Last week at TheServerSide.com, we lamented about the virtues of the Java Optimized Processor, where our salacious bytecode would run directly on the processor, without any virtual middleman getting in the way.


Of course, James Watson threw his wet blanket over the idea, saying "one of the major hurdles is that because the JDK is monolithic, you end up having to compile in
everything from that plus GC.  Then you have reflection which means the compiler can't know what classes might be used later so reflection support has to be thrown in.  In short, it's been done but hasn't proven to be worthwhile." So much for the dream.


But what about going the other way? Taking our WAR files and web applications and just pre-compiling them into native code? Well, that's what Excelsior has been up to. Of course, the idea here is more that once you compile into native code, you avoid the distribution of easy-to-hack Java class files. It's not quite bringing us all the benefits we might see with our fictitious Java Optimized Processor, but their Ahead-Of-Time compiler (AOT) is an interesting start. But really, it's more about protecting yourself from code tampering and decompilation, so don't get too excited.

"Compilation to native code protects your intellectual property and substantially improves the security of your Web applications. It makes IP theft, code tampering, and discovery of security vulnerabilities involve an expensive reverse engineering effort that demands a rare skill set, whereas practically anyone can download and run a free Java decompiler."


Here's some more accurate information from their press release that you should probably read, before I take the idea of a native code compilation or WAR files too far:


-----


Excelsior JET 7.0, a certified Java SE 6 VM, provides specific support for Apache Tomcat with a focus on code and data protection.


Powered by an Ahead-Of-Time (AOT) compilation, Excelsior JET enables developers to
pre-compile Web applications (WAR files), as well as the Tomcat server and
third-party libraries, into a native code executable and avoid the distribution
of the easy-to-hack Java class files altogether.


Jason Brittain, co-author of the best-selling "Tomcat: The Definitive Guide",
has recommended Excelsior's solution for increasing the security of Java Web
applications: "When compiled into native code with Excelsior JET, none of
these class decompilation tools work, and the Java program still runs the same.
I tried JET 7 with Tomcat 6 and some of my own large and complex web
applications, and it worked flawlessly! I was able to natively compile my Tomcat and my webapps into native code that installed and ran just fine.  I was also pleasantly surprised at how easy it was to compile it all on the first try. From my tests, JET works great."


Supported version
of Apache Tomcat: 5.0, 5.5, and 6.0

Product Information


-----