I want to obfuscate my web application built as WAR archive, as this sensitive application in first time deployed outside our data center. I tried to use the Proguard GUI tool to obfuscate the input war, with all the service jar required for the UI application, with other external dependencies. Though the Proguard runs successfully with some warnings, ex., duplicate definition of library class [javax.servlet.UnavailableException], the output war contains no classes, but has lib with the library jars and web.xml files. Any steps I mess? Any right document on this? I would appreciate if anyone can provide the right document or steps to successfully obfuscate a WAR file with dependent project (a .jar file) and other external jar files (that needs no obfuscation).

you wouldn't obfuscate a war but rather the jars your using. What you can do here is setup your project so the project that makes up the war - configuration xml, WEB-INF content, resources and the web content and servlet definitions and put your java in a library project. Obfuscate the library project and use those obfuscated jars in your web project.

That's what I do, hope it helps.

I have done the same way. I used the below url for code obfuscation and i am successful.

http://bratonfire.blogspot.com/2012/01/war-file-obfuscation-using-proguard.html

I created a new folder and redirected output of classes to this folder. But the strange thing is that i am able to see the .java and .class files in the two locations. I am also worried about recreating a war file. can someone mention the clear and detailed steps.

Thanks, Rahul

We also have the same issue and need to obfuscate all classes packaged in war file.Here is the approach that I followed. Firstly we need to set order of plugins **(compiler, proguard, war)**declared in pom.xml file as below.

                <plugin>
                    <artifactId>maven-compiler-plugin</artifactId>
                    <version>3.5.1</version>

                    <configuration>
                        <source>1.8</source>
                        <target>1.8</target>
                    </configuration>
                </plugin>

                <plugin>
                    <groupId>com.github.wvengen</groupId>
                    <artifactId>proguard-maven-plugin</artifactId>
                    <version>2.0.14</version>
                    <configuration>

                    </configuration>
                    <executions>
                        <execution>
        <!-- Dont worry about compiler error. For first time, change this value to package so that plugin installs successfully. -->
                            <phase>process-classes</phase>
                            <goals>
                                <goal>proguard</goal>
                            </goals>
                        </execution>
                    </executions>
                    <dependencies>
                        <dependency>
                            <groupId>net.sf.proguard</groupId>
                            <artifactId>proguard-base</artifactId>
                            <version>1.0</version>
                        </dependency>
                    </dependencies>
                </plugin>

                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-war-plugin</artifactId>
                    <version>3.2.2</version>

                    <configuration>
                        <warName>mfs-transaction-management</warName>
                        <warSourceDirectory>WebContent</warSourceDirectory>
                        <failOnMissingWebXml>false</failOnMissingWebXml>
        <!-- Exclude your default packages from war packaging. Do not include "**" in double quotes in actual code   -->
                        <packagingExcludes>
                            WEB-INF/classes/com/package/mypackage1/"**",
                            WEB-INF/classes/com/package/mypackage2/"**",
                        </packagingExcludes>

                        <webResources>
                            <webResource>
                                <directory>${project.build.directory}/proguardClasses</directory>
                                <targetPath>WEB-INF/classes</targetPath>
                            </webResource>
                        </webResources>         
                    </configuration>
                </plugin>

            </plugins>`

Then create a file proguard.conf under the root of your project at the same level where pom.xml is placed. Add your own configuration regarding proguard in the file and the add below two lines in this file to tell input and output folder to proguard plugin. You need to set paths according to your project structure in these lines

            -injars 'C:\Users\Rajdeep\git\dfs-core\mfs-transaction-management\target\classes'
            -outjars 'C:\Users\Rajdeep\git\dfs-core\mfs-transaction-management\target\proguardClasses'

Apart from this you need to install proguard-base manually in maven repository using mvn install command. Provide your own groupid, artifact and version and made same changes to pom. It is proguard.jar found under proguard6.0.3\lib folder when you download proguard manually. I think everything will be ok and now when you run mvn clean package, your war file should included obfuscated class files.

Use Proguard GUI to obfuscate war files. Once you run proguardgu.bat or proguardgui.sh file from bin folder of your proguard directory. You can select wars by clicking Input/output menu.