As far as I know it is possible to decompile java code. But there are tools that modify the code that it cannot be understood anymore. Unfortunately my JSP files wouldn't be able anymore to use the API I made.
Is there a way to protect/encrypt my entire web application?
Since your JSP files and Java classes are not accessible to the users of your web app, does this mean you distrust the folks that host your web app? In that case I'd advise to switch to a hosting environment that you do trust.
In general you cannot prevent decompilation completely, but you can obscure the code to make it much harder to make sense out of it. Something like ProGuard (on SourceForge) will do this for you. These tools let you specify which classes and/or methods it should not rename, so that the public API remains what it was before.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
subject: Enc./Protection of web application code (JSP/JAVA)