Building Obfuscated Signed Java Web Start Applications with Maven
I have Java Web Start application with several libraries, some of which I want to obfuscate before the release. Unfortunately, I cannot use Webstart Maven Plugin since it works correctly only when all the dependencies, which will be assembled, are already present in the repository. In my case, I want to obfuscate libraries on-the-fly, sign them, put into zip file and deploy to my repository.
Instead, I attach the following chain of plugins to maven build lifecycle:
- Download keystore (refer to my older post
- Download all dependencies (except ones, which I will obfuscate) with Maven Dependency Plugin
- Run ProGuard on needed jars with Maven ProGuard Plugin
- Sign all the jars with Maven Jarsigner Plugin
- Filter JNLP file with Maven Resources Plugin
- Assemble application with Maven Assembly Plugin
Obfuscating Several Jars in One Single Maven Build with ProGuard
ProGuard is nice and free tool for obfuscating your code. Actually, it can do a lot more: shrink, optimize and verify your application. But here we will stick solely on obfuscating several jars in one build with ProGuard and Maven.
There are some documentation on ProGuard Maven Plugin website, something on Stack Overflow and ofcourse in official documentation.
Say, you have a complex Java Web Start application consisting of several modules. And you want to obfuscate each module before release. Of course, you do not want to obfuscate for internal usage, but want to do it only before release. What you can do is to use