This week's giveaway is in the EJB and other Java EE Technologies forum. We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line! See this thread for details.
I have two interfaces and its implementations Now I need to provide this interfaces to some third party vendor to use.
I dont want to share implementation details (Not even class files).
So what is the best way I can share this information?
I dont want to package my implementation details(Implementation classes) into the jar.
If you don't want to give somebody the implementation of your classes, then there is obviously no way for that person to run your program on their own computer in any way.
You can implement your program as a web service - it will be running on your own server, and the client will have to call it remotely.
You can try to obfuscate your code (make it hard to decompile), but this not safe in principle (a hacker who tries hard enough can always find it out, no matter how much you encrypt or obfuscate the code). Running it on a server, not giving third parties access to the code, is the only way to make it really safe.
One hypothetical solution is there in my mind.
Suppose my service class is located at remote location, now If I can load this class (Using ServiceLoader) into vendor machine at runtime from its remote location at first request and cache it so that there will be only a single hit. (Clear the cache as and when its necessary to do so)
Will this work?
Bhavesh Dak wrote:I have only two ways:
Either I use Web Services or I have to give source to the vendor.
You don't have to give the source to the vendor; you can give him compiled class files, but in principle he could reverse engineer those. The only really secure solution is to keep the class files to yourself and have the vendor call them remotely, for example through a web service.