a major roadblock to using any of the server-side scripting architectures for developing commercial software is the fact that (traditionally) the source code must be delivered to customers when deploying applications.

java source code is compiled into an intermediate code called bytecode, and the java virtual machine (jvm) interprets this bytecode directly. its the bytecode that makes java class files completely platform-independent. not only is the bytecode easy to decompile, but the descriptive variable names are included in it (and thus in the decompiled source code), making it much easier to understand the decompiled source code. this presents another formidable roadblock to deploying commercial java-based software.

this article outlines a technique to protect jsp-based applications in such a way that they can be deployed to customers without giving away source code or class files that are easy to decompile. this technique employs features of the java 2 platform, enterprise edition (j2ee) web application specification and a bytecode protection technology called obfuscation. a detailed example is provided that enables you to better understand the issues and the solution.

javaserver pages (jsp) provide a rapid development and deployment analog to active server pages (asp) with a few significant advantages. servlet source code is generated from the .jsp files in the form of .java files. these are then compiled into standard servlet .class files.

these servlet classes are loaded into a server (referred to as a container in java nomenclature). the container routes jsp requests to the corresponding class. with asp, the source code is actively interpreted at the server and the response is sent back to the client. with jsp, the java bytecode is preloaded into the container, making responses to requests highly efficient.

web application architecture

• 软件资讯
• 技术指南
• 开发文档
• 编程技术
• 程序编程
• 数据库技术
• 服务器
• 项目开发
• 游戏编程

• 软件开发
• 服务器技术
• 行业资讯
• 程序相关
• 编程博文

• Growing JSP And Servlet Sites @ JDJ
• Application Server Metamorphosis @ JDJ
• XMLSPY2004 and MAPFORCE2004 @ JDJ
• ObjectAssembler 2.5 Enterprise Edition by ObjectVenture, Inc. @ JDJ
• Adaptive Server Anywhere Version 8 by iAnywhere Solutions @ JDJ
• IntelliJ IDEA 3.0 @ JDJ
• Java-Miner by CAST @ JDJ
• Product Review: Forte for Java 3.0 @ JDJ
• View Of JMS From The Inside @ JDJ
• Packaging Java Applications for OS X @ JDJ
• A Three-Way Query @ JDJ
• Making A Mountain Out Of An Anthill @ JDJ
• Java Applet Used By U.S. Army @ JDJ
• SNMP Creates New Toolset For Design Of Access Agents @ JDJ
• EJB 3.0 Preview @ JDJ
• Is Java Bigger than Sun? - The Java Ecosystem Debates the Future of Java @ JDJ
• Java Object Serialization for Performance @ JDJ
• Managing Build Complexity with Apache Ant 1.6 @ JDJ
• The Week that Was @ JDJ
• Swing Low, Swing High, Sweet Desktop @ JDJ
• Infravio to Speak at Web Services Edge 2005 East in Boston @ JDJ
• Developer Viewpoint: Open-Source Not Java Itself...but "JRT" @ JDJ
• J2EE Today @ JDJ
• Best Practices for JDBC Programming @ JDJ
• Java Unplugged @ JDJ