Skip to main content

Multi Module Maven Project with Obfuscation

Warning! 

This article is not up-to-date anymore and might be inaccurate. Please refer to following post.


 This article is an extension to article named Multi Module Maven Project Using Assembly Plugin. Assembly module is added with obfuscation configuration.
Obfuscation is a technique to make byte code harder to reverse engineer to protect source code. In Java word there are not many freeware obfuscation tools. One of the well known obfuscation tools is named proguard. It has a nice maven plugin. But I could not make proguard-base 4.10 work. It gave ClassNotFoundErrors due to worngly obfuscated class names.

Another option is yguard from yworks. Yguard has an ant task and works with maven ant-run plugin as well. My experience with yguard is pretty well, it works just fine.

Below is the pom file for assembly module with obfuscation configuration.


<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <artifactId>myproject</artifactId>
        <groupId>com.mygroup</groupId>
        <version>1.0</version>
    </parent>

    <modelVersion>4.0.0</modelVersion>
    <artifactId>myproject-assembly</artifactId>
    <packaging>pom</packaging>

    <dependencies>
        <dependency>
            <artifactId>myproject-module2</artifactId>
            <groupId>com.mygroup</groupId><!-- Before first build 'LATEST' may cause errors, replace it with a valid version number and build.
            After  a successful build, LATEST is good to go again. -->
            <version>LATEST</version>
            <scope>compile</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <artifactId>maven-assembly-plugin</artifactId>
                <executions>
                    <execution>
                        <id>make-bundles</id>
                        <goals>
                            <goal>single</goal>
                        </goals>
                        <phase>package</phase>
                        <configuration>
                            <finalName>${project.build.finalName}</finalName>
                            <appendAssemblyId>false</appendAssemblyId>
                            <descriptors>
                                <descriptor>src/assembly/bin.xml</descriptor>
                            </descriptors>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <artifactId>maven-dependency-plugin</artifactId>
                <executions>
                    <execution>
                        <phase>install</phase>
                        <goals>
                            <goal>copy-dependencies</goal>
                        </goals>
                        <configuration>
                            <outputDirectory>${project.build.directory}/lib</outputDirectory>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <artifactId>maven-antrun-plugin</artifactId>
                <version>1.7</version>
                <executions>
                    <execution>
                        <phase>install</phase>
                        <configuration>
                            <target>
                              <!-- make a fileset of the libraries, these are not obfuscated -->
                                <path id="external.lib.path">
                               <fileset dir="${project.build.directory}\lib" includes="*.jar"/>
                                </path>

 <taskdef name="yguard" classname="com.yworks.yguard.YGuardTask" classpath="yguard/yguard.jar"/>
                                <yguard>
                                    <externalclasses refid="external.lib.path"/><inoutpair in="target/${project.build.finalName}.jar" out="target/${project.build.finalName}_obfuscated.jar"/>


                                    <shrink logfile="${project.build.directory}\yguard.log.xml">
                                        <property name="error-checking" value="pedantic"/>

                                    </shrink>

                                    <!-- keep name of main class and main method --><rename mainclass="com.mygroup.myproject.module2.Main" logfile="${project.build.directory}\yguard.log.xml" replaceClassNameStrings="true">
                                        <property name="error-checking" value="pedantic"/>

                                        <!-- plain-text class names in the config files will -->
                                        <!-- be replaced with the obfuscated name versions -->
                                        <!--adjust replaceContent="true">
                                            <include name="**/*.xml"/>
                                            <include name="**/*.properties"/>
                                        </adjust-->

                            <!-- keep the complete path to the resources, (gifs...) even if
                                  package com.mycompany.myapp gets obfuscated by name -->
                                        <!--adjust replacePath="false">
                                            <include name="com/pkg/persistence/*"/>
                                        </adjust-->

                              <!-- Replace the .properties files' names with the obfuscated -->
                              <!-- versions if the corresponding .class files get obfuscated -->
                                        <!--adjust replaceName="true">
                                            <include name="**/*.properties"/>
                                        </adjust-->

                                        <keep>
                                            <class classes="public" methods="public">
                                                <patternset>
<!—include name="com.mygroup.myproject.module1.**.*"/-->
<!-- spring configuration files refers classes in following packages --><include name="com.mygroup.myproject.module1.model.*"/><include name="com.mygroup.myproject.module1.dao.*"/><include name="com.mygroup.myproject.module2.service.**.*"/>
                                                </patternset>
                                            </class>
                                        </keep>

                                    </rename>
                                </yguard>

                            </target>
                        </configuration>
                        <goals>
                            <goal>run</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</project>


All project files can be downloaded from here.
Labels:

Comments

Post a Comment

Popular posts from this blog

Obfuscating Spring Boot Projects Using Maven Proguard Plugin

Introduction Obfuscation is the act of reorganizing bytecode such that it becomes hard to decompile. Many developers rely on obfuscation to save their sensitive code from undesired eyes. Publishing jars without obfuscation may hinder competitiveness because rivals may take advantage of easily decompilable nature of java binaries. Objective Spring Boot applications make use of public interfaces, annotations which makes applications harder to obfuscate. Additionally, maven Spring Boot plugin creates a fat jar which contains all dependent jars. It is not viable to obfuscate the whole fat jar. Thus obfuscating Spring Boot applications is different than obfuscating regular java applications and requires a suitable strategy. Audience Those who use Spring Boot and Maven and wish to obfuscate their application using Proguard are the target audience for this article. Sample Application As the sample application, I will use elastic search synch application from my GitHub repository.
4 comments
Read more

Hadoop Installation Document - Standalone Mode

This document shows my experience on following apache document titled “Hadoop:Setting up a Single Node Cluster”[1] which is for Hadoop version 3.0.0-Alpha2 [2]. A. Prepare the guest environment Install VirtualBox. Create a virtual 64 bit Linux machine. Name it “ubuntul_hadoop_master”. Give it 500MB memory. Create a VMDK disc which is dynamically allocated up to 30GB. In network settings in first tab you should see Adapter 1 enabled and attached to “NAT”. In second table enable adapter 2 and attach to “Host Only Adaptor”. First adapter is required for internet connection. Second one is required for letting outside connect to a guest service. In storage settings, attach a Linux iso file to IDE channel. Use any distribution you like. Because of small installation size, I choose minimal Ubuntu iso [1]. In package selection menu, I only left standard packages selected.  Login to system.  Setup JDK. $ sudo apt-get install openjdk-8-jdk Install ssh and pdsh, if not already i
3 comments
Read more

Java: Cost of Volatile Variables

Introduction Use of volatile variables is common among Java developers as a way of implicit synchronization. JIT compilers may reorder program execution to increase performance. Java memory model[1] constraints reordering of volatile variables. Thus volatile variable access should has a cost which is different than a non-volatile variable access. This article will not discuss technical details on use of volatile variables. Performance impact of volatile variables is explored by using a test application. Objective Exploring volatile variable costs and comparing with alternative approaches. Audience This article is written for developers who seek to have a view about cost of volatile variables. Test Configuration Test application runs read and write actions on java variables. A non volatile primitive integer, a volatile primitive integer and an AtomicInteger is tested. Non-volatile primitive integer access is controlled with ReentrantLock and ReentrantReadWriteLock  to compa
Post a Comment
Read more