Development JAR signing in Maven

May 19, 2009

Development JAR signing in Maven

For development purposes we needed to use a signed JAR in our project. First we created a keystore:

$ keytool -genkey -alias applet -keyalg RSA -keystore src/main/keystore/signing-jar.keystore -storepass applet -keypass applet -dname "CN=domain"

We can than use the following Maven POM file definition:

...
<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-jar-plugin</artifactId>
    <executions>
        <execution>
            <goals>
                <goal>sign</goal>
            </goals>
        </execution>
    </executions>
    <configuration>
        <keystore>src/main/keystore/signing-jar.keystore</keystore>
        <alias>applet</alias>
        <storepass>applet</storepass>
        <verify>true</verify>
    </configuration>
</plugin>
...

If we run mvn package we get a signed JAR file. Of course this is only useful for development purposes. To disable the JAR signing we invoke mvn package -Dmaven.jar.sign.skip=true