如果只这样的话可能还存在漏洞,就是定制ClassLoader没有加密,如果ClassLoader反编译后就可能得到你的类了,我们第一步所做的就成了徒劳。有没有好的办法解决这个问题呢?其实也有,就是修改java.exe,自己控制java.exe装载定制的classloader具体的办法可以参照如何有效的保护JAVA程序。
import java.util.jar.*;
import java.io.*;
public final class MyClassLoader extends ClassLoader {
private static JarFile jar = null;
public MyClassLoader() {
}
public Class findClass(String name) throws java.lang.ClassNotFoundException {
Class clasz = null;
clasz = findLoadedClass(name);
if(clasz!=null){
return clasz;
}
if(jar==null)
try {
String dir = System.getProperty("user.dir");
String fileName = dir + File.separator +"test.jar";
jar = new JarFile(fileName);
}
catch (IOException ex) {
throw new ClassNotFoundException(name);
}
String className = name.replace('.','/');
className = className + ".class";
JarEntry entry = jar.getJarEntry(className);
try {
InputStream is = jar.getInputStream(entry);
int len = is.available();
byte[] cls = new byte[len];
is.read(cls,0,len);
clasz = defineClass(name,cls,0,len);
if(clasz==null){
clasz = findSystemClass(name);
}
}
catch (IOException ex) {
throw new ClassNotFoundException(name);
}
return clasz;
}
}
//MyClassLoader.java
package com.test.classload;
import java.util.jar.*;
import java.io.*;
public final class MyClassLoader extends ClassLoader {
private static JarFile jar = null;
public MyClassLoader() {
}
public Class findClass(String name) throws java.lang.ClassNotFoundException {
Class clasz = null;
clasz = findLoadedClass(name);
if(clasz!=null){
return clasz;
}
if(jar==null)
try {
String dir = System.getProperty("user.dir");
String fileName = dir + File.separator +"test.jar";
jar = new JarFile(fileName);
}
catch (IOException ex) {
throw new ClassNotFoundException(name);
}
String className = name.replace('.','/');
className = className + ".class";
JarEntry entry = jar.getJarEntry(className);
try {
InputStream is = jar.getInputStream(entry);
int len = is.available();
byte[] cls = new byte[len];
is.read(cls,0,len);
clasz = defineClass(name,cls,0,len);
if(clasz==null){
clasz = findSystemClass(name);
}
}
catch (IOException ex) {
throw new ClassNotFoundException(name);
}
return clasz;
}
}
//TestDAO.java
package com.test.classload;
public interface TestDAO {
public String getName();
}
//TestDAOImp.java
package com.test.classload;
public class TestDAOImp implements TestDAO {
public TestDAOImp() {
}
public String getName() {
return "方见华";
}
}