Using ProGuard for Java Code Obfuscation in Maven Projects

Compilation turns .java files into .class files, while decompilation can reverse .class back to source code, often using JD‑GUI.

To prevent easy decompilation, code obfuscation can be applied; this article demonstrates using ProGuard.

First, create a proguard.cfg file in the project root with options such as -target 1.8, -dontshrink, -dontoptimize, -dontusemixedcaseclassnames, -useuniqueclassmembernames, -adaptclassstrings, -keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod, -keepnames interface ** { *; }, -keepparameternames, -keepclassmembers enum * { *; }, and various -keepclassmembers for Spring annotations, plus -ignorewarnings, -dontnote, -printconfiguration, and a -keep rule for the main application class.

Second, add the ProGuard Maven plugin to the <build> section of pom.xml with configuration specifying the input and output JAR, enabling obfuscation, including the proguard.cfg , library paths, filters, output directory, and any additional options.

After configuring, running mvn package builds the project, applies ProGuard, and produces an obfuscated JAR, which can be verified by the displayed build output and resulting JAR file.