Maven Plugin Integration
Automate your code protection with the Bozar Maven Plugin. Once configured, the plugin automatically obfuscates your application every time you generate a JAR file, handling all dependencies and exclusions seamlessly with no manual steps needed.
Prerequisites
- Maven-based Java project
- A Bozar account with an API key (create one in your dashboard)
- Java 8 or higher
Installation
Step 1: Add JitPack Repository
First, add the JitPack repository to your pom.xml:
<pluginRepositories>
<pluginRepository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</pluginRepository>
</pluginRepositories>Step 2: Add the Plugin
Add the plugin to your pom.xml in the <build><plugins> section:
<plugin>
<groupId>com.github.vimasig</groupId>
<artifactId>bozar-maven-plugin</artifactId>
<version>1.0.1</version>
<configuration>
<apiKey>${env.BOZAR_API_KEY}</apiKey>
</configuration>
<executions>
<execution>
<goals>
<goal>obfuscate</goal>
</goals>
</execution>
</executions>
</plugin>Version Tags
The plugin uses GitHub release tags for versioning (e.g., 1.0.1). Check the latest releases for available versions.
Configuration
API Key (Required)
Set your Bozar API key as an environment variable:
# Windows (PowerShell)
$env:BOZAR_API_KEY="bzr_your_api_key_here"
# Windows (Command Prompt)
set BOZAR_API_KEY=bzr_your_api_key_here
# Linux/macOS
export BOZAR_API_KEY=bzr_your_api_key_hereAlternatively, pass it as a Maven property:
mvn package -Dbozar.apiKey=bzr_your_api_key_hereBest Practice
Never commit API keys to version control. Use environment variables or CI/CD secrets.
Obfuscation Type (Optional)
Configure the level of obfuscation:
<configuration>
<apiKey>${env.BOZAR_API_KEY}</apiKey>
<obfuscationType>advanced</obfuscationType>
</configuration>Available types: basic, advanced (default), or experimental.
Exclusion Rules (Optional)
Protect specific classes, methods, or fields from obfuscation using XML configuration:
<configuration>
<apiKey>${env.BOZAR_API_KEY}</apiKey>
<exclusions>
<classes>
<class>com.example.api.PublicModel</class>
<class>com.example.dto.**</class>
</classes>
<methods>
<method>get*()</method>
<method>set*()</method>
</methods>
<fields>
<field>serialVersionUID</field>
<field>SECRET_*</field>
</fields>
</exclusions>
</configuration>Exclusion patterns support wildcards:
*— matches any characters except dots (single package level)**— matches any characters including dots (multiple package levels)?— matches any single character!prefix — inverts the rule (force include)
For detailed syntax and examples, see the Exclusion Rules page.
Skip Obfuscation (Optional)
Disable obfuscation for specific builds:
<configuration>
<apiKey>${env.BOZAR_API_KEY}</apiKey>
<skip>true</skip>
</configuration>Or via command line:
mvn package -Dbozar.skip=trueHow It Works
- Build Phase: Maven compiles your project and packages the JAR
- Upload: The plugin uploads your JAR to the Bozar servers
- Obfuscation: Bozar processes your application with the specified configuration
- Download: The obfuscated JAR replaces the original in your
target/directory
Dependency Handling
The plugin automatically:
- Resolves all compile and runtime dependencies from your
pom.xml - Uploads them alongside your JAR for proper class hierarchy analysis
- Ensures the obfuscator can correctly compute stack frames and resolve type hierarchies
- Logs the number of dependencies uploaded during the build
WARNING
The plugin operates on the final JAR after packaging. Ensure your project builds successfully before the plugin runs.
Rate Limits
API requests are subject to rate limiting to ensure fair usage. If you encounter rate limit errors during CI/CD builds, consider spacing out your builds.
Build Lifecycle
The plugin binds to the package phase by default:
mvn package # Compiles, packages, and obfuscatesComplete Example
Here's a full pom.xml configuration:
<project>
<!-- ... other project configuration ... -->
<pluginRepositories>
<pluginRepository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</pluginRepository>
</pluginRepositories>
<build>
<plugins>
<!-- Standard compiler plugin -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.11.0</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<!-- Bozar obfuscation plugin -->
<plugin>
<groupId>com.github.vimasig</groupId>
<artifactId>bozar-maven-plugin</artifactId>
<version>1.0.1</version>
<configuration>
<apiKey>${env.BOZAR_API_KEY}</apiKey>
<obfuscationType>advanced</obfuscationType>
<exclusions>
<classes>
<class>com.example.api.**</class>
</classes>
<methods>
<method>get*()</method>
<method>set*()</method>
</methods>
<fields>
<field>serialVersionUID</field>
</fields>
</exclusions>
</configuration>
<executions>
<execution>
<goals>
<goal>obfuscate</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>Troubleshooting
Authentication Failed
Error: HTTP 401 or "Authentication failed"
Solution: Verify your API key is correct and active in your Bozar dashboard.
Connection Refused
Error: Connection refused or "Backend unavailable"
Solution:
- Check firewall/network settings
Build Timeout
Error: "Obfuscation timed out"
Solution: Large applications may take longer. The plugin waits up to 10 minutes by default.
Rate Limit Exceeded
Error: HTTP 429 or "Too many requests"
Solution: Your API key has exceeded the rate limit. Wait a few moments before retrying.
CI/CD Integration
GitHub Actions
- name: Build and Obfuscate
env:
BOZAR_API_KEY: ${{ secrets.BOZAR_API_KEY }}
run: mvn clean packageGitLab CI
build:
script:
- mvn clean package
variables:
BOZAR_API_KEY: $BOZAR_API_KEYJenkins
withEnv(['BOZAR_API_KEY=credentials("bozar-api-key")']) {
sh 'mvn clean package'
}Next Steps
- Configuration Options - Learn about obfuscation types
- Exclusion Rules - Protect specific code from obfuscation