Hi all, Thanks for you guys last time regarding my boss 'funky' idea for software protection. Since I am still his employee and a responsible developer, I am still planning to finish up this task. Now i am at in the forest which got a bit lost. Let me clarify again what I am going to achieve:
1. Compile all JSPs into .class (done) 2. Create key generator in order to generate Key and later put it into both Tomcat and our system 3. Create encryption key generator for the class files encryption 4. Create encrypt util class to do the encryption 5. Create my own classloader which can be used by tomcat to decrypt our class files 1 and 2 seems ok for now .. 3 and 4 is also tested fine (I am using DES for now). I had wrote a simple classloader which extends JVM's default classloader. It's decryption works fine with simple class files. When I was trying to make a similar implementation for tomcat. I found it's not that easy. There are few paths in my head which made me dizzy: Path 1. Make an independent classloader which extends URLClassLoader Path 2. Modify WebappClassLoader Path 3. As the classloading doc mentioned, configure customized loader which is located in shared folder I had tried Path 3 and it never gets me success. Any ideas about implementing custom classloader for this special purpose? Li