BestHub
Sign in
Information Security 7 min read

How to Obfuscate Java Projects Using ProGuard and Maven

This article explains the concepts of Java compilation and decompilation, introduces code obfuscation with ProGuard, and provides step‑by‑step Maven configuration to protect Java applications from reverse engineering, including sample configuration files and build commands.

Sohu Tech Products
Sohu Tech Products
Sohu Tech Products
How to Obfuscate Java Projects Using ProGuard and Maven

Compilation

Compilation simply runs the code, turning .java files into .class files.

Decompilation

Decompilation reverses compiled .class files inside jar/war packages back to readable source code, often using tools like JD‑GUI.

Obfuscation

Obfuscation is a technique to make decompiled code unreadable, protecting the original source.

Implementation

The process consists of two main steps:

Step 1: Create a ProGuard configuration file

Add a proguard.cfg file in the project root with options such as target Java version, disabling shrinking and optimization, preserving class member names, keeping annotations, and specifying classes to keep un‑obfuscated.

# Specify Java version
-target 1.8
# Disable shrinking
-dontshrink
# Disable optimization
-dontoptimize
# Do not use mixed‑case class names
-dontusemixedcaseclassnames
# Use unique class member names
-useuniqueclassmembernames
# Adapt class strings
-adaptclassstrings
# Keep attributes
-keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod
# Keep interface names
-keepnames interface ** { *; }
# Keep parameter names
-keepparameternames
# Keep enum members
-keepclassmembers enum * { *; }
# Keep Spring annotations
-keepclassmembers class * {
    @org.springframework.context.annotation.Bean *;
    @org.springframework.beans.factory.annotation.Autowired *;
    @org.springframework.beans.factory.annotation.Value *;
    @org.springframework.stereotype.Service *;
    @org.springframework.stereotype.Component *;
}
# Ignore warnings and notes
-ignorewarnings
-dontnote
# Print configuration
-printconfiguration
-keep public class com.example.myproguarddemo.MyproguarddemoApplication {
    public static void main(java.lang.String[]);
}

Step 2: Add ProGuard Maven plugin to pom.xml

Insert the following plugin configuration inside the <build> section to run ProGuard during the Maven package phase, specifying input and output jars, enabling obfuscation, and including the proguard.cfg file.

<build>
    <plugins>
        <plugin>
            <groupId>com.github.wvengen</groupId>
            <artifactId>proguard-maven-plugin</artifactId>
            <version>2.6.0</version>
            <executions>
                <!-- Executes ProGuard when running mvn package -->
                <execution>
                    <phase>package</phase>
                    <goals>
                        <goal>proguard</goal>
                    </goals>
                </execution>
            </executions>
            <configuration>
                <injar>${project.build.finalName}.jar</injar>
                <outjar>${project.build.finalName}.jar</outjar>
                <obfuscate>true</obfuscate>
                <proguardInclude>${project.basedir}/proguard.cfg</proguardInclude>
                <libs>
                    <lib>${java.home}/lib/rt.jar</lib>
                    <lib>${java.home}/lib/jce.jar</lib>
                    <lib>${java.home}/lib/jsse.jar</lib>
                </libs>
                <inLibsFilter>!META-INF/**,!META-INF/versions/9/**.class</inLibsFilter>
                <outputDirectory>${project.basedir}/target</outputDirectory>
                <options/>
            </configuration>
        </plugin>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
            <executions>
                <execution>
                    <goals>
                        <goal>repackage</goal>
                    </goals>
                    <configuration>
                        <mainClass>com.example.myproguarddemo.MyproguarddemoApplication</mainClass>
                    </configuration>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

After configuring, run mvn package ; the build process will compile, obfuscate, and package the jar, producing an obfuscated artifact that is harder to reverse‑engineer.

Finally, verify the generated jar and observe the obfuscation effect.

JavaobfuscationmavenBuild ToolsProGuardcode protection
Sohu Tech Products
Written by

Sohu Tech Products

A knowledge-sharing platform for Sohu's technology products. As a leading Chinese internet brand with media, video, search, and gaming services and over 700 million users, Sohu continuously drives tech innovation and practice. We’ll share practical insights and tech news here.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment