0 Replies Latest reply: Jun 23, 2014 2:00 PM by user7998451 RSS

    How do I properly sign a JNLP application containing multiple .jnlp files? (Java 7u60)


      Issue: I have Java 7u60 installed. I have a JNLP application that contains 82 .jnlp files. (I am not aware of how to restrict the .jnlp file generation to a single file.) The "main" .jnlp file which contains the application-desc tag and defines a main-class attribute is "signed" by creation of a JNLP-INF folder to which a clone of the main .jnlp file with the name APPLICATION_TEMPLATE.JNLP is added. Regardless, I receive the following warning message on launch: "This application will run with unrestricted access which may put your computer and personal information at risk. Run this application only if you trust the location and publisher." When I click on the associated "More Information" link I see the following in the multiple lines of text displayed: "Although the application has a digital signature, the application's associated file (JNLP) does not have one. A digital signature ensures that a file is from the vendor and that it has not been altered."


      Question: My current assumption is that this warning is caused by the 81 .jnlp files which are NOT signed. Is this assumption valid, or does JNLP only require the .jnlp file containing the application-desc tag to be signed? If this assumption is not valid, what else could be the cause of the problem?


      Note: the clone of the main .jnlp file placed in the JNLP-INF folder is given the name APPLICATION_TEMPLATE.JNLP instead of APPLICATION.JNLP because one attribute value ("codebase") is updated at launch time and requires a wildcard ("*").