Say we have a standalone spring boot application which we are going to distribute by creating an AMI and sharing on the AWS marketplace. Since the jar is available inside the AMI, I want to stop a user from buying the AMI on the marketplace and then redistributing my jar.
This is my current implementation plan for this:
- When building the jar, I bundle a blank file (ex: test.abc) with the jar
- When user starts jar for the first time, I check if this file is blank, if it is, then I write the mac address of the current machine into the file
- Validate the file to check if the mac address on the file is same as the mac address of the machine
There will also need to be a way of "hiding" the file test.abc from the user so he/she cannot rebundle the jar with another blank test.abc.
Is there a better/industrial standard of meeting this requirement?