Building Obfuscated Signed Java Web Start Applications with Maven
I have Java Web Start application with several libraries, some of which I want to obfuscate before the release. Unfortunately, I cannot use Webstart Maven Plugin since it works correctly only when all the dependencies, which will be assembled, are already present in the repository. In my case, I want to obfuscate libraries on-the-fly, sign them, put into zip file and deploy to my repository.
Instead, I attach the following chain of plugins to maven build lifecycle:
- Download keystore (refer to my older post
- Download all dependencies (except ones, which I will obfuscate) with Maven Dependency Plugin
- Run ProGuard on needed jars with Maven ProGuard Plugin
- Sign all the jars with Maven Jarsigner Plugin
- Filter JNLP file with Maven Resources Plugin
- Assemble application with Maven Assembly Plugin
Signing Jars on a Build Server
Here I will discuss a problem which occurs, when you want to sign a jar in your continuous integration. Where keystore should be kept? A solution is provided using local maven repository.
However, we do not want to hardcode path to the keystore in our pom.xml. But keystore is pretty static, so we can copy it to all developers machines and build server! But this is solution, since different machines can have different operation systems.
But since keystore is static, we can