tags:

views:

233

answers:

3
+1  Q: 

Maven Plugins - how to require a license

I would like to make my plugin require a license to run similar to the maven clover plugin. Is there some utility out there that I can generate licenses with that will also allow me to integrate that into the plugin?

I need to do the following steps.

  1. Modify the existing plugin to validate the license file
  2. Generate the license file online and store the information for retrieval later.

Thanks, Walter

+1  A: 

If you use something too weak, it will always be possible to decompile the invoking class, remove the verification, compile the new class and add it back to the jar. So, unless you have some method of inline code in a lot of methods to do a complex validation of a string from the license data, use a tool that does something more.

You could try for example:

  • Easy Licenser from Agilis Software (uses Java so integration is straightforward)

    [...] Java is our native language so integration is straightforward, and we are familiar with the issues you need to consider when protecting Java applications. Our license management solutions include protections such as digital library signatures (to make sure the libraries haven't been 'spoofed' or tampered with), guidelines on how to use exception-based flow of control to conceal the license check call itself, as well as protection against clock roll-back on time-limited licenses.

  • LM-X License Manager from X-Formation (uses JNI so make your application platform dependent)

But mostly the entry point to the license manager is vulnerable. With decompilers you can remove those calls from the software. Obfuscators make it a lot harder, but not impossible.

The mentioned solutions don't seem too be very expensive. However, if you decide to build your own solution, this open-source library might help: TrueLicense Library Collection.

In all cases, I don't think these tools offer the "web integration" you're looking for (something a la Atlassian if I understood well your requirement). It looks like you'll have to implement a custom solution for that.

Pascal Thivent  2009-10-10 19:26:38
+1: for pointing out that any license checking can be disabled by finding and removing calls to the license checker.
Stephen C  2009-10-10 23:46:59
Good point, but how much effort is involved? For instance the maven clover plugin requires a license right and won't run without it. Would it be more beneficial/productive to open source it and ask for donations to support development and then charge for support?
 2009-10-11 14:59:29
I suggested to use an existing solution, Easy Licenser, and not to build your own. So I'm not sure to understand your question. Now, regarding clover, I don't use it, I prefer Cobertura which is open source and free.
Pascal Thivent  2009-10-11 15:29:55
A: 

I don't know of any plugins that generate licenses within a Maven build.
However if you have a license generation tool such as Padlock (commercial product), it is relatively straightforward to create a plugin that wraps the generation process.

Padlock has a such an API (pdf), and there is a basic guide to creating Maven plugins, or you can look at some of the other questions on this site to get started

Rich Seller  2009-10-10 19:34:32
@Rich: I don't think this is what the question is asking. I think he wants a license management system to restrict use of his plugin.
Stephen C  2009-10-10 23:43:50
Rich, this is a great recommendation, it looks like that is exactly what I will need. So, I need to simply integrate this into my maven plugin and look for the license file. Then on the server side, I will generate the license for them to download after receiving a payment confirmation.I'll have to give it a try.Great find.
 2009-10-11 15:07:06
A: 

Hi Walter, I'm the author of the Padlock License Manager mentioned above. I don't know of any license solution that specifically designed for Maven, but from what you say I think Padlock could meet your needs. I encourage you to download the latest release and try it out. Feel free to email me with any questions.

Thanks!

Jason

Jason Nichols  2009-10-11 15:06:56
Jason,I checked out your site yesterday - it looks awesome. The implementation details for the licensing look straightforward and not too involved. I'm not ready yet to secure the plugin/code (I still need to generalize it), but I know what direction I'll take.
 2009-10-12 12:18:11

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java