This topic describes signed JNLP files and JNLP templates. A signed JNLP file is a JNLP file that is included in a signed JAR file before the JAR file is signed. A JNLP template defines the parts of an external JNLP file that can differ from the one embedded in a JAR file.
This topic contains the following sections:
Signing a JNLP file provides the following advantages:
Ensures that others cannot change the content in your JNLP file, for example, by adding a random library, or changing application information.
Allows the use of arbitrary Java Virtual Machine (JVM) options and Java system properties in your application.
Prevents others from referencing your JAR file directly in their HTML browser applets.
To create a signed JNLP file, you don't sign the JNLP file itself. Instead, you include the JNLP file inside the directory structure before the JAR file is created and then signed. The JNLP file must be named APPLICATION.JNLP
and is included in the JNLP-INF
subdirectory. The JAR file is then created and signed in the usual manner. When a web start application is started, the JNLP file used must be identical to the JNLP file in the signed JAR for the application to run.
Note that you cannot use the APPLET tag to run an applet if the JAR file contains a signed JNLP file.
The Signing and Verifying JAR Files lesson in the Java Tutorial explains how to sign a JAR file.
A JNLP file can be signed to grant special privileges to a JAR-bundled application. When deploying a signed application from a location that is unlikely to change, and other aspects of the deployment are stable, you can use a standard JNLP file, as described in Signing and Verifying Jar Files in the Java Tutorial.
However, when an application needs to be re-distributed, or other tweaks are needed, such as changing the application icon, you can deploy the application with a JNLP template. Introduced in JDK 7, a template can define the parts of an external JNLP file that can differ from the one embedded in a JAR file.
A template file has the name JNLP-INF/
APPLICATION_TEMPLATE.JNLP
. The name must be in upper case. For those element or attribute fields in the file that are to be left unspecified, the wildcard notation, *, is used as that field's value. Elements or attributes that might compromise security are locked out from this feature.
Example 17-1 shows an application template that could be used to host an application on various hosts with different application icons.
Example 17-1 Sample Application Template
<?xml version="1.0" encoding="UTF-8"?> <jnlp codebase="*"> <information> <title>SampleApp</title> <vendor>Sample Company</vendor> <icon href="*"/> <offline-allowed/> </information> <resources> <java version="1.3+"/> <jar href="SampleApp.jar"/> </resources> <application-desc main-class="com.sample.SampleApp"/> </jnlp>
An application with this text in a JNLP-INF/
APPLICATION_TEMPLATE.JNLP
file in its main JAR file can be moved from one server to another, or its application icon can be changed, without resigning the main JAR file.
For more information, see Version 7.0 of the JNLP specification (jcp.org).