dwschulze (36) [Avatar] Offline
We need to prevent reverse engineering of our Java source code - or at least make it difficult to do. We currently distribute .war files, but they could be converted to osgi bundles. I'm considering encrypting the .jar files which would require a custom classloader to decrypt the .jar files. Here is a dormant product which used this approach:


We are using Glassfish 3.1, but I can't find anything on what it would take to replace the appropriate Glassfish classloader (probably the archive classloader) with a custom classloader that would decrypt our .jar files.

Would distributing our binaries as OSGI bundles make it easier to incorporate a custom classloader to decrypt the .jar files?

adcalves (28) [Avatar] Offline
Re: Using a custom classloader with an osgi bundle

Yes, I believe so, in two fronts:

1) OSGi would allow you to modularize your solution, so you could divide your application into bundles that need to be encrypted and bundles that do not (e.g. less important utility code). This would improve the efficiency of your application, as it would avoid you from having to decrypt everything at runtime.

2) It is easier to plug-in class-loader in an OSGi env.

dwschulze (36) [Avatar] Offline
Re: Using a custom classloader with an osgi bundle
Great. Where do I look for some guidance or an example on how to do this?