Java – Proguard does not obscure jar dependencies
I have a project with POM given below XML file When I issue the command MVN clean compile assembly: single install, I want Maven to generate a jar that contains
>All dependencies and @ h_ 301_ 3 @ > fuzzy version of my code
It doesn't work - my code is not obscured in the "Jar - with - dependencies" file
When I run MVN clean compilation and installation, the generated file contains the fuzzy code of my application, but there is no dependency
What should I do to have a jar file with all the dependencies and my obfuscated code?
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany</groupId>
<artifactId>myproduct</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>
<properties>
<restlet-version>2.3.5</restlet-version>
</properties>
<dependencies>
<dependency>
<groupId>org.spongepowered</groupId>
<artifactId>spongeapi</artifactId>
<version>3.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert-core</artifactId>
<version>2.0M8</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>1.10.19</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet.ext.jackson</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>
<build>
<resources>
<resource>
<directory>${project.basedir}/src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>templating-maven-plugin</artifactId>
<version>1.0-alpha-3</version>
<executions>
<execution>
<id>filter-src</id>
<goals>
<goal>filter-sources</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</plugin>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</plugin>
</plugins>
</build>
</project>
Update 1 (17.01.2016 19:54 MSK): the Proguard configuration was changed as follows, but the MVN clean compiled assembly: single still generates jars using unambiguous class files
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
</execution>
</executions>
<configuration>
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</plugin>
Update 2 (17.01.2016 20:29 MSK): MVN clean compile assembly: single install failed The last message can be seen here
Solution
The ProGuard Maven plugin will blur the main artifact of the project, rather than the auxiliary artifact jar with dependencies generated by the Maven assembly plugin
You need to configure the plug-in to obscure jar with dependencies by specifying the injar attribute:
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar>
Now, there is another problem in the order of executing plug-ins in POM: we need to ensure that Maven assembly plug-in is executed before ProGuard Maven plug-in Therefore, it is better to define the explicit execution of Maven assembly plugin bound to the software package phase, rather than manually calling it from the command line using assembly: single This will be the configuration:
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assembly</id>
<goals>
<goal>single</goal>
</goals>
<phase>package</phase>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</execution>
</executions>
</plugin>
Then, you just need to ensure that the ProGuard Maven plugin is configured after the POM
After doing so, calling Maven using MVN clean install will result in a confusing jar containing dependency
To test your actual POM, I added two repositories:
> https://repo.spongepowered.org/maven To resolve the beachapi dependency@ H_ 301_ 3@> http://maven.restlet.com To parse org restlet. JSE dependencies
For these two dependencies, Proguard generates a warning because org restlet. The ext.jackson dependency uses com.jackson that is not on the build path sun. msv.* Class Since I think your code is working, this means that these classes do not need to be included, and these warnings can be ignored Therefore, I added the - dontwarn option so that Proguard will not make an error when a warning occurs
The final POM that I can successfully blur jars using dependencies is as follows:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany</groupId>
<artifactId>myproduct</artifactId>
<version>1.0-SNAPSHOT</version>
<repositories>
<repository>
<id>spongepowered</id>
<url>https://repo.spongepowered.org/maven</url>
</repository>
<repository>
<id>restlet</id>
<url>http://maven.restlet.com</url>
</repository>
</repositories>
<properties>
<restlet-version>2.3.5</restlet-version>
</properties>
<build>
<resources>
<resource>
<directory>${project.basedir}/src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>templating-maven-plugin</artifactId>
<version>1.0-alpha-3</version>
<executions>
<execution>
<id>filter-src</id>
<goals>
<goal>filter-sources</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assembly</id>
<goals>
<goal>single</goal>
</goals>
<phase>package</phase>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.github.wvengen</groupId>
<artifactId>proguard-maven-plugin</artifactId>
<version>2.0.8</version>
<executions>
<execution>
<phase>package</phase>
<goals><goal>proguard</goal></goals>
<configuration>
<injar>${project.build.finalName}-jar-with-dependencies.jar</injar> <!-- make sure to obfuscate the jar with dependencies -->
<proguardVersion>5.2</proguardVersion>
<options>
<option>-allowaccessmodification</option>
<option>-dontoptimize</option>
<option>-dontshrink</option>
<option>-dontnote</option>
<option>-dontwarn</option> <!-- added option to ignore com.sun missing classes -->
<option>-keepattributes Signature</option>
<option>-keep class com.mycompany.MyPlugin { *; }</option>
</options>
<libs>
<lib>${java.home}/lib/rt.jar</lib>
</libs>
<dependencies>
<dependency>
<groupId>net.sf.proguard</groupId>
<artifactId>proguard-base</artifactId>
<version>5.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.spongepowered</groupId>
<artifactId>spongeapi</artifactId>
<version>3.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
<dependency>
<groupId>org.easytesting</groupId>
<artifactId>fest-assert-core</artifactId>
<version>2.0M8</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>1.10.19</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>org.restlet.jse</groupId>
<artifactId>org.restlet.ext.jackson</artifactId>
<version>${restlet-version}</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>
</project>