I'm not sure I understand you correctly but If I do I think you are asking about a technique known as 'code obfuscation'. One of the better ones I've come across is by YGurad. See www.yworks.com
here. As for protecting your JSPs and Servlets ie: making it inaccessible from 3rd party access , you could place it in the WEB-INF or META-INF directories. Note: your Java source code is not going to be exposed to the outside world regardless. As a side note web app security(for the purpose of constraining certain resources) should be inherently built into your app using things like authentication and authorizations. There are of course also other advanced ways but since this a beginner's forum I wont get into that .You can configure alot of this in the DDs as for most of the time, the security constraints should be done declaratively.