How to configure ProGuard on Spring Boot 2.6.X and Java 1.11.X?

I have an application built in Spring Boot 2 that I would like to obfuscate. The ide generates a .war file, not .jar.
Is it possible to use this addiction to achieve my goal?
Am I in the right forum?
I understood that I have to add 2 things in the .pom file but I cannot find a configuration of the plugin that works on the internet.
I am a beginner, I am not an expert on Spring Security.
Thank you

	<dependency>
		<groupId>com.github.wvengen</groupId>
		<artifactId>proguard-maven-plugin</artifactId>
		<version>2.5.3</version>
	</dependency>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-antrun-plugin</artifactId>
				<version>2.5.3</version>
				<executions>
					<execution>
						????
					</execution>
				</executions>
			</plugin>

Hi there,

we talked via e-mail, but it seems that my information did not help you.

Your setup is broken, you are using the proguard-maven-plugin as a dependency, but you have to use this as a build-plugin.

Please make sure to use plugin as shown in the documentation:
https://wvengen.github.io/proguard-maven-plugin/

    <build>
        <plugins>
            <plugin>
                <groupId>com.github.wvengen</groupId>
                <artifactId>proguard-maven-plugin</artifactId>
                <executions>
                   <execution>
                       <phase>package</phase>
                       <goals><goal>proguard</goal></goals>
                   </execution>
                </executions>
                <configuration>
                    <options>
                        <option>-allowaccessmodification</option>
                        <option>-keep public class * extends java.applet.Applet { *; }</option>
                    </options>
                    <libs>
                        <lib>${java.home}/lib/rt.jar</lib>
                    </libs>
                </configuration>
            </plugin>
        </plugins>
    </build>

Please post your pom.xml as complete as possible, as it depends on several factors.

First of all thank you for all your answers and for your support.
I am not looking for an impregnable solution but a functional solution that is lasting over time. I expect to be able to update the application to Spring Boot 3 and JDK 17 when the latest version of the framework is official without too much suffering. The code I show you does not modify my .war file, all classes keep their name. I use Thymeleaf and this I think is the biggest problem for ProGuard. As you can see from my pom.xml my project is very simple. In the code you posted I don’t understand this note of yours:
<option>-keep public class * extends java.applet.Applet { *; }</option>
Which class should remain public?
I use JDK 11, I have to use this reference, right? (rt.jar > jrt-fs.jar)
<lib>${java.home}/lib/jrt-fs.jar</lib>
I am not looking for anything refined but only an xml code that can last for as long as possible.
Here is my code:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.6.6</version>
		<relativePath/>
	</parent>
	<groupId>it.applicazionijava</groupId>
	<artifactId>gestioneutenti</artifactId>
	<version>8.0</version>
	<packaging>war</packaging>
	<name>gestioneutenti</name>
	<description>WebApp con Spring Boot, Security, Thymeleaf e PostgreSQL</description>
	<properties>
		<java.version>11</java.version>
	</properties>
	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-thymeleaf</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<dependency>
			<groupId>org.thymeleaf.extras</groupId>
			<artifactId>thymeleaf-extras-springsecurity5</artifactId>
		</dependency>
		<dependency>
			<groupId>org.postgresql</groupId>
			<artifactId>postgresql</artifactId>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-tomcat</artifactId>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-test</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-devtools</artifactId>
			<optional>true</optional>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-jdbc</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-validation</artifactId>
		</dependency>
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.apache.commons</groupId>
			<artifactId>commons-csv</artifactId>
			<version>1.9.0</version>
		</dependency>
		<dependency>
			<groupId>org.apache.poi</groupId>
			<artifactId>poi-ooxml</artifactId>
			<version>5.2.1</version>
		</dependency>
	</dependencies>
	<build>
		<finalName>app-${version}</finalName>
		<pluginManagement>
			<plugins>
				<plugin>
					<groupId>org.apache.maven.plugins</groupId>
					<artifactId>maven-compiler-plugin</artifactId>
				</plugin>
				<plugin>
					<groupId>org.apache.maven.plugins</groupId>
					<artifactId>maven-war-plugin</artifactId>
					<configuration>
						<packagingExcludes>
							WEB-INF/classes/it/applicazionijava/${project.name}/CrittografarePassword.class,
							WEB-INF/classes/application-sviluppo.properties,
							WEB-INF/classes/KeyStore.jks,
							WEB-INF/classes/funzioni.sql,
							WEB-INF/classes/drop.sql,
							WEB-INF/classes/templates/pagine-applicazione.html
						</packagingExcludes>
					</configuration>
				</plugin>
				<plugin>
					<groupId>com.github.wvengen</groupId>
					<artifactId>proguard-maven-plugin</artifactId>
					<executions>
						<execution>
							<phase>package</phase>
							<goals><goal>proguard</goal></goals>
						</execution>
					</executions>
					<configuration>
						<options>
							<option>-allowaccessmodification</option>
						</options>
						<libs>
							<lib>${java.home}/lib/jrt-fs.jar</lib>
						</libs>
					</configuration>
				</plugin>
			</plugins>
		</pluginManagement>
	</build>
</project>

I have been waiting for a while for a solution to my case but I have not found anything. This is a ProGuard specific forum. If you can’t answer my question, I can’t do it. Can you recommend a solution that is compatible with my pom.xml? I don’t need anything fancy, even the simplest solution is fine, as long as it works for as long as possible.

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.6.6</version>
		<relativePath/>
	</parent>
	<groupId>it.applicazionijava</groupId>
	<artifactId>gestioneutenti</artifactId>
	<version>9.0</version>
	<packaging>war</packaging>
	<name>gestioneutenti</name>
	<description>WebApp con Spring Boot, Security, Thymeleaf e PostgreSQL</description>
	<properties>
		<java.version>11</java.version>
	</properties>
	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-thymeleaf</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<dependency>
			<groupId>org.thymeleaf.extras</groupId>
			<artifactId>thymeleaf-extras-springsecurity5</artifactId>
		</dependency>
		<dependency>
			<groupId>org.postgresql</groupId>
			<artifactId>postgresql</artifactId>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-tomcat</artifactId>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-test</artifactId>
			<scope>test</scope> 
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-devtools</artifactId>
			<optional>true</optional>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-jdbc</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-validation</artifactId>
		</dependency>
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.apache.commons</groupId>
			<artifactId>commons-csv</artifactId>
			<version>1.9.0</version>
		</dependency>
		<dependency>
			<groupId>org.apache.poi</groupId>
			<artifactId>poi-ooxml</artifactId>
			<version>5.2.1</version>
		</dependency>
	</dependencies>
	<build>
		<finalName>NomeApplicazione-${version}</finalName>
		<pluginManagement>
			<plugins>
				<plugin>
					<groupId>org.apache.maven.plugins</groupId>
					<artifactId>maven-compiler-plugin</artifactId>
				</plugin>
				<plugin>
					<groupId>org.apache.maven.plugins</groupId>
					<artifactId>maven-war-plugin</artifactId>
					<configuration>
						<packagingExcludes>
							WEB-INF/classes/it/applicazionijava/${project.name}/CrittografarePassword.class,
							WEB-INF/classes/application-sviluppo.properties,
							WEB-INF/classes/KeyStore.jks,
							WEB-INF/classes/funzioni.sql,
							WEB-INF/classes/drop.sql
						</packagingExcludes>
					</configuration>
				</plugin>
			</plugins>
		</pluginManagement>
	</build>
</project>

Why don’t you provide support for your plugin?

Is there no basic configuration for this plugin? I am unable to write any code for this plugin. Can’t you give me the exact code to add to my pom? Can’t you tell me exactly where to put this code?

Hi @Federico_Galimberti! The maven plugin is an open-source project that is separate from ProGuard itself. Guardsquare does not provide support for it directly but we can try to help you out. You could also ask on the plugin’s GitHub page by making an issue there (Issues · wvengen/proguard-maven-plugin · GitHub).

Have you check the documentation for the plugin? Maven proguard Plug-In – Overview

Thanks, as soon as you have a solution, I’ll try it right away. I’ve already tried to write a lot of code but never solved.