This week's book giveaway is in the Java in General forum. We're giving away four copies of Beginning Java 17 Fundamentals: Object-Oriented Programming in Java 17 and have ishori Sharan & Adam L Davis on-line! See this thread for details.
How would anyone get access to the JSP files that are running on a server? Do you have reason to mistrust the server's system administrators?
Also, JSPs should not contain any business logic at all - that is part of the Java source code which is not part of the web app to begin with. The class files are part of the web app, or course, and they can be decompiled, but again - the attacker would have to have access to the server's file system.
Actually the person who deployed that application had deployed it through jar file, he just compile the jsp page and make jar file of .class pages . Now i enhance some pages of in this old application in which jsp pages contain most of business logic, and i have to send new release. Hope you understand now.
Well as you said of JDeveloper, here is another perspective, are you using Oracle ADF in your project?
If so, an adf web project can be packed in a JAR which is entirely different case and what all other ranchers are saying here.
Basically, adf allows you to pack web project into a jar including jsp/jspx,images etc and refer these components within another web project after including this jar in it.
But of course once your supposed attacker has access to the server's file system, putting the application into a jar is worth exactly nothing. Once the attacker has the jar file, it takes just seconds to extract all of its contents.