Protect Glassfish App

Get Started

If you haven’t read the get started article, please read it first, it described the basic structure and concepts of Protector4J.

GUI Tool

Execute protector4j-ui[.exe] in the folder of Protector4J, you will see the interface below

Login

If you have got the license, you can click the login button on the top-right corner and type your account information. Although, without the license, you can also try it too.

Choose app type

Click the “Glassfish/Payara Application” button on the app types page.

Choose war/jar files to protect

Choose the war/jar files to protect, you can add single or multi jar files here.

Options

Protect all classes

if this option is selected, all the classes will be encrypted

Protect the specified classes

If this option is selected, you can choose which classes to be encrypted in the next step

Protect inner jars

If this option is checked, the classes in the inner jars will be encrypted too.

Choose classes to protect

If you selected “Protect the specified classes”, you should type the classes that need to protect here manually, but also the classes need to exclude from the encryption

You can input the full class name like:

1
io.vlinx.swing.MainWindow

If you want to encrypt all the classes in the package, you can input a wildcard case like:

1
io.vlinx.swing.*

One * means all the classes in the package, but exclude the classes in sub packages

if you want to encrypt all the classes in the package including the classes in sub packages, please use the wildcard case like:

1
io.vlinx.swing.**

The class names or the package names above apply to all jar files, just like the classpath. We have the class information in the jars mixed together, and any classes in any jar files that meet the conditions will be encrypted or excluded, if you selected “Protect inner jars”, the classes in the inner jars will be procesed too.

Although it needs to type the classes information manually, but we provide the class info tree on the right, you can view the struct there, and there is a context menu that could help you to edit the class list.

Output options

On this page, you can specify the Java version, the server version and the output folder. After this is done, click the “Next” button on the bottom, it will start the encryption process.

KeySeed

The seed to generate the encryption key, the same key seed will generate the same encryption key. If you want to jars generated from diffrent encryption task can be used together, you can input the same keySeed. This feature is only valid for licensed user.

Encryption process

It will take some time to finish the encryption process. After it is done, you can check the result in the output folder.

Check the result

After the encryption process complete, please go to the output folder to check the result, we have placed the glassfish folder, the java runtime and the encrypted jar/war files in it.

Run the encrypted app

For Linux and macOS

Go to the output folder, modify the glassfish/glassfish/config/asenv.conf file, set AS_JAVA to the absolute path of our custom JRE which you can find in the output folder

1
2
# Please specify this value to the absolute path of our custom jre
AS_JAVA=

Start domain1

1
glassfish/bin/asadmin start-domain domain1

For Windows

Go to the output folder, modify the glassfish/glassfish/config/asenv.bat file, set AS_JAVA to the absolute path of our custom JRE which you can find in the output folder

1
2
REM Please specify this value to the absolute path of our custom jre
set AS_JAVA=

Start domain1

1
glassfish\bin\asadmin.bat start-domain domain1

Every encryption task will request a new and unique key. The files encrypted in different task can not be used together unless providing the key seed.

CLI Tool

The configuration of task file

It needs to specify a task file as an argument to the command-line tool.

Please find the task.glassfish.yml in the task-templates directory, copy and modify a new one.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
email: ''
password: ''
jarsPath: []
protectAll: false
protectInnerJars: false
classesToProtect: []
exclude: []
outputFolder: ''
tempFolder: ''
javaVersion: ''
serverVersion: 'glassfish-5'
includeJavaFX: false
keySeed: ''
targetPlatforms: []

The account information

If you have purchased our product, you would have got your account information including the email address and the password for the license. Please type them in the appropriate fields, the value of the password field should be the md5 value of the password, not the password itself. or you can leave the email and the password fields empty, just have a try.

1
2
email: account-email
password: md5-of-password

Specify the jars and the classes need to be encrypted.

jarsPath

The jarsPath field is an array, which you could specify one or multi jar/war files that need to be processed in the encryption work.

1
jarsPath: [jar-path1,jar-path2,...]

or

1
2
3
jarsPath: 
- jar-path1
- jar-path2

protectAll

If this value is true, all the classes in the jar will be encrypted.

protectInnerJars

If this value is true, the classes in the inner jars will be encrypted too.

classesToProtect

In this field, you can specify the classes that need to be encrypted. it can be a full class name, or wildcard case ones

1
classesToProtect: [vlinx.test.TestClass1, vlinx.test.pack1.*, vlinx.test.pack1.**]

or

1
2
3
4
classesToProtect: 
- vlinx.test.TestClass1
- vlinx.test.pack1.*
- vlinx.test.pack1.**

* means all the classes in the package, but exclude the classes in the sub package

** means all the classes in the package including the classes in the sub package.

If the protectAll is true, this field will be ignored.

if you are using the version before 1.8.0, please add WEB-INF.classes prefix for each item for the classes in WEB-INF/classes, like BOOF-INF.classes.vlinx.test.TestClass1

exclude

In this field, you can specify the classes to exclude from encryption, the format is the same as classesToProtect field.

javaVersion

The java versions supported now are Java 8 and Java 11, you can type “java-8” for Java 8 and type “java-11” for Java 11

serverVersion

the serverVersion is always to be glassfish-5 now.

tempFolder

The temp folder for the files generated during the encryption process, after the task completed, the files in the temp folder will be cleaned.

outputFolder

The encrypted app and the custom Java runtime will be placed into the output folder.

includeJavaFX

Whether include the JavaFX framework

keySeed

The seed to generate the encryption key, the same key seed will generate the same encryption key. If you want to jars generated from diffrent encryption task can be used together, you can input the same keySeed. This feature is only valid for licensed user.

targetPlatforms

This field is an array, the available values are [linux64, win64, mac, linux32, win32], you can set one or multi target platforms according to the requirement. Or leave it empty, if you just want to generate the app for current platform.

On windows, currently only supports win64 and win32 as the target platforms.

1
targetPlatforms: [linux64, win64, mac, linux32, win32]

or

1
2
3
4
5
6
targetPlatforms:
- linux64
- win64
- mac
- linux32
- win32

Execute the encryption process

Go to the folder of Protector4J and type the command below to execute the encryption process

On Linux and macOS

1
./protector4j -t glassfish -f path-of-task-file

On Windows

1
protector4j -t glassfish -f path-of-task-file

-t task type

-f task file

You can type protector4j --help to see the detail arguments.

Check the result

After the encryption process complete, please go to the output folder to check the result, we have placed the glassfish folder, the java runtime and the encrypted jar/war files in it.

Run the encrypted app

For Linux and macOS

Go to the output folder, modify the glassfish/glassfish/config/asenv.conf file, set AS_JAVA to the absolute path of our custom JRE which you can find in the output folder

1
2
# Please specify this value to the absolute path of our custom jre
AS_JAVA=

Start domain1

1
glassfish/bin/asadmin start-domain domain1

For Windows

Go to the output folder, modify the glassfish/glassfish/config/asenv.bat file, set AS_JAVA to the absolute path of our custom JRE which you can find in the output folder

1
2
REM Please specify this value to the absolute path of our custom jre
set AS_JAVA=

Start domain1

1
glassfish\bin\asadmin.bat start-domain domain1

Every encryption task will request a new and unique key. The files encrypted in different task can not be used together unless providing the key seed.