Excelsior Logo Home
Company Products Services Resources Contact
Buy   
Download   
Support   
 Forum   
 Blog   
 Sitemap

Home > Products > Excelsior JET > Solutions

Protect Java Web Applications

Excelsior JET is a compliant Java SE 6 implementation (JVM) with an Ahead-Of-Time compiler and deployment toolkit.

Excelsior JET 7.0 enables you to compile Apache Tomcat together with your Web applications into a native code executable and distribute it without the original class/WAR files and without dependency on the JDK.

Compilation to native code protects your intellectual property and substantially improves the security of your Web applications. It makes IP theft, code tampering, and discovery of security vulnerabilities involve an expensive reverse engineering effort that demands a rare skill set, whereas practically anyone can download and run a free Java decompiler.

Want to give it a try? Download a free trial 

Sample applications

The below Tomcat applications have been compiled to native code using Excelsior JET:

"Clean" Tomcat 6.0
(with standard samples) 		Windows (21.8MB)
Linux (22.5MB)
Pebble 2.3.2 on Tomcat 6.0
(blogging tool) 		Windows (16.5MB)
Linux (16.3MB)

How to use it

The procedure of compiling Tomcat and your Web apps into a native executable is straightforward:

  1. Download and install Excelsior JET 7.0 Evaluation Package.

  2. Start the JET Control Panel and click Tomcat Application on the welcome screen.

  3. Specify your Tomcat installation directory (let's call it Tomcat-Dir.)

  4. Press F9 (Build). You will be prompted to save the project.
    Note: the compiler will store its intermediate files below the directory containing the project file, so it is a good idea to save it to a location outside of Tomcat-Dir.

  5. That's it!

The specified Tomcat installation and all Web applications will be compiled into a native executable that will be placed into Tomcat-Dir/bin-native.

The compiler will also have created a set of shell scripts with familiar names such as startup, shutdown, etc., and place them next to the executable. You may run them and check how your natively compiled Web applications behave.

To package your natively compiled Web applications for distribution, click Package on the last page of the JET Control Panel. The JetPackII GUI tool will start, automatically detect the compiled executable, and add the necessary files to the installation package. You may notice that the jar/WAR files that have been compiled into native code are not included in the package.

All you need to do is test the installation on the Trial Run page, select the type of the package, namely, self-contained directory or Excelsior Installer setup (page Backend), and build the installation package (page Finish.)

Now your protected Web application is ready to be installed onto target systems. Prior installation of the JRE and/or Tomcat is no longer required!

For details, please refer to the the Chapter "Tomcat Web Appplications", section "Packaging for distribution", in the User's Guide.

FAQ

What are the known limitations?

As of version 7.0, Excelsior JET imposes some limitations on your Web applications functionality:

  1. All Web applications must be deployed into a subdirectory of Tomcat-Dir. It may be webapps/ or another directory.
  2. Web applications are compiled together with Tomcat into one executable, so hot re-deployment of a running pre-compiled application is not possible. You would need to stop Tomcat, replace the executable, and start it again.
How it works?

Simply put, Excelsior JET knows how the Tomcat classloaders work. That knowledge enables ahead-of-time compilation of the deployed Web applications and the Tomcat server itself.

Previously, in the general case Web applications could be only handled via the JIT compiler that comes with the JET Runtime, just like it is done by the standard JRE. Unfortunately, that approach did not provide any security as the application classes had to be distributed in the original bytecode form.

What are the supported platforms?

Windows and Linux running on x86 (IA-32) or compatible hardware. For more details, refer to System Requirements.

What are the supported Java (micro)versions?

Excelsior JET 7.0 supports Java SE 6 Update 16 and J2SE 5.0 Update 21 out-of-the-box. More recent Java Updates will be supported through add-ons.

What are the supported versions of Apache Tomcat?

Apache Tomcat 5.0.x, 5.5.x, and 6.0.x.

Versions prior to 5.0 will not be supported.

Do the compiled Tomcat and Web apps start and work faster?

Possibly yes, though we have not focused on performance yet.

Can I compile only certain Web applications to native code and leave the rest intact?

Yes, it is possible. For detailes, please refer to the User's Guide, Chapter "Tomcat Web applications", section "Compilation", "Step 3: Settings for Web applications".

Can I deploy additional applications on the AOT-compiled Tomcat?

Yes, you can do that using the standard Tomcat deployment procedure. Web applications deployed this way will be handled by the JIT compiler that comes with the JET Runtime.

How does the solution compare to Java obfuscators?

In general, Java obfuscation has quite a few weak points as compared to AOT compilation of Java classes to native code. Specifically for Web applications, the most crucial one is that you may not use name obfuscation because Web containers heavily rely on Java Reflection.

Feedback

Your feedback and suggestions are very welcome! Please email us at java@excelsior-usa.com or fill in the Open Support Ticket form.

Stay tuned

To receive updates on Excelsior JET 7.0, subscribe to our mailing list:

Subscribe to the Excelsior JET Mailing List Now
Email:
I want to learn more about this list first

Home | Company | Products | Services | Resources | Blog | Contact | Request a Call

Site: Search | Sitemap | Forum | Credits

© 1999-2009 Excelsior LLC. All Rights Reserved.