Application Protector Java

Protegrity Application Protector (AP) Java Overview

AP Java provides a set of APIs that integrate with Java-based customer applications to perform data protection operations such as:

• Protect
• Unprotect
• Reprotect
• Get Product Version
• Get Last Error

Key Features

Supported Java Distributions

• Java by Oracle Corporation, versions 1.8 and later
• Open JRE, versions 1.8 and later
• IBM J9, versions 1.8 and later

Trusted Applications

The AP Java can be accessed only by the trusted applications. Any application that protects, unprotects, or reprotects data, must first be created as a trusted application in the ESA.

A trusted application name should be the name of the running application. For example, refer to the sample program in the section Running IAP - Example in the Protegrity Application Protector On-Premises Immutable Policy User Guide 9.1.0.0. Here, the trusted application name is “HelloWorld”. The trusted application user is the user who is running the program.

For AP Java, the logic is to determine the fully qualified name of the Main class. For console applications, the Main class is the one with the main method, while for web applications, the logic uses the JVM’s name represented by RuntimeMXBean (Java Platform SE 8).

For more information about how to make an application trusted, refer to Creating a Trusted Application.

Session Validity

A session is valid until the sessiontimeout is reached, which is passed as a parameter in the config.ini file. The default validity of a session is 15 minutes. An active session is renewed every time the session is used.

Audit Logs

• Single Data Item Operations

  • Each operation (protect/unprotect/reprotect) generates audit events.
  • Example:
    • Protect on element a → 1 event.
    • 5 protect on element b → 5 events.
    • 1000 unprotect on element a → 1000 events.

• Bulk Data Item Operations

  • Audit logs are generated per operation.
  • Example:
    • 2 bulk protect operations with size 3 → 1 audit log with count 6

• Initialization Logs

  • Audit logs are created when an application initializes, indicating whether initialization was successful or not.
  • Audits are available in ESA forensics after jcorelite.plm is loaded.

Protector Status Logs

While the protector is running, a status log is sent to Discover, which can be viewed using the pty_insight_analytics\*protector_status_* index on Discover in the Audit Store.
For more information about viewing the status logs, refer to Protector Status Dashboard index.

The protector status dashboard displays the protector connectivity status through a pie chart and a table visualization. This dashboard uses status logs sent by the protector, so the protector which performed at least one security operation shows up on this dashboard.
For more information about the protector status dashboard, refer to Viewing the Protector Status Dashboard.

Error Handling

If the AP Java is used to perform a security operation on bulk data, then an exception appears for all errors except for the error codes 22, 23, and 44. Instead, an error list is returned for the individual items in the bulk data.

For more information about the log return codes, refer to Log return codes.

AP Java Upgrade

AP Java Upgrade allows the Protegrity Application Protector (AP) Java SDK to be upgraded with zero downtime by hot‑reloading updated SDK libraries at runtime. Upgrade eliminates application restarts while ensuring uninterrupted protection operations during the upgrade.