obfuscating war projects

654 views
Skip to first unread message

Lemao

unread,
Aug 11, 2009, 11:26:08 PM8/11/09
to pyx4me-users
I have been having some difficulties trying to obfuscate a maven war
project with proguard-maven-plugin.

I basically have a war project (A.war) that depends on a jar project
(B.jar). Each of these project have their own external dependencies.

I also set the maven-war-plugin to archiveClasses=true which generates
A.jar inside A.war(/WEB-INF/lib).

I basically attached the proguard plugin to the package phase and
would like to see it obfuscated A.jar and B.jar inside the war and
generate a new A-small.war with everything and A.jar/B.jar obfuscated.

If I set includeDependencies to false and manually add inclusions only
the inclusions I added appear in the resulting A-small.war but their
are merged and none of the other folders/jars are included. If I set
the includeDependencies to true and let the plugin deal with that for
me I get an error saying that "The input doesn't contain any
classes.".

Does any of you could paste a sample plugin configuration that could
shed some light on this?

thanks in advance.

Vlad Skarzhevskyy

unread,
Aug 11, 2009, 11:55:27 PM8/11/09
to pyx4me...@googlegroups.com
You probably want to do a complete build as one module.
I don't think that is a valid approach for maven.

May I suggest to create module for A.jar then create a module for
A-obfuscated.jar or do this in one A module.
Then create a W.war as different module that depends on
A-obfuscated.jar this should make your task much easier....

But If you want to create a A+B-obfuscated.jar then as well create a
separate module for this and use it in W.war module.

Once you have all this figured out then you may think about combining
all the build in one pom if it is possible.
Keep in mind that maven-war-plugin replaces maven-jar-plugin for 'war'
packaging.

But clearly separating artifacts into different modules is the maven approach.

Clearly I never tried to insert produarg to war packaging pom because
for me the readability of stack traces in production web application
is the mojor point. This may be different for web applications for
GAE when Google impose the limit on the size of application. But I
still have not hit the limit.

Vlad

Lemao

unread,
Aug 12, 2009, 12:22:54 AM8/12/09
to pyx4me-users
I thought about that but it is the kind of compromise that I am not
willing to take: I hate to see the project structure change due to a
limitatation(s) of the build tool.

I was expecting that the pyx4me plugin would allow me to feed the
artifact packaged by maven and produce the -small artifact with the
exact same contents but with injars replaced by outjars.

After thinking about about this, maybe the best course of action would
be to ditch the pyx4me proguard plugin and use antrun to perform the
obsufcation using proguard directly and then replacing the jars with
the obfuscated ones when generating the -small artifact. Not sure just
yet how to attach this new artifact to the install/deploy.

thanks for your input.
Reply all
Reply to author
Forward
0 new messages