ALTERthought Blogs

home
company
Feed Icon

13 December 2006

Licence Management for Java Web Applications Using Aspects

This post provides step by setp instruction on implementing license management for Java web applications. I have used open source product TrueLicense for license management and aspects to weave the license verification into the code.

TrueLicense Library Collection(TLC) is a collection of Java packages to securely create, install and verify license for closed source products. TLC is rich in features – License can be perpetual or temparary, bound to users, systems or other entity, free trial period implementation, privacy of license content using password based encryption provided by Java Cryptography Extension (JCE), authenticity of license using digital signature mechanism provided by Java Security API etc.

How to implement License management

What you (Developer) need to do:

  1. You already have your web application (say HelloWorld) and you would like to implement License Management. If this is your case, read on.
  2. You may want to add a new page for licene management. The client should be able to see the validity of the current license, and instal new license from this page.
  3. Write an ascpect to verify license. The pointcut will specify the critical areas of the application. The right approach is to have the licence verification done in every critical functionality of the application. License verification is a ‘cross-cutting’ concern, and hence we can effectively use aspects to weave license verification into our code.
  4. Generate private and public key using keytool command.
  5. Generate license file. A license file contains encrypted, digitally signed information.
  6. Use AspectJ compiler to compile your application.
  7. Use a good Code Obfuscator, such as Proguard to guard against Decompilation tools. This is a very important step in real life situtation. If this step is skipped, hackers could exchange your public key and KeyStoreParam implementation with their their own code and bypass the license verification. Since this is a demo app and I’m lazy, this step is skipped. :)
  8. Build your application along with the public key.
  9. Distribute application and license file to your client. (NEVER give your private key)

What your client needs to do:

  1. Pays $$$ and buys your HelloWorld application
  2. Fires up the app, navigates to the licenese management page, instals the license file.
  3. Uses the app. If the license is expired or not installed, he will not be able to use the application.

Demo Application
The demo application can be used with Tomcat. Download LicenseDemo. Please refer README before using the demo app.

How to use this Demo

  1. Unzip HelloWorld-Licensed.zip
  2. Run ‘ant clean generateLicense’ from /buildtools folder. This creates a file called sample.lic
  3. Run ‘ant clean dist’. This creates HelloWorld-Licensed.war in dist folder.
  4. Drop the HelloWorld-Licensed.war file in your webapps folder of Tomcat installation. You are all done!
  5. Access the application by http://localhost:8080/HelloWorld-Licensed

First, access the Greetings page without installing license. The error message should be dislayed.
Next, instal sample.lic from the License management page and then access Greetings page. Later, allow the license to expire and access the Greetings page again.

Technorati Tags: , , , , ,

Post to Twitter Post to Delicious Post to Digg Post to Reddit

4 Comments currently posted.

dibyajyoti says:

Hi

The demo app is working well .I tested it in tomcat 5 .
The war file contains a key folder that has 3 files namely certfile.cer , privateKeys.store and publicCerts.store .

What are these 3 files for and how are they generated ?
Using keytool command , we can get the .cer file , but what about the other two files ?
How are they generated ? I need to know this because they are referenced in the GenerateLicense class in the demo war file .

Thanks,
Dibyajyoti

Mike says:

Hello,

How can I make the license to expire manually?Thanks!

Regards,

Mike

JoeBlog20 says:

Global License Management – Found this great site, offers all kinds of IT Network Services, http://www.global-serve.com.

abhijeet says:

hi,
i download LicenseDemo. but i am ot able to find out HelloWorld-Licensed.zip , can anyone provide me full source code with instruction . help me asap..Thanks in advance

Post a comment on this entry: