BestHub
Sign in
Information Security 7 min read

Java Code Obfuscation with ProGuard: A Step‑by‑Step Guide

This article explains how Java source files are compiled into class files, how they can be decompiled, and provides a detailed, code‑rich tutorial on protecting a Spring Boot project by configuring ProGuard through a proguard.cfg file and Maven plugin to produce an obfuscated JAR.

Code Ape Tech Column
Code Ape Tech Column
Code Ape Tech Column
Java Code Obfuscation with ProGuard: A Step‑by‑Step Guide

The article begins with a brief overview of Java compilation (turning .java files into .class files) and decompilation, noting that tools like JD‑GUI can reconstruct source code from compiled JAR/WAR packages.

To prevent reverse engineering, the author introduces code obfuscation as a defensive technique and demonstrates its effect with example screenshots.

Step 1 – Create a ProGuard configuration file

In the project root, add proguard.cfg containing options such as target Java version, shrinking, optimization, class‑name mixing, attribute preservation, and rules to keep specific classes, enums, annotations, and parameter names. The full configuration is shown below:

# Specify Java version
-target 1.8
# Disable shrinking
-dontshrink
# Disable optimization
-dontoptimize
# Do not use mixed‑case class names
-dontusemixedcaseclassnames
# Use unique class‑member names
-useuniqueclassmembernames
# Keep attributes for exceptions, signatures, etc.
-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
# Keep interface names
-keepnames interface ** { *; }
# Keep parameter names
-keepparameternames
# Keep enum members and methods
-keepclassmembers enum * { *; }
# Keep Spring annotations and beans
-keepclassmembers class * {
    @org.springframework.context.annotation.Bean *;
    @org.springframework.beans.factory.annotation.Autowired *;
    @org.springframework.beans.factory.annotation.Value *;
    @org.springframework.stereotype.Service *;
    @org.springframework.stereotype.Component *;
}
# Suppress warnings and notes
-ignorewarnings
-dontnote
# Print configuration
-printconfiguration
-keep public class com.example.myproguarddemo.MyproguarddemoApplication {
    public static void main(java.lang.String[]);
}

Step 2 – Add the ProGuard Maven plugin to pom.xml

Insert the following plugin configuration inside the <build><plugins> section. It specifies the input JAR, output JAR, enables obfuscation, includes the external proguard.cfg , and sets library paths and filters.

<build>
    <plugins>
        <plugin>
            <groupId>com.github.wvengen</groupId>
            <artifactId>proguard-maven-plugin</artifactId>
            <version>2.6.0</version>
            <executions>
                <execution>
                    <phase>package</phase>
                    <goals>
                        <goal>proguard</goal>
                    </goals>
                </execution>
            </executions>
            <configuration>
                <injar>${project.build.finalName}.jar</injar>
                <outjar>${project.build.finalName}.jar</outjar>
                <obfuscate>true</obfuscate>
                <proguardInclude>${project.basedir}/proguard.cfg</proguardInclude>
                <libs>
                    <lib>${java.home}/lib/rt.jar</lib>
                    <lib>${java.home}/lib/jce.jar</lib>
                    <lib>${java.home}/lib/jsse.jar</lib>
                </libs>
                <inLibsFilter>!META-INF/**,!META-INF/versions/9/**.class</inLibsFilter>
                <outputDirectory>${project.basedir}/target</outputDirectory>
                <options>
                    <!-- additional ProGuard options can be placed here or in the external cfg file -->
                </options>
            </configuration>
        </plugin>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
            <executions>
                <execution>
                    <goals>
                        <goal>repackage</goal>
                    </goals>
                    <configuration>
                        <mainClass>com.example.myproguarddemo.MyproguarddemoApplication</mainClass>
                    </configuration>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

After saving the configuration, running mvn package compiles the project, applies ProGuard obfuscation, and produces an obfuscated JAR, as shown by the build logs and resulting artifact screenshots.

The final section encourages readers to like, share, and follow the author, and mentions a paid knowledge‑sharing community for further Spring and DDD micro‑service tutorials.

Javabackend developmentMaveninformation securitycode obfuscationProGuard
Code Ape Tech Column
Written by

Code Ape Tech Column

Former Ant Group P8 engineer, pure technologist, sharing full‑stack Java, job interview and career advice through a column. Site: java-family.cn

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment