The following documentation for this JDK 7 feature will be included as part of the Java SE 7u2 (and later) Guide documentation. Until that release, we are making it available here.
Signing JAR Files with a JNLP Template
A JNLP file can be signed in order to grant a jar-bundled application special privileges. When deploying a signed application from a location that is unlikely to change, and other aspects of the deployment are stable, you can use a standard JNLP file, as described in Signing and Verifying Jar Files (Java Tutorial).
However, in cases when an application needs to be re-distributed, or other tweaks are needed, such as changing the application icon, you can deploy the application with a JNLP template. Introduced in JDK 7, a template can define what parts of an external JNLP file may differ from one embedded into a jar file.
A template file has the name JNLP-INF/APPLICATION_TEMPLATE.JNLP. Note that the name must be in upper case. For those element or attribute fields in the file that are to be left unspecified, the wildcard notation, *, is used as that field's value. Elements or attributes that may compromise security will be locked out from this feature.
The following is an example of an application template that could be used to host an application on various hosts with different application icons.
<?xml version="1.0" encoding="UTF-8"?>
An application with this text in a JNLP-INF/APPLICATION_TEMPLATE.JNLP file in its main jar file can be moved from one server to another, or its application icon can be changed, without resigning the main jar file.
For more information, see Version 7.0 of the JNLP specification (jcp.org).
-- Sharon Zakhour