Spring Boot项目里，用TrueLicense 3.4.0给软件加个‘试用期’和‘付费锁’（附完整代码）

Spring Boot商业软件授权实战基于TrueLicense 3.4.0构建灵活许可体系当你的Spring Boot应用从技术Demo蜕变为商业产品时如何优雅地实现试用期控制与功能解锁TrueLicense 3.4.0这个轻量级Java授权库能帮助开发者用不到200行代码搭建完整的许可证管理系统。不同于简单的API调用我们将深入探讨如何设计符合商业场景的授权策略包括动态功能开关、多租户授权等进阶玩法。1. 环境配置与核心概念在开始编码前需要理解TrueLicense的三个核心对象LicenseManager许可证操作入口、License许可证数据载体和KeyStore加密安全基础。以下是Maven配置示例dependency groupIdnet.truelicense/groupId artifactIdtruelicense-core/artifactId version3.4.0/version /dependency dependency groupIdorg.bouncycastle/groupId artifactIdbcpkix-jdk15on/artifactId version1.70/version !-- 提供更强大的加密支持 -- /dependency密钥管理是授权系统的安全基石。推荐使用以下命令生成RSA密钥对keytool -genkeypair \ -alias myapp \ -keyalg RSA \ -keysize 2048 \ -validity 3650 \ -keystore keystore.jks \ -storepass 123456 \ -keypass 123456 \ -dname CNMyApp, OUDev, OMyCompany, LBeijing, STBeijing, CCN将生成的keystore.jks文件放在resources目录下注意在真实项目中应该使用至少4096位的密钥长度将密码存储在环境变量而非代码中为开发、测试、生产环境使用不同的密钥库2. 许可证生成器实现真正的商业授权系统需要支持多种许可证类型。下面是一个增强版的License生成器Component public class CommercialLicenseGenerator { Value(${license.keystore.path}) private String keystorePath; Value(${license.keystore.password}) private String keystorePassword; public String generateTrialLicense(LicenseRequest request) throws Exception { License license new License(new Properties()); license.setSubject(request.getProductId()); license.setHolder(new Holder(request.getCompanyName())); license.setIssued(new Date()); license.setNotBefore(new Date()); // 试用版固定30天有效期 license.setNotAfter(DateUtils.addDays(new Date(), 30)); license.setConsumerAmount(1); license.setInfo(createLicenseInfo(request, LicenseType.TRIAL)); return encryptLicense(license); } public String generateCommercialLicense(LicenseRequest request) throws Exception { License license new License(new Properties()); license.setSubject(request.getProductId()); license.setHolder(new Holder(request.getCompanyName())); license.setIssued(new Date()); license.setNotBefore(request.getStartDate()); license.setNotAfter(request.getEndDate()); // 商业版支持多实例部署 license.setConsumerAmount(request.getMaxInstances()); license.setInfo(createLicenseInfo(request, LicenseType.COMMERCIAL)); return encryptLicense(license); } private String encryptLicense(License license) throws Exception { KeyStore ks KeyStore.getInstance(JKS); try (InputStream is getClass().getResourceAsStream(keystorePath)) { ks.load(is, keystorePassword.toCharArray()); PrivateKey privateKey (PrivateKey) ks.getKey(myapp, keystorePassword.toCharArray()); return Base64.getEncoder().encodeToString(license.sign(privateKey)); } } }关键点商业授权系统应该分离试用版和正式版的生成逻辑试用版通常有固定期限但功能完整而商业版需要支持灵活的起止日期和实例数量控制。3. 动态功能授权方案单纯的期限控制无法满足SaaS产品的复杂需求。我们可以通过扩展License的info字段实现功能级授权public class FeatureLicenseDecorator { private static final String FEATURE_FLAG_PREFIX feature.; public static License decorate(License license, MapString, Boolean features) { Properties props license.getProperties(); features.forEach((k, v) - props.setProperty(FEATURE_FLAG_PREFIX k, String.valueOf(v))); return license; } public static boolean isFeatureEnabled(License license, String feature) { String value license.getProperties() .getProperty(FEATURE_FLAG_PREFIX feature, false); return Boolean.parseBoolean(value); } }使用时可以这样控制功能开关RestController RequestMapping(/api/reports) public class ReportController { GetMapping(/advanced) public ResponseEntity? getAdvancedReport() { License license licenseManager.getLicense(); if (!FeatureLicenseDecorator.isFeatureEnabled(license, advanced-report)) { return ResponseEntity.status(HttpStatus.FORBIDDEN) .body(请购买高级版套餐解锁该功能); } // 业务逻辑... } }配合前端可以实现灰度功能展示// 前端获取授权功能列表 async function checkFeatureAvailability() { const res await fetch(/api/license/features); const features await res.json(); features.forEach(feature { const elements document.querySelectorAll([data-feature${feature.name}]); elements.forEach(el { el.style.display feature.enabled ? block : none; }); }); }4. 集群环境下的授权验证分布式系统中简单的本地验证可能被绕过我们需要增强验证机制Aspect Component public class LicenseValidationAspect { Autowired private LicenseRegistryService registryService; Around(annotation(com.myapp.license.RequiresValidLicense)) public Object validateLicense(ProceedingJoinPoint joinPoint) throws Throwable { License license licenseManager.getLicense(); // 基础验证 if (license null) { throw new LicenseException(未检测到有效许可证); } if (license.getNotAfter().before(new Date())) { throw new LicenseException(许可证已过期); } // 分布式验证 if (!registryService.checkLicenseUsage( license.getHolder().getName(), license.getConsumerAmount())) { throw new LicenseException(超过最大允许的实例数); } return joinPoint.proceed(); } }对应的许可证注册服务需要维护全局使用计数Service public class RedisLicenseRegistryService implements LicenseRegistryService { Autowired private RedisTemplateString, String redisTemplate; private static final String LICENSE_USAGE_KEY license:usage:%s; Override public boolean checkLicenseUsage(String licenseKey, int maxAllowed) { String key String.format(LICENSE_USAGE_KEY, licenseKey); Long current redisTemplate.opsForValue().increment(key); redisTemplate.expire(key, 1, TimeUnit.HOURS); // 滑动窗口 return current maxAllowed; } }对于高安全要求的场景可以考虑添加心跳机制Scheduled(fixedRate 3600000) // 每小时上报一次 public void sendHeartbeat() { License license licenseManager.getLicense(); MapString, String payload new HashMap(); payload.put(machineId, getMachineFingerprint()); payload.put(licenseKey, license.getHolder().getName()); restTemplate.postForEntity(licenseServerUrl /heartbeat, payload, Void.class); }5. 生产环境最佳实践在真实商业部署中还需要考虑以下关键点密钥安全管理方案对比方案类型实现方式安全性复杂度适合场景环境变量启动时注入中低容器化部署KMS服务AWS/Aliyun KMS高中云原生架构HSMs设备专用加密硬件极高高金融级应用许可证分发流程优化开发阶段使用测试密钥生成临时许可证在IDE中配置本地验证模式交付阶段graph TD A[客户采购] -- B(生成唯一机器码) B -- C{验证环境} C --|生产环境| D[生成绑定许可证] C --|测试环境| E[生成测试许可证] D -- F[加密邮件发送] F -- G[客户导入系统]更新阶段设计许可证续期API实现自动更新检查机制提供离线更新包生成工具监控与合规审计RestController RequestMapping(/api/admin/license) public class LicenseAdminController { GetMapping(/audit-log) public PageLicenseLog getAuditLog( RequestParam(required false) String licenseKey, PageableDefault Pageable pageable) { return licenseService.findAuditLogs(licenseKey, pageable); } PostMapping(/revoke) public ResponseEntity? revokeLicense( RequestBody RevokeRequest request) { licenseService.revoke(request.getLicenseKey(), request.getReason()); return ResponseEntity.ok().build(); } }在项目初期我们曾遇到许可证验证性能问题。通过将非对称加密验证改为首次验证后签发JWT令牌的方式系统吞吐量提升了15倍。关键优化代码如下public class LicenseJwtDecorator { private static final String JWT_ISSUER MyAppLicenseService; public String generateLicenseToken(License license) { return Jwts.builder() .setIssuer(JWT_ISSUER) .setSubject(license.getHolder().getName()) .claim(features, parseFeatures(license)) .setExpiration(license.getNotAfter()) .signWith(SignatureAlgorithm.HS256, getJwtSecret()) .compact(); } public boolean validateLicenseToken(String token) { try { Jwts.parser() .requireIssuer(JWT_ISSUER) .setSigningKey(getJwtSecret()) .parseClaimsJws(token); return true; } catch (Exception e) { return false; } } }