Signing a JNLP File

October 3, 2013 | 1 minute read
Text Size 100%:

There are several advantages to signing a JNLP file. It will:

  • Ensure that others cannot change the content in your JNLP file. For example,
    by adding a random library, or changing application information.
  • Allow the use of arbitrary Java Virtual Machine (JVM) options and Java system properties in your application.
  • Prevent others from referencing your JAR file directly in their HTML browser

To create a signed JNLP file you don't sign the JNLP file itself, but you include the JNLP file inside the directory structure before the JAR file is created and then signed. The JNLP file must be named APPLICATION.JNLP and is included in the JNLP-INF subdirectory. The JAR file is then created and signed in the usual manner. When a web start application is started, the JNLP file used must be identical to the JNLP file in the signed JAR in order for the application to run.

Note that you cannot use the APPLET tag to run an applet if JAR file contains a signed JNLP file.

The Signing and Verifying JAR Files lesson in the Java Tutorial explains how to sign a JAR file.

Guest Author

Previous Post

Video: Spec Leads of Java Caching Standard, JSR-107

Tori Wieldt | 1 min read

Next Post

Hands on with Oracle Java Cloud Service in Java Magazine

Janice Heiss | 2 min read