Protect Tomcat Web Applications

Video Tutorial

▶️ https://www.youtube.com/watch?v=7d8afvHc2V4

Download

Visit https://protector4j.com/download to download the latest version.

Installation

Windows and Linux

No special installation steps are required, just download and extract the archive.

macOS

Download the dmg file and drag Protector4J to Applications, the actual contents of this tool are in Protector4J.app/Contents/protector4j-mac

Use GUI Tool to Encrypt Tomcat Web Applications

Go to the folder of Protector4J then execute p4j-ui[.exe] , you will see the interface below

For macOS, just double click the Protector4J.app

Login

If you have got the license, please click the login button on the top-right corner and input your account information. Although you can still try this tool free without the license.

Choose app type

Click the “Tomcat Web Application” button on the app type page.

Choose jar/war files to encrypt

Choose the war files to protect

Options

Just encrypt jar files

If this option is selected, only the encrypted jar files will be generated and the Java runtime will not be deployed, this option is usually used in combination with key seed for updating existing applications

Output

Java Version

Select the target Java version, support Java 8, Java 11 and Java 17

Create new folder

Selected by default, the task will create a folder like p4j-[task-id] in the output folder, the final result is in the folder

KeySeed

Every encryption task will request a random key from the server by default, so the jar files generated in different encryption tasks can’t be used together. However, the same key seed will generate the same key, this option can used in combination with “Only Encrypt Jar Files” to update existing applications. This option is only valid for Licensed user.

Encryption process

It will take some time to finish the encryption process. After it is done, you can check the result in the output folder.

Run the encrypted app

Go to the output folder, execute tomcat/bin/startup.sh or tomcat/bin/startup.bat to launch the application

Where is the META-INF/classes

You can also find your application in the webapps directory, but the original WEB-INF/classes folder no longer exists. This is because in order to protect your application architecture so that external users cannot even obtain the name information of the class, we have packaged the content of WEB-INF/classes into WEB-INF/vlxapp.jar, which is a jarx format, It is the newly introduced format in Protector4J 2.0.

Notice

If the application is for macOS or Linux and is generated under Windows,
please execute add-executable-permission.sh first to give the program executable permission.

Use CLI Tool to Protect Tomcat Web Applications

The configuration of task file

It needs to specify a task file as an argument to the command-line tool.

Find tomcat-task.yml in task-templates folder, copy and modify a new one.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# Available values: 8,11,17
javaVersion: 8

# The war files that need to be encrypted
warFiles: []
# Only encrypt the jar files, do not deploy the runtime
# This option is used while upgrading an existing application
onlyEncryptJarFiles: false

## [ Output Options ]
# The output folder
outputFolder: ''
# Create a new and unique folder for the application, the folder name is like p4j-<taskId>
createNewFolder: true
# Fixed key seed, only avaiable for licensed user
# Jars encrypted in different tasks can be used together with same key seed
keySeed: ''
# The target platforms, keep it empty for current plaform, available values: [win, linux, mac]
platforms: []

Execute the encryption process

Go to the folder of Protector4J and execute the command below to run the encryption task

On Linux or macOS

For macOS users, you can find the cli tool in Protector4J.app/Contents/protector4j-mac

1
./p4j -t tomcat -f path-of-task-file

On Windows

1
p4j -t tomcat -f path-of-task-file

-t task type

-f task file

You can execute p4j --help to see the detail arguments.

Run with account information

1
./p4j -t tomcat -f path-of-task-file -u email -p password

Check the result

After the encryption task, please go to the output folder to check the result.

Run the encrypted app

Go to the output folder, execute tomcat/bin/startup.sh or tomcat/bin/startup.bat to launch the application

Where is the META-INF/classes

You can also find your application in the webapps directory, but the original WEB-INF/classes folder no longer exists. This is because in order to protect your application architecture so that external users cannot even obtain the name information of the class, we have packaged the content of WEB-INF/classes into WEB-INF/vlxapp.jar, which is a jarx format, It is the newly introduced format in Protector4J 2.0.

Notice

If the application is for macOS or Linux and is generated under Windows,
please execute add-executable-permission.sh first to give the program executable permission.