building api only artifact with maven

Question

Given our maven projet provides some api for clients to interact with it, those are just few java interfaces which are implemented in interal codebase...

Now if we just build the jar and publish it anyone can see the internal classes we used for implementation, yet we only need few java interfaces to be published (along with few DTO classes maybe)...

Is it possible to pick exactly which java files we want to build jar for and create two artifacts like (product.jar/war and product-api.jar)

Prupose is to limit possible misuse of the code by other teams...

Answer 1

Your question is about securing code instead of maven in general. You can have multi-module maven project but still anyone can download that and decomopile it. Few thoughts as Java does have inbuilt mechanism to support this but there are workarounds...some thoughts..

1. When you package a project as jar, don't put.java classes in jar/build. Well the code can be decompiled back to java but at-least u dont give .java classes to start with.
2. You can obfuscate your code with various available options. Read bit here...
3. At the extereme, expose your api as web services where you define a contract for request/response. No one can see your code...

Answer 2

The best is to make separate modules in Maven which represent your modules like:

project-api

which contains only the interfaces and which can be used by others separately.

project-impl

one implementation etc. The above makes testing easier etc. is a good choice with regards to separation of concerns.