Spring Boot混淆器

Question

我正在使用Spring Boot和bootRepackage gradle来构建发布jar文件.在交付给客户之前,我的项目需要混淆代码.我试过proguard和其他一些工具,但很多问题发生.我可以建议如何为春季启动配置这样的工具.

我用这些配置尝试了ProGuard

-injars  ./build/libs/webservice-1.0.jar
-outjars ./build/libs/webservice-obs-1.0.jar
-libraryjars <java.home>/lib/rt.jar
-keep class !myapplicationpackage.** { *; }
-keep class myapplicationpackage.Application { *; }

-ignorewarnings
-keepdirectories **
-dontshrink
-keepattributes *Annotation*

-keepclassmembers class com.yumyumlabs.** { java.lang.Long id; }
-keepnames class com.yumyumlabs.** implements java.io.Serializable

-keepclassmembers class * implements java.io.Serializable {
    static final long serialVersionUID;
    private static final java.io.ObjectStreamField[] serialPersistentFields;
    !static !transient <fields>;
    private void writeObject(java.io.ObjectOutputStream);
    private void readObject(java.io.ObjectInputStream);
    java.lang.Object writeReplace();
    java.lang.Object readResolve();
}


-keepclassmembers class * { 
    @org.springframework.beans.factory.annotation.Autowired *; 
    @org.springframework.beans.factory.annotation.Qualifier *; 
    @org.springframework.beans.factory.annotation.Value *; 
    @org.springframework.beans.factory.annotation.Required *;
    @org.springframework.context.annotation.Bean *;
    @javax.annotation.PostConstruct *;
    @javax.annotation.PreDestroy *;
    @org.aspectj.lang.annotation.AfterReturning *;
    @org.aspectj.lang.annotation.Pointcut *;
    @org.aspectj.lang.annotation.AfterThrowing *;
    @org.aspectj.lang.annotation.Around *;
}
-keep @org.springframework.stereotype.Service class *
-keep @org.springframework.stereotype.Controller class *
-keep @org.springframework.stereotype.Component class *
-keep @org.springframework.stereotype.Repository class *
-keep @org.springframework.cache.annotation.EnableCaching class *
-keep @org.springframework.context.annotation.Configuration class *
-keepattributes Signature

-dontwarn com.yumyumlabs.web.controllers.auth.AuthController



-dontwarn com.google.apphosting.api.ReflectionUtils
-dontwarn sun.misc.Unsafe




-dontwarn org.tartarus.snowball.**
-dontnote

-keepattributes Signature,RuntimeVisibleAnnotations,AnnotationDefault

但生成的jar无法运行

java.lang.IllegalStateException: Unable to open nested entry 'lib/spring-boot-starter-web-1.2.0.RELEASE.jar'. It has been compressed and nested jar files must be stored without compression. Please check the mechanism used to create your executable jar file
at org.springframework.boot.loader.jar.JarFile.createJarFileFromFileEntry(Unknown Source)
at org.springframework.boot.loader.jar.JarFile.createJarFileFromEntry(Unknown Source)
at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(Unknown Source)
at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchive(Unknown Source)
at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchives(Unknown Source)
at org.springframework.boot.loader.ExecutableArchiveLauncher.getClassPathArchives(Unknown Source)
at org.springframework.boot.loader.Launcher.launch(Unknown Source)
at org.springframework.boot.loader.JarLauncher.main(Unknown Source)

Answer 1

它正在告诉你问题所在。它正在压缩嵌入的 JAR 文件，这是不允许的。您需要让它跳过子元素的压缩。也许最好完全跳过压缩。

实际上，您可以跳过所有这些，因为这会使逆向工程变得有点困难，但这并不能阻止它。如果您真的非常需要保密，那么您唯一真正的选择是将您的应用程序作为服务出售，而不是提供 JAR、WAR、EAR 等。

IllegalStateException：无法打开嵌套条目“lib/spring-boot-starter-web-1.2.0.RELEASE.jar”。它已被压缩，嵌套的 jar 文件必须在不压缩的情况下存储。请检查用于创建可执行 jar 文件的机制