As we know , there are a lot of java decompiler tools which can convert .class to .java file.
Therefore,we need to protect our .java files against decompiler. I know this is a big topic,and maybe there is no ending.
Usually, there are two ways : obfuscator and customized classloader.
Is there any mature solution or open source framework, which combined those two ways ?
Another aspect is related with exe4j, which package jars to exe file,seems like it can protect java codes , because what we can see is exe file instead of jars or class files. But indeed, when it runs, it decompose all jars files into temporary directories, that means it is easy to get class files for decompiler.
So any considerations for protecting java codes from the aspect of exe4j ?
Thanks for your comments and suggests.
Updating
Thanks everyone for your suggest or experience share. That is helpful to me.
To make a conclusion, I will give up any obfuscator or customized classloader with encryption things. Because finally Java codes can be disclosed before clever hackers.
I will remove some core codes during compiler time using tricks like “#ifdef” in C language. In Java, static and final boolean class variable can be used to do the same job.
Then the compilered class file will not contain need-protected java codes.
You can’t protect the class files from a decompiler and from malicious users. However the output of the decompiler may not be valid java.
The best method is to document your API (assuming this is available for your customers to use) and application very very well. And have your support personnel be able to resolve API and application issues. Then your customers will have no reason to want to use a decompiler to explore why things are not working correctly.