How to force my EAR files to just be deployed on an specific server?

Question

I am developing an enterprise java application for a customer using J2EE technologies (JSF, EJB, Hibernate, etc). To avoid the customer to copy my .ear files and deploy them on another server (the AppServer is Weblogic), I am searching for a standard and secure method to bind my project output files into an specific physical server. This mean that I need my project output to be bound to a physical server at build time and the customer is just allowed to deploy then on an specific server.

Is there any standard method/library to do this or I should do it manually in my code using server identifiers?

Answer 1

I don't think that you will be able to 100% assure that a customer will be unable to copy, adapt and run your application to another server. First, an ear file is just a ZIP file, and classes inside are also easy to decompile and compile again, even if the EAR would be signed. So a lot of space to do some funny business :)

If you just wish to protect the customer from "accidentally" deploy your EAR on a second server, a first, easy and cheap step could be to link/insert the predicted host name (perhaps even the ip address) during the stage phase to a manifest or even java file (to make things more static). Then add an once initialized, later cached interceptor around all methods you would like to protect and check the local system (ie with InetAddress.getLocalHost()) against your preconfigured & linked host information. Still, very weak :/

Answer 2

If it's a MAVEN project you could add something to de settings.xml of the compilation server that allows things to run different on the configuration of the production system. Something like a different name for a datasource or something like that.