Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Encrypting the web application classes

 
sreenath reddy
Ranch Hand
Posts: 415
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

I have a web application and WEB-INF lib has some jars ....i dont wany any one using my web application to obfuscate my code ..hence i want a way to encrypt my classes and if so whats the way of decrypting them because while loading the classes tomcat may not be able to load those encrypted classes properly

can any one elaborate on this ??

Regards
Sreenath
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65118
89
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not a JSP question so moving to Java in General (intermediate).
 
Manuel Moons
Ranch Hand
Posts: 229
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think you actually want to obfuscate your jar files. Obfuscating class files removes all information such as line numbers, variable names, class names, method names, etc...

This protected your code from being stolen (copied) by others.

Obfuscation = encryption of code.

You can use for instance Retroguard (http://www.retrologic.com/) to obfuscate your code.
 
sreenath reddy
Ranch Hand
Posts: 415
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

i will encrypt using his tool ...but do i need to something from my server side ?? i mean will jvm understand this and will be able to load the class

And also is there any free tool for this because this is licensed for commercial use
 
Manuel Moons
Ranch Hand
Posts: 229
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use yGuard. This is free.

You do not need anything on your server side. The only thing that you have to do is run your classes through the obfuscator.

You have to make sure that all public methods are not obfuscated. An obfuscator actually discards all the variable, method and classnames. So if you have some methods and classes that you refer to externally you have to say to the obfuscator that is must leave these things alone.

In most obfuscator you will have to write a text file with the names of the classes and methods that may not be obfuscated. You will have to read the obfuscator's manuals for this.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic