Just like all the people in this page i’m learning how to create games, and i have one simple question
Why you make the server and the client of this demo code in the same project?.
Based in the idea that is using best practices, is not better having the server with his calculations, communications between clients, and possible persistence in a project, and the client with all his graphical issues in another project.
I know maybe if you make it two different projects you are duplicating the code of the messaging part, and some parts of some objects (NPC, wordmap, player) i know DRY. Don’t Repeat Yourself.
But having in the same project it make that more easy to make a security problem, undetectable to the programmer, like… i don’t know sending all the info of your players (passwords, birthdates, realnames… etc) to all trying to send only the positions of the online players.
You can try 3 projects - client, server and common. If you don’t share any code between client and server you are going to suffer from a lot of copy/pasting for data structures etc.
On top of that, server will anyway require jme3 anyway - for Vector3f/Quaternion, possibly collision handling/bounds, network code etc.
If you want to keep your code separated, go with 3 projects by all means. But this will not help you with solving any security issues you are mentioning. Security needs security - dividing project won’t help you with that.
In any case, I would suggest first completing the game code, getting all the assets created, tuning network code to support hundred concurrent players, solving problem of botting/cheating etc - before you spend all your energy on working around possible security issues due to bits of shared code.
Security is unrelated to how the code is split over projects. Just make sure that data that players shouldn’t see doesn’t make it over the wire.
Of course, distributing the server code along with the clients just invites reverse engineering. Splitting up the project is one way to achive that, the other would be to generate two different jars from inside the same project (e.g. Proguard strips out unused classes, it should be able to start with the client’s main() function and automatically strip out everything that’s just in the server).