Maven can easily run allatori to obfuscate your .jar files when packaging them. If you haven’t bought allatori, you can also use their demo version available on their website. It’s also helpful to read their documentation.
Simply create a new folder in your project’s base directory, called allatori, and move the allatori.jar and allatori-annotations.jar from the allatori lib/ directory inside that folder.
allatori.xml
Now, we have to create the configuration file that tells allatori on what to do. Create a new file called allatori.xml inside your allatori folder and copy/paste the following code. Obviously you have to change the .jar name at the top, and maybe also adjust the <keep-names> section a bit.
<config> <input> <!-- Replace with your .jar name --> <jar in="Drop2InventoryPlus.jar" out="Drop2InventoryPlus.jar"/> </input> <keep-names> <!-- Keep all class names, only obfuscate their contents --> <class template="class *" /> <!-- Do not rename EventHandler methods --> <method template="@org.bukkit.event.EventHandler *(**)" /> <!-- Do not rename our custom Event's getHandlerList method --> <class template="class extends org.bukkit.event.Event"> <method template="public static getHandlerList(**)" /> </class> <!-- Do not rename @Override methods like onEnable, etc --> <method template="@java.lang.Override *(**)" /> <!-- If your plugin has an API, keep that method names too --> <class template="class de.jeff_media.drop2inventory.Drop2InventoryAPI"> <method template="public *(**)" /> </class> </keep-names> <property name="log-file" value="log.xml"/> <property name="packages-naming" value="keep"/> <property name="extensive-flow-obfuscation" value="maximum"/> <property name="generics" value="keep"/> <property name="line-numbers" value="keep"/> <property name="inner-classes" value="remove"/> <property name="remove-toString" value="enable"/> <!-- Not allowed as per SpigotMC rules --> <property name="synthetize-methods" value="disable"/> <property name="synthetize-fields" value="disable"/> <!-- Only allowed for paid plugins as per SpigotMC rules --> <!-- When you're uploading a free plugin, change "enable" to "disable" --> <property name="string-encryption" value="enable"/> <property name="string-encryption-type" value="fast"/> <!-- You can remove this when not using SpigotMC's premium resource placeholders --> <property name="string-encryption-ignored-strings" value="../allatori/spigotmc-patterns.txt"/> </config>
Important: String Encryption is not allowed for free plugins on SpigotMC, so you have to disable it when obfuscating a free plugin.
spigotmc-patterns.txt (optional)
You’ll also need create another file called spigotmc-patterns.txt inside your allatori directory when you didn’t remove the string-encraption-ignored-strings option from your allatori.xml:
%%__USER__%% %%__RESOURCE__%% %%__NONCE__%% *%%__USER__%%* *%%__RESOURCE__%%* *%%__NONCE__%%*
pom.xml
We’re done with the allatori configuration. Only thing left to do is to tell maven to run the obfuscation everytime we package the .jar file.
Add this inside your pom.xml’s <plugins> section:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>2.6</version>
<executions>
<execution>
<id>copy-and-filter-allatori-config</id>
<phase>package</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${basedir}/target</outputDirectory>
<resources>
<resource>
<directory>${basedir}/allatori</directory>
<includes>
<include>allatori.xml</include>
</includes>
<filtering>true</filtering>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>1.2.1</version>
<executions>
<execution>
<id>run-allatori</id>
<phase>package</phase>
<goals>
<goal>exec</goal>
</goals>
</execution>
</executions>
<configuration>
<executable>java</executable>
<arguments>
<argument>-Xms128m</argument>
<argument>-Xmx512m</argument>
<argument>-jar</argument>
<argument>${basedir}/allatori/allatori.jar</argument>
<argument>${basedir}/target/allatori.xml</argument>
</arguments>
</configuration>
</plugin>
When you want to use allatori’s annotations (which you will want to do, I will explain why below), you also have to add the allatori-annotations.jar as dependency. Normally, you would want to install that file to your local repository, but I leave this to you to change this if the systemPath method is annoying you:
<dependency>
<groupId>com.allatori</groupId>
<artifactId>allatori-annotations</artifactId>
<version>7.8</version>
<scope>system</scope>
<systemPath>${project.basedir}/allatori/allatori-annotations.jar</systemPath>
</dependency>
Additional information
You’re basically done! Just run mvn clean package (or whatever maven lifecycle you’re using to normally build your .jar) and it should be working.
HOWEVER you might run into problems when your plugin provides an API for other plugins to use, or if you didn’t properly use the @Override annotation for certain methods, like onEnable(). There’s one basic rule:
If something else depends on it, don’t rename it.
To do so, you can use allatori’s @DoNotRename annotation. For example, let’s say we have a method called apiMethod() somewhere in our code, that can be used by other plugins as well. Allatori would rename this method which means other plugins cannot access it anymore. To avoid that, we simply add the annotation:
@DoNotRename
public void apiMethod() {
...
}
There are other useful annotations provided by allatori that you can use, for example to disable String Encryption for certain classes. Just take a look at allatori’s documentation – the annotations are explained at the very bottom.
That’s it!
Thanks for reading.
Join my Discord Server for feedback or support. Just check out the channel #programming-help 🙂
Thanks, this is awesome!
Any downsides in using the demo version of allatori?
Weaker obfuscation and you’re not allowed to use it commercially
Don’t certain parts of Allatori go against the premium plugin guidelines?
That’s correct, but I’ve taken that into account of course. The mentioned settings are totally allowed on SpigotMC, and I’m using them myself like this all the time 🙂
sussius bakus
Thanks <3
What’s up, I check your blog on a regular basis.
Your writing style is awesome, keep doing what you’re doing!
You have made some really good points there. I looked on the internet for more information about the issue and
found most individuals will go along with
your views on this website.
Does the performance of the plugin decrease significantly because of this?
No, not at all.