How to update an existing encrypted Tomcat application

Structure of Tomcat application generated by Protector4J

After using Protector4J to process your application, the complete Tomcat runtime environment will be output to the output folder. You can still use the or startup.bat scripts in the bin directory to run the Tomcat program as before. Our customized JRE version is also located in the bin directory, where you can find a vlxjre folder.


You can also find your application in the webapps directory, but the original WEB-INF/classes folder no longer exists. This is because, in order to protect the architecture of your application and prevent external users from even accessing class name information, we have packaged the contents of WEB-INF/classes into WEB-INF/vlxapp.jar, which is in jarx format.

How to update existing applications

You may wish to be able to update existing applications directly without the need to output the complete Tomcat runtime environment every time.


Protector4J will request a random and unique key from the server for each encryption task. Because the key is different for each task, the encrypted JAR files from different tasks cannot be used together. Therefore, we provide the KeySeed feature, where the same KeySeed will generate the same key, and JAR files encrypted under the same KeySeed can be used together. Currently, KeySeed is only available for authorized users.

Updating an existing tomcat application

1. Specify a KeySeed when generating the application for the first time.

2. Select the war or jar files that need to be updated, and check "Only Encrypt Jar Files".

3. Specify the same KeySeed on the output page

4. View the output folder and copy the newly generated application directory to webapps.