TOC:
There are several advantages to signing a JNLP file. It will:
To create a signed JNLP file you don't sign the JNLP file itself, but you include the JNLP file inside the directory structure before the JAR file is created and then signed. The JNLP file must be named APPLICATION.JNLP and is included in the JNLP-INF subdirectory. The JAR file is then created and signed in the usual manner. When a web start application is started, the JNLP file used must be identical to the JNLP file in the signed JAR in order for the application to run.
Note that you cannot use the APPLET tag to run an applet if JAR file contains a signed JNLP file.
The Signing and Verifying JAR Files lesson in the Java Tutorial explains how to sign a JAR file.
A JNLP file can be signed in order to grant a jar-bundled application special priviledges. When deploying a signed application from a location that is unlikely to change, and other aspects of the deployment are stable, you can use a standard JNLP file, as described in Signing and Verifying Jar Files (Java Tutorial).
However, in cases when an application needs to be re-distributed, or other tweaks are needed, such as changing the application icon, you can deploy the application with a JNLP template. Introduced in JDK 7, a template can define what parts of an external JNLP file may differ from one embedded into a jar file.
A template file has the name JNLP-INF/APPLICATION_TEMPLATE.JNLP. Note that the name must be in upper case. For those element or attribute fields in the file that are to be left unspecified, the wildcard notation, *, is used as that field's value. Elements or attributes that may compromise security will be locked out from this feature.
The following is an example of an application template that could be used to host an application on various hosts with different application icons.
<?xml version="1.0" encoding="UTF-8"?> <jnlp codebase="*"> <information> <title>SampleApp</title> <vendor>Sample Company</vendor> <icon href="*"/> <offline-allowed/> </information> <resources> <java version="1.3+"/> <jar href="SampleApp.jar"/> </resources> <application-desc main-class="com.sample.SampleApp"/> </jnlp>
An application with this text in a JNLP-INF/APPLICATION_TEMPLATE.JNLP file in its main jar file can be moved from one server to another, or its application icon can be changed, without resigning the main jar file.
For more information, see Version 7.0 of the JNLP specification (jcp.org).