Hi all,
Thanks for you guys last time regarding my boss 'funky' idea for software
protection. Since I am still his employee and a responsible developer, I am
still planning to finish up this task. Now i am at in the forest which got a
bit lost. Let me clarify again what I am going to achieve:
1. Compile all JSPs into .class (done)
2. Create key generator in order to generate Key and later put it into both
Tomcat and our system
3. Create encryption key generator for the class files encryption
4. Create encrypt util class to do the encryption
5. Create my own classloader which can be used by tomcat to decrypt our
class files
1 and 2 seems ok for now .. 3 and 4 is also tested fine (I am using DES for
now). I had wrote a simple classloader which extends JVM's default
classloader. It's decryption works fine with simple class files.
When I was trying to make a similar implementation for tomcat. I found it's
not that easy. There are few paths in my head which made me dizzy:
Path 1. Make an independent classloader which extends URLClassLoader
Path 2. Modify WebappClassLoader
Path 3. As the classloading doc mentioned, configure customized loader which
is located in shared
folder
I had tried Path 3 and it never gets me success. Any ideas about
implementing custom classloader for this special purpose?
Li
