Maven can easily run allatori to obfuscate your .jar files when packaging them. If you haven’t bought allatori, you can also use their demo version available on their website. It’s also helpful to read their documentation.
Simply create a new folder in your project’s base directory, called allatori, and move the allatori.jar and allatori-annotations.jar from the allatori lib/ directory inside that folder.
allatori.xml
Now, we have to create the configuration file that tells allatori on what to do. Create a new file called allatori.xml inside your allatori folder and copy/paste the following code. Obviously you have to change the .jar name at the top, and maybe also adjust the <keep-names>
section a bit.
<config> <input> <!-- Replace with your .jar name --> <jar in="Drop2InventoryPlus.jar" out="Drop2InventoryPlus.jar"/> </input> <keep-names> <!-- Keep all class names, only obfuscate their contents --> <class template="class *" /> <!-- Do not rename EventHandler methods --> <method template="@org.bukkit.event.EventHandler *(**)" /> <!-- Do not rename our custom Event's getHandlerList method --> <class template="class extends org.bukkit.event.Event"> <method template="public static getHandlerList(**)" /> </class> <!-- Do not rename @Override methods like onEnable, etc --> <method template="@java.lang.Override *(**)" /> <!-- If your plugin has an API, keep that method names too --> <class template="class de.jeff_media.drop2inventory.Drop2InventoryAPI"> <method template="public *(**)" /> </class> </keep-names> <property name="log-file" value="log.xml"/> <property name="packages-naming" value="keep"/> <property name="extensive-flow-obfuscation" value="maximum"/> <property name="generics" value="keep"/> <property name="line-numbers" value="keep"/> <property name="inner-classes" value="remove"/> <property name="remove-toString" value="enable"/> <!-- Not allowed as per SpigotMC rules --> <property name="synthetize-methods" value="disable"/> <property name="synthetize-fields" value="disable"/> <!-- Only allowed for paid plugins as per SpigotMC rules --> <!-- When you're uploading a free plugin, change "enable" to "disable" --> <property name="string-encryption" value="enable"/> <property name="string-encryption-type" value="fast"/> <!-- You can remove this when not using SpigotMC's premium resource placeholders --> <property name="string-encryption-ignored-strings" value="../allatori/spigotmc-patterns.txt"/> </config>
Important: String Encryption is not allowed for free plugins on SpigotMC, so you have to disable it when obfuscating a free plugin.
spigotmc-patterns.txt (optional)
You’ll also need create another file called spigotmc-patterns.txt inside your allatori directory when you didn’t remove the string-encraption-ignored-strings option from your allatori.xml:
%%__USER__%% %%__RESOURCE__%% %%__NONCE__%% *%%__USER__%%* *%%__RESOURCE__%%* *%%__NONCE__%%*
pom.xml
We’re done with the allatori configuration. Only thing left to do is to tell maven to run the obfuscation everytime we package the .jar file.
Add this inside your pom.xml’s <plugins>
section:
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> <version>2.6</version> <executions> <execution> <id>copy-and-filter-allatori-config</id> <phase>package</phase> <goals> <goal>copy-resources</goal> </goals> <configuration> <outputDirectory>${basedir}/target</outputDirectory> <resources> <resource> <directory>${basedir}/allatori</directory> <includes> <include>allatori.xml</include> </includes> <filtering>true</filtering> </resource> </resources> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>exec-maven-plugin</artifactId> <version>1.2.1</version> <executions> <execution> <id>run-allatori</id> <phase>package</phase> <goals> <goal>exec</goal> </goals> </execution> </executions> <configuration> <executable>java</executable> <arguments> <argument>-Xms128m</argument> <argument>-Xmx512m</argument> <argument>-jar</argument> <argument>${basedir}/allatori/allatori.jar</argument> <argument>${basedir}/target/allatori.xml</argument> </arguments> </configuration> </plugin>
When you want to use allatori’s annotations (which you will want to do, I will explain why below), you also have to add the allatori-annotations.jar as dependency. Normally, you would want to install that file to your local repository, but I leave this to you to change this if the systemPath method is annoying you:
<dependency> <groupId>com.allatori</groupId> <artifactId>allatori-annotations</artifactId> <version>7.8</version> <scope>system</scope> <systemPath>${project.basedir}/allatori/allatori-annotations.jar</systemPath> </dependency>
Additional information
You’re basically done! Just run mvn clean package
(or whatever maven lifecycle you’re using to normally build your .jar) and it should be working.
HOWEVER you might run into problems when your plugin provides an API for other plugins to use, or if you didn’t properly use the @Override
annotation for certain methods, like onEnable()
. There’s one basic rule:
If something else depends on it, don’t rename it.
To do so, you can use allatori’s @DoNotRename
annotation. For example, let’s say we have a method called apiMethod()
somewhere in our code, that can be used by other plugins as well. Allatori would rename this method which means other plugins cannot access it anymore. To avoid that, we simply add the annotation:
@DoNotRename public void apiMethod() { ... }
There are other useful annotations provided by allatori that you can use, for example to disable String Encryption for certain classes. Just take a look at allatori’s documentation – the annotations are explained at the very bottom.
That’s it!
Thanks for reading.
Thanks, this is awesome!
Any downsides in using the demo version of allatori?
Weaker obfuscation and you’re not allowed to use it commercially
Don’t certain parts of Allatori go against the premium plugin guidelines?
That’s correct, but I’ve taken that into account of course. The mentioned settings are totally allowed on SpigotMC, and I’m using them myself like this all the time 🙂
I’m curious to find out what blog system you have been utilizing?
I’m having some minor security issues with my latest blog and I’d like
to find something more risk-free. Do you have any solutions?
I think this is among the so much important info for me. And i’m satisfied
reading your article. But wanna commentary on some
general things, The website style is perfect, the articles
is actually excellent : D. Excellent process, cheers
sussius bakus