Protect Tomcat Web Applications

Getting Started Videos

▶️ YouTube

▶️ Bilibili

Download

Visit https://protector4j.com/download to download the latest version

Installation

Windows and Linux

There are no special installation steps, just download the archive and extract it.

macOS

Download the dmg file and drag Protector4J to Applications. The actual contents of this tool are in /Applications/Protector4J.app/Contents/protector4j-mac

Encrypt Tomcat Web Applications with GUI tools

Go to the Protector4J folder, execute p4j-ui[.exe] , you will see the following user interface.

For macOS users, simply double-click on Protector4J.app like a regular Mac application.

Login

If you have already purchased the license, please click on the login button in the upper right corner and enter your user information. If you do not have a license, you can still try out this tool.

Select Application Type

Click on the "Tomcat Web Application" button on the application type page.

Select the jar/war file that needs to be encrypted

Select the jar/war files that need to be encrypted, you can choose one or multiple.

Options

Only encrypt jar files

Only encrypt the jar files, without deploying the entire jre. This option is usually used in combination with the KeySeed feature to update existing programs.

Output

Java version selection

Choose the Java version, supporting Java 8, Java 11, Java 17 and Java 21

Create new folder

Default selected, the encryption task will create a file named p4j-[task-id] in the output folder, The output result is stored in this folder.

KeySeed

The encryption task will request a random key from the server for encryption by default. Files generated in different encryption tasks can't be used together. If KeySeed is specified, the same KeySeed will generate the same encryption key. This option can be used with the previous "Only Encrypt Jar Files" option to update existing applications. This option is only valid for licensed users.

Execute Encryption Task

Please wait for a while, after the encryption task is completed, you can see the output of the encrypted application in the output folder.

Run encrypted application.

Go to the output folder, then go to tomcat/bin, execute startup.sh or startup.bat to start the application.

Where is META-INF/classes

You can find your application in the webapps folder, but the original WEB-INF/classes no longer exists. In order to protect the structure of the application and prevent external users from accessing class names and other information, we have packaged WEB-INF/classes into WEB-INF/vlxapp.jar. This is our private encrypted jarx format.

Notices

If the target platform of this program is macOS or Linux, but it is built on Windows, please run add-executable-permission.sh on the target platform for granting execution permission to the program before first startup.

Encrypt Tomcat Web application with CLI Tool

Configuration file

CLI tool needs to specify a task file as a parameter.

Find tomcat-task.yml in the protector4j/task-templates folder, copy and modify it.

# Available values: 8,11,17,21
javaVersion: 8

# Available values: 9,10
tomcatVersion: 9

# The war files that need to be encrypted
warFiles: []
# Only encrypt the jar files, do not deploy the runtime
# This option is used while upgrading an existing application
onlyEncryptJarFiles: false

## [ Output Options ]
# The output folder
outputFolder: ''
# Create a new and unique folder for the application, the folder name is like p4j-<taskId>
createNewFolder: true
# Fixed key seed, only avaiable for licensed user
# Jars encrypted in different tasks can be used together with same key seed
keySeed: ''
# The target platforms, available values: [win, linux, mac] or emtpy for current platforms
# if you need the support for win32, linux32 and linux-aarch64, the addon need to be purchased, please visit https://protector4j.com/addons
platforms: []

Execute encryption task.

Go to the Protector4J folder and execute the following command.

Linux or macOS

For macOS users, you can find the CLI tool at Protector4J.app/Contents/protector4j-mac.

./p4j -t tomcat -f path-of-task-file

On Windows

p4j -t tomcat -f path-of-task-file

You can execute p4j --help to view the detailed parameters.

Run with account information

./p4j -t tomcat -f path-of-task-file -u email -p password

View Results

After the encryption task is completed, please go to the output folder to check the results.

Run encrypted application.

Go to the output folder, then go to tomcat/bin, execute startup.sh or startup.bat to start the application.

Where is META-INF/classes

You can find your application in the webapps folder, but the original WEB-INF/classes no longer exists. In order to protect the structure of the application and prevent external users from accessing class names and other information, we have packaged WEB-INF/classes into WEB-INF/vlxapp.jar. This is our private encrypted jarx format.

Notices

If the target platform of this program is macOS or Linux, but it is built on Windows, please run add-executable-permission.sh on the target platform for granting execution permission to the program before first startup.