This week's book giveaway is in the Spring forum. We're giving away four copies of Pro Spring MVC with WebFlux: Web Development in Spring Framework 5 and Spring Boot 2 and have Marten Deinum & Iuliana Cosmina on-line! See this thread for details.
We are using jboss 5.1 to deploy our application. Now we want to secure our .class files, so we are trying to encrypt the .class files.
but once we use encrypted .class files, jboss throws error (rather warnings saying
WARN [org.jboss.detailed.classloader.ClassLoaderManager] (main) Unexpected error during load of:xxx.xxx.UserController
java.lang.ClassFormatError: Unknown constant tag 80 in class file xxx/xxx/UserController)
To solve this issue, I got the source of jboss-classloader.jar (This jar is in /lib folder of jboss), and I saw that the class BaseClaseLoader is the class which finally calls jvm's classloader.
Hence I changed the code of BaseClassLoader's loadClassLocally method, and decrypted the class before it calls jvm's classloader. And it worked.
Now I dont want to modify jboss's source code hence I am looking for a way to do this without modifying the jboss libraries. I was going through http://java.dzone.com/articles/jboss-microcontainer-classloading and I feel it is possible to load encrypted classes into jboss by creating custom ClassLoaderPolicy. I tried a lot to do this, but I am not able to get it working.
Can some one tell me how I can add a custom class loader to jboss 5.1 which can decrypt the .class files before loading it.
God is a comedian playing for an audience that is afraid to laugh - Voltair. tiny ad: