How to protect a java library from being used in other projects?

Question

I have developed a java library which I consider as a valuable intellectual property. I want to protect it from being used by unallowed softwares.

I shall say my library has a clean API, and I shall distribute the source code of the project which is using it (not the library) to my customer.

I mean I want to change the library somehow that it only works properly in my company's projects, but no-one else could not use it, in other projects.

What is the best solution to protect the library?

I must add that I can obfuscate the library (but not the customers' application).

Answer 1

2 possibilities:

• You want to publish the source code of your app and allow clients to compile it by themselves and to modify the source; In this case, protecting your library is technically impossible, whatever the language.

• You give the source only for information, you don't want them to compile or modify the source. In this case I see at least 2 levels of security can implement :

  1. You compile and obfuscate your application with the source of your library . That way, all your public API will be obfuscated and so almost unusable (unless someone really want to unobfuscate it, good luck...). You can also repackage your classes, all your library classes will be in the same packages than the app, so it will be very hard to know which files are part of the library and what it is doing.
  2. You implement a mechanism at compilation that compute a hash of your app jar and modify your library source code to check at runtime that the app is really your app.

I believe that obfuscating is enough. If someone succeed in understanding your obfuscated code, he will crack the solution 2 quite easily.

Except that, you cannot do anything, there is no mechanism for that.

For obfuscating I strongly recommend Proguard