我正在使用带有 bootRepackage gradle 的 Spring Boot 来构建发布 jar 文件。我的项目需要在交付给客户之前对代码进行混淆。我尝试了 proguard 和其他一些工具,但出现了很多问题。我可以建议如何为 Spring Boot 配置此类工具。
我用这些配置尝试了 ProGuard
-injars ./build/libs/webservice-1.0.jar
-outjars ./build/libs/webservice-obs-1.0.jar
-libraryjars <java.home>/lib/rt.jar
-keep class !myapplicationpackage.** { *; }
-keep class myapplicationpackage.Application { *; }
-ignorewarnings
-keepdirectories **
-dontshrink
-keepattributes *Annotation*
-keepclassmembers class com.yumyumlabs.** { java.lang.Long id; }
-keepnames class com.yumyumlabs.** implements java.io.Serializable
-keepclassmembers class * implements java.io.Serializable {
static final long serialVersionUID;
private static final java.io.ObjectStreamField[] serialPersistentFields;
!static !transient <fields>;
private void writeObject(java.io.ObjectOutputStream);
private void readObject(java.io.ObjectInputStream);
java.lang.Object writeReplace();
java.lang.Object readResolve();
}
-keepclassmembers class * {
@org.springframework.beans.factory.annotation.Autowired *;
@org.springframework.beans.factory.annotation.Qualifier *;
@org.springframework.beans.factory.annotation.Value *;
@org.springframework.beans.factory.annotation.Required *;
@org.springframework.context.annotation.Bean *;
@javax.annotation.PostConstruct *;
@javax.annotation.PreDestroy *;
@org.aspectj.lang.annotation.AfterReturning *;
@org.aspectj.lang.annotation.Pointcut *;
@org.aspectj.lang.annotation.AfterThrowing *;
@org.aspectj.lang.annotation.Around *;
}
-keep @org.springframework.stereotype.Service class *
-keep @org.springframework.stereotype.Controller class *
-keep @org.springframework.stereotype.Component class *
-keep @org.springframework.stereotype.Repository class *
-keep @org.springframework.cache.annotation.EnableCaching class *
-keep @org.springframework.context.annotation.Configuration class *
-keepattributes Signature
-dontwarn com.yumyumlabs.web.controllers.auth.AuthController
-dontwarn com.google.apphosting.api.ReflectionUtils
-dontwarn sun.misc.Unsafe
-dontwarn org.tartarus.snowball.**
-dontnote
-keepattributes Signature,RuntimeVisibleAnnotations,AnnotationDefault
但是生成的jar不能运行
java.lang.IllegalStateException: Unable to open nested entry 'lib/spring-boot-starter-web-1.2.0.RELEASE.jar'. It has been compressed and nested jar files must be stored without compression. Please check the mechanism used to create your executable jar file
at org.springframework.boot.loader.jar.JarFile.createJarFileFromFileEntry(Unknown Source)
at org.springframework.boot.loader.jar.JarFile.createJarFileFromEntry(Unknown Source)
at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(Unknown Source)
at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchive(Unknown Source)
at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchives(Unknown Source)
at org.springframework.boot.loader.ExecutableArchiveLauncher.getClassPathArchives(Unknown Source)
at org.springframework.boot.loader.Launcher.launch(Unknown Source)
at org.springframework.boot.loader.JarLauncher.main(Unknown Source)
最佳答案
它告诉你问题所在。它正在压缩不允许的嵌入 JAR 文件。您需要让它跳过子元素的压缩。可能最好完全跳过压缩。
真的,您可以跳过所有这些,因为这会使逆向工程变得更加困难,但不能阻止它。如果您真的需要保密,那么您唯一真正的选择是将您的应用程序作为服务出售,而不是提供 JAR、WAR、EAR 等。
IllegalStateException:无法打开嵌套的 条目“lib/spring-boot-starter-web-1.2.0.RELEASE.jar”。它已被压缩,嵌套的jar文件必须在没有压缩的情况下存储。请检查用于创建可执行jar文件的机制
关于Spring Boot 混淆器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27542110/