Customizable Java application Ideas

So I am working on a java application, and the customer has requested the ability to have features that which can be unlocked to make the application customizable based upon what their customer wants to pay for. So I am trying to come with ideas for doing this in a manner that will provide some level of security, but also general maintainability and readability.

I have been doing some searching around, and had some ideas of my own, maintaining an encrypted configuration file which could possibly be stored in a jar file that I could unload, repack, and load at run time.

Looking to see if anyone else has any interesting ideas on how you might do this. I have been doing some looking on google without a lot of success 开发者_开发问答thus far.

Oh one last little caveat, the machines this java application is on may not have internet available to them. So running a license server doesn't seem like a viable option

I would suggest using some sort of dependency injection or runtime weaving aspects, so you can include new jar files that have the correct xml files or configuration files for new features.

I agree with coobird that including them and locking them is inherently risky as someone will eventually decompile your application and determine how to get all the features.

The only sure way to prevent "unauthorized access" to features that are "locked" in software is not to provide the code that one does not want the user to have access to in the first place.

Enabling extra features by unlocking using passwords, encryption (where's the key going to be? In the program itself?), configuration file can usually be defeated by someone who is determined to get to the code they want to execute.

At least unlocking using software means can most likely be defeated, if the code that is locked is already being distributed in the binary. One way that I can think of off the top of my head that seems a little secure is an hardware key dongle, or having important code that is stored on hardware, but not many people like the idea of having to plug in a piece of hardware to use the software.

When it really comes down to it, don't have features in the code itself which is only disabled by some software flags.

I suggest you build a trusting relationship with your customers. Either that, or bundle a USB key dongle, but even these are not 100%.

If you are distributing software, any kind of encryption must be able to decrypt itself. You are essentially giving the customer both the lock and the key.

You could possibly implement the core product, and then have the additional features as plugins. You could put each plugin in a separate jar file. The customer could then distribute a bundle that contained the core application, and the purchased plugins. Thus the un-purchased functionality is not in any of the binaries.

Distribute the full set. Have them call you for the keys to unlock various features. (Use a simple encryption scheme so that the keys are of reasonable length and can be conveyed over the phone.)