dwschulze (36) [Avatar] Offline
#1
We need to prevent reverse engineering of our Java source code - or at least make it difficult to do. We currently distribute .war files, but they could be converted to osgi bundles. I'm considering encrypting the .jar files which would require a custom classloader to decrypt the .jar files. Here is a dormant product which used this approach:

www.componio.com/support/jinstaller/jinstaller_faq.html

We are using Glassfish 3.1, but I can't find anything on what it would take to replace the appropriate Glassfish classloader (probably the archive classloader) with a custom classloader that would decrypt our .jar files.

Would distributing our binaries as OSGI bundles make it easier to incorporate a custom classloader to decrypt the .jar files?

Thanks.
adcalves (28) [Avatar] Offline
#2
Re: Using a custom classloader with an osgi bundle
Hi,

Yes, I believe so, in two fronts:

1) OSGi would allow you to modularize your solution, so you could divide your application into bundles that need to be encrypted and bundles that do not (e.g. less important utility code). This would improve the efficiency of your application, as it would avoid you from having to decrypt everything at runtime.

2) It is easier to plug-in class-loader in an OSGi env.

Rgds,
dwschulze (36) [Avatar] Offline
#3
Re: Using a custom classloader with an osgi bundle
Great. Where do I look for some guidance or an example on how to do this?