File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes OO, Patterns, UML and Refactoring and the fly likes Application validation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » OO, Patterns, UML and Refactoring
Bookmark "Application validation" Watch "Application validation" New topic

Application validation

Gerardo Tasistro
Ranch Hand

Joined: Feb 08, 2005
Posts: 362
I posted this a while back in the security section in hopes of getting an answer, I haven't had any. Since I pretty much know what to do I just want feedback on the best way of doing this or experience from others. I'll post it here now>>>>

Ok this isn't strictly speaking a security issue, but the technologies used to solve it are mostly from this area (encryption, encoding, hashing, validation, etc). So I thought I'd ask it here.

I'm working on a system that needs to be leased to clients/franchises/subsidaries. This is a web application running on Tomcat which needs to be validated and allowed to run if and only if the client has the month or year key. They will have full control of the machine, aka they will be root (at the OS level and the dbase level).

I'd like to exchange ideas with those that have worked or thought about this. My current standing is
- store an encrypted key in the database
- the encrypted key is product of the current time, the time of expiration of the license, the month/year key and some salt.
- if the key doesn't decode well then the license key is wrong and the application shuts down
- if it decrypts and the system time doesn't check with the expiration time or is prior to the current system time the system shuts down

Now the checking can't take place in something that depends on an XML file configuration. For example a filter. Since editing the XML file will remove it and unlock the system. I can use a filter as check to set some application level data. Which in turn gets queried by the servlets to see if they can run or not.

Anybody with this experience? Would an application scope bean be good? A singleton type thing? I use Hibernate, so maybe two session factories? One for validation and the other for data delivery. Without validation the data delivery factory shuts down.

Reid M. Pinchback
Ranch Hand

Joined: Jan 25, 2002
Posts: 775
This sounds a lot like what people usually call license management. Solutions range from the simple to the complex, depending on how much is matters to you to protect your intellectual property. Usually its something you just buy/license to integrate into your product. Flex/LM is one of the beefier packages out there, but I think there are a couple of Java-specific equivalents.

Reid - SCJP2 (April 2002)
Gerardo Tasistro
Ranch Hand

Joined: Feb 08, 2005
Posts: 362
I'm mostly concerned about the application running. I don't care about the information in the database or the physical server.
I agree. Here's the link:
subject: Application validation
It's not a secret anymore!