Reputation: 1948
How to Compile Java Servlets and many other classes with GCJ?
Currently i have a back-end system written in Java that process, massage and forward the data to a external HSM module for encryption. It was consider secure enough back then. However, recent audit findings requires all back-end Java classes to be secured as well.
I have read about GCJ, it compiles the Java Byte codes to Native code. This will definitely make it harder to reverse engineer.
After more than 30 hours googling & trying, i couldn't even get the compile going. I failed to To compile with GCJ on my 5 servlets and more than hundreds other java classes. That also means, I have not test it with tomcat yet, i have no idea where this is going.
So here are the questions i wish to know:
1) anyone out there has any success compiling java sevlets with GCJ and running it under Tomcat? If yes, is there any guide or sample directly related to compiling a java servlet?
2) am i on the right path in securing java classes? If not, then what is the better approach?
Upvotes: 2
Views: 776
Answers (2)
Reputation: 3165
You can compile Tomcat Web apps natively with Excelsior JET (NOTE: I work for Excelsior)
Upvotes: 0
Reputation: 3958
I have read about GCJ, it compiles the Java Byte codes to Native code. This will definitely make it harder to reverse engineer.
This is a false assumption. If you want to obfuscate your Java bytecode use ProGuard.
anyone out there has any success compiling java sevlets with GCJ and running it under Tomcat? If yes, is there any guide or sample directly related to compiling a java servlet?
Think about what you are trying to do here. Tomcat loads servlets dynamically by importing the class files inside a Jar file or directory. GCJ compiles Java classes to executables or native library files. Tomcat won't be able to load these native binary files at run time.
You might be able to make your own web server by embedding Jetty and compiling it with GCJ but I doubt that's what you really want to do. There are a ton of bytecode obfuscation tools out there that are made to solve this very problem. ProGuard is what Google recommends for Android development and is free.
Update
If you are using reflection in your app you can configure ProGuard to not rename/remove certain classes with the following lines in your proguard.cnf file.
-keep public class * extends com.package.ClassName
-keepclassmembers class * extends com.package.ClassName
Upvotes: 2
Related Questions
- GCJ for NetBeans
- Compiling servlets with javac
- Error in compiling java servlet program
- Compiling servlets for tomcat
- Compiling servlets and GWT with eclipse
- How do I construct a java servlet in tomcat 7 using a javac compiled class file?
- How to compile a servlet class with Apache Commons dependencies?
- How jasper the jsp engine, compile JSP to servlet?
- Compile complex Java Program in native code using GCJ
- Developing GWT under Tomcat?