Spring Boot • Keycloak • Redis • EdDSA — Complete licensing framework
Why this project? Licensing is often treated as an afterthought in enterprise applications. This project provides a complete end-to-end licensing framework built on Spring Boot 3, integrating Keycloak, Redis, and EdDSA to standardize issue/validate flows with a Service, SDK, and CLI.
End-to-end license validation flow
- Clone the Repository
git clone https://github.com/bsayli/licensing.git- Extract Keycloak DB
- Get
licensing-keycloak.zipfrom/licensing/db - Copy and extract into your home directory ($HOME)
cd licensing/docker-compose/server && docker-compose up -d
# wait ~45s on first run
cd ../client && docker-compose upThis project provides a complete licensing framework for applications, combining secure key generation, detached digital signatures, and token validation (JWT/EdDSA). It is designed to ensure license authenticity, prevent misuse, and integrate seamlessly with Keycloak for user identity and license metadata.
- license-generator: Java project for license key generation, encryption, and cryptographic tooling.
- licensing-service: Spring Boot application that issues and validates license tokens.
- licensing-service-sdk: Spring Boot application acting as a client SDK (with caching & detached signature) for integrating licensing capabilities into external apps.
- licensing-service-sdk-cli: Command-line tool for testing and interacting with the licensing service.
| Directory | Purpose |
|---|---|
| db | Keycloak database backup (licensing-keycloak.zip) |
| docker-compose | Docker Compose files to run servers and client |
| scripts | Utility scripts to run the client (run_license_sdk_cli.sh) |
- Git client installed
- Docker installed and running
- Docker Compose installed and running
- Java (>= 21.x)
- Maven (>= 3.x)
This project relies on Keycloak to store and manage license metadata.
A full step-by-step guide is provided in KEYCLOAK_CONFIG.md.
cd licensing/docker-compose/server
docker-compose up -dThis starts Keycloak, Licensing Service, and Licensing Service SDK in the background. Wait ~45 seconds for the services to initialize on the first run.
Optional (local/dev only): If you want to start only Keycloak + Redis separately, you can use docker-compose.infra.yml.
cd licensing/docker-compose/client
docker-compose upLogs should confirm validation:
licensing-service-sdk-cli | INFO License validated successfully.
licensing-service-sdk-cli | INFO Token: <JWT_TOKEN>
licensing-service-sdk-cli | INFO Message: License is valid
cd licensing/licensing-service-sdk-cli
mvn clean package
cd target
java -jar licensing-service-sdk-cli-1.0.1.jar -s crm -v 1.5.0 -i "crm~macbook~00:2A:8D:BE:F1:56" -k "BSAYLI.<opaqueB64Url>"cd licensing/scripts
chmod +x run_license_sdk_cli.sh
./run_license_sdk_cli.sh -s billing -v 2.0.0 -i "billing~macbook~00:2A:8D:BE:F1:56" -k "BSAYLI.<opaqueB64Url>"- CLI examples must always be provided on a single line.
- If parameters contain spaces or special characters, they should be enclosed in quotes (
"...").
Demo configuration files contain inline secrets in application.yml. In production, HashiCorp Vault or another secret manager should be used. Vault integration is part of the roadmap.
If you notice any issues in this documentation or have suggestions for improvements, feel free to open an Issue or a Discussion.
- Move sensitive configs to HashiCorp Vault for secure secrets management
- Extend Keycloak integration to manage licenses (create, update, revoke) via dedicated endpoints
If you found this project useful, please consider giving it a star ⭐ on GitHub — it helps others discover it too!
| Module | Purpose | Documentation |
|---|---|---|
| licensing-service | REST API for issuing and validating tokens | README |
| licensing-service-sdk | Client SDK for integration | README |
| licensing-service-sdk-cli | CLI demo client | README |
| license-generator | Key & signature tooling | README |
