Jar混淆加密Proguard（spring boot 版）

一般的.class文件可以通过jd-gui工具直接看到源码！

所以，再生产级别的java开发中，务必要是用jar包加密。

加密方式有三种：

1.proguard 混淆

（1）在pom文件中，引入proguard插件

<!--加载proguard的混淆插件，通过mvn package 打包即可-->
<build>
   <plugins>
      <plugin>
         <groupId>com.github.wvengen</groupId>
         <artifactId>proguard-maven-plugin</artifactId>
         <executions>
            <execution>
               <phase>package</phase>
               <goals><goal>proguard</goal></goals>
            </execution>
         </executions>
         <configuration>
            <proguardVersion>5.3.3</proguardVersion>
            <injar>${project.build.finalName}.jar</injar>
            <outjar>${project.build.finalName}.jar</outjar>
            <obfuscate>true</obfuscate>
            <proguardInclude>${project.basedir}/proguard.cfg</proguardInclude>
            <libs>
               <!-- Include main JAVA library required.-->
               <lib>${java.home}/lib/rt.jar</lib>
               <!-- Include crypto JAVA library if necessary.-->
               <lib>${java.home}/lib/jce.jar</lib>
            </libs>
         </configuration>
         <dependencies>
            <dependency>
               <groupId>net.sf.proguard</groupId>
               <artifactId>proguard-base</artifactId>
               <version>5.3.3</version>
            </dependency>
         </dependencies>
      </plugin>
      <plugin>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-maven-plugin</artifactId>
         <executions>
            <execution>
               <goals>
                  <goal>repackage</goal>
               </goals>
               <configuration>
                  <mainClass>com.xxl.job.admin.XxlJobAdminApplication</mainClass>
               </configuration>
            </execution>
         </executions>
      </plugin>
   </plugins>
</build>

 

（2）配置proguard.cfg文件（proguard.cfg文件必须和pom.xml文件同一目录）

-target 1.8 ##指定java版本号
-dontshrink ##默认是开启的，这里关闭shrink，即不删除没有使用的类/成员
-dontoptimize ##默认是开启的，这里关闭字节码级别的优化
-useuniqueclassmembernames ##对于类成员的命名的混淆采取唯一策略
-adaptclassstrings ## 混淆类名之后，对使用Class.forName('className')之类的地方进行相应替代
-dontusemixedcaseclassnames ## 混淆时不生成大小写混合的类名，默认是可以大小写混合
##对异常、注解信息在runtime予以保留，不然影响springboot启动
-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
##保留main方法的类及其方法名
-keepclasseswithmembers public class * { public static void main(java.lang.String[]);}
-keepclassmembers enum * { *; }  ##保留枚举成员及方法

## 保持对外的接口性质类对外的类名与方法名不变
#-keep class com.example.common.sort.exact.bean.**
-keep class com.xxl.job.admin.controller.**
-keep class com.xxl.job.admin.controller.** { *; }
#保持dao层类名不变
-keep class com.xxl.job.admin.dao.**
-keep class com.xxl.job.admin.dao.** { *; }  

-keep class  com.xxl.job.admin.core.model.**
-keep class  com.xxl.job.admin.core.model.** { *; } ##这里需要改成解析到哪个  javabean

##---------------Begin: proguard configuration for Gson ---------- # Gson uses generic type information stored in a class file when working with fields. Proguard # removes such information by default, so configure it to keep all of it. -keepattributes Signature # Gson specific classes -keep class sun.misc.Unsafe { *; } #-keep class com.google.gson.stream.** { *; } # Application classes that will be serialized/deserialized over Gson #-keep class com.google.gson.examples.android.model.** { *; } ##这里需要改成解析到哪个 javabean -keep class com.google.**{*;} -keepclassmembers class * implements java.io.Serializable { static final long serialVersionUID; private static final java.io.ObjectStreamField[] serialPersistentFields; private void writeObject(java.io.ObjectOutputStream); private void readObject(java.io.ObjectInputStream); java.lang.Object writeReplace(); java.lang.Object readResolve(); } ##---------------End: proguard configuration for Gson ----------

 

 

（3）启动类配置（防止spring初始化，bean重复问题）

package com.xxl.job.admin;

import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
import org.springframework.beans.factory.support.BeanNameGenerator;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;

/**
 * @author xuxueli 2018-10-28 00:38:13
 */
@SpringBootApplication
public class XxlJobAdminApplication {


    /**
     * 使用类路径命名空间，使得proguard混淆后，spring能区分实例
     */
    public static class CustomGenerator implements BeanNameGenerator {
        @Override
        public String generateBeanName(BeanDefinition definition, BeanDefinitionRegistry registry) {
            return definition.getBeanClassName();
        }
    }

    public static void main(String[] args) {
        new SpringApplicationBuilder(XxlJobAdminApplication.class)
                .beanNameGenerator(new CustomGenerator())
                .run(args);
    }


    /*public static void main(String[] args) {

        SpringApplication.run(XxlJobAdminApplication.class, args);
    }*/

}

 

（4）最后用mvn package   打包即可

 

 

 

 

2.Classloader加载期加密

.....

3.jvmti加密

......