脚本来完成.只需在项目主目录中执行该脚本即可.

This can be done by repacking the uncompressed library. This can be done using the jar tool with the following bash script. The script simply has to be executed in the projects main directory.

# some constant settings we use
work_dir=work
uncompress_dir=uncompress
library_dir=lib

# parameters for input and output files
# the name of the library that should be uncompressed
library_name="spring-boot-starter-web-1.2.0.RELEASE.jar"
# the obfuscated artifact
original_jar='webservice-obs-1.0.jar'
# the new obfuscated artifact (can be the same)
repacked_jar='webservice-obs-repack-1.0.jar'

# build the obfuscated library
mvn clean package -Dobfuscation

# create working directory and copy obfuscated artifact
mkdir target/$work_dir
cp target/$original_jar target/$work_dir
cd target/$work_dir

# extract contents of obfuscated artifact
jar xvf $original_jar
rm $original_jar

# uncompress the target library and jar again without compression (c0)
mkdir $uncompress_dir
mv $library_dir/$library_name $uncompress_dir
cd $uncompress_dir
jar xvf $library_name
rm $library_name
jar c0mf ./META-INF/MANIFEST.MF $library_name *
mv $library_name ../$library_dir
cd ..
rm -r $uncompress_dir

# jar the complete obfuscated artifact again
# it is important here to copy the manifest as otherwise the library would not be executeable any more by spring-boot
jar c0mf ./META-INF/MANIFEST.MF ../$repacked_jar *

# cleanup work dir
cd ..
rm -r $work_dir

如果更多文件需要这种特殊处理，可能必须再次执行此操作.例如，石英就是其中一个库.

Probably you have to do this again if more files need this special handling. One of the libraries which do this is for example quartz.

这篇关于弹簧靴混淆器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！