this is a cute idea - but imho broken. Where do you want to place the code for reading the jar?
One should be aware that this game is _never_ to win 100 per cent on a hostile and foreign soil.
AFAIK the classloader can not access a password protected jar (didn't try to find out it yet). My recent approach was to sign the jar file and to place code at some places that verify the correct signature of the classes. But this isn't secure either because a vicious chap can disassemble the code and remove the verification snippets. Next step would be to use an byte code obfuscator... maybe in the next life...
I don't think it is worth it's salt, and you should problably solve your problem another way: but one can build a classloader that decrypts files before loading them. One has to extend the URL classloader:
In JBoss you also have to take care that the decrypted files do not end up unencrypted in the deployment cache.
If your serious about this, let me know.