You can't protect the class files from a decompiler and from malicious users. However the output of the decompiler may not be valid java.
The best method is to document your API (assuming this is available for your customers to use) and application very very well. And have your support personnel be able to resolve API and application issues. Then your customers will have no reason to want to use a decompiler to explore why things are not working correctly.
