Well, some luck at least. Obviously there are two classes of Java license managers out there - expensive ones and inexpensive/free ones.
I didn’t bother to look too closely at the expensive ones, as they are out of the question for me anyway; and I was after simple functionality - just being able to handing out licenses, with some property settings attached, an expiration date, and the user ID, of course.
This is handled quite well by the inexpensive ones. Here is a list, in no particular order, of what I found:
[]http://www.logemann.org/day/archives/000121.html is a blog entry about some license managers, with links to the respective websites - very useful collection.
[]http://www.websina.com/products/jlicense.html is the tool I finally went with
JLicense costs 50 USD, and seems to be very similar to Licens4J. It basically is a signing / authentication toolkit. It’s probably very easy to do it on your own, but I figured the time required for diving into the whole cryptography thing would be worth more than 50 USD.
Anyway, the difficult - and not really adressed by JLicense - part is to securely hide your authentication mechanism in your code. For example, if you validate the license in the main method of a small starter class, it would be very easy to replace that method, using a simple debugger.
Obfuscation (another interesting issue) could help, but it’s probably not foolproof. So the effort you have for making your licensing scheme secure has to be traded off against the value of the property you want to protect.
In my case, with a very limited user base which consists mostly of non-Java non-geeks, a simple validation is probably sufficient, and anything more complicated would not make sense.
However, with a prime time, top-notch 3D FPS (JDoom 4…?!) it would be an entirely different story.