JNLP: note to self

Java security was a hot topic in 2013 and I think it will continue to get some attention as tooling catches up to the newer requirements.  Signing the JNLP for Java Web Start programs is now required.

The Java Web Start maven plugin does not yet sign the JNLP file but there is an outstanding issue which I imagine will be resolved before too much longer.

In the meantime, this blog entry and this stackoverflow question and answer may be all you need to get your JNLP signed correctly.

The way I read it, you have two choices.

First you can create a template file which should be named APPLICATION_TEMPLATE.JNLP in src/main/resources/JNLP-INF and wildcards are permitted.  This is nice if you have the need to deploy your application from more than one server.

The second method involves creating a file named APPLICATION.JNLP also in the src/main/resources/JNLP-INF folder.  This file must match the application's jnlp file exactly.

Don't forget to modify your pom.xml file to include the JNLP file.  I added this line
 <include>**/**JNLP</include>  

to the the includes section of my build resources.

As the title implies, I created this entry as more of a note to myself because the various blog entries, questions, and documentation did not quite make this obvious to me.  I imagine if I went back and reread them, one or more would be clearer to me now.

In any case, this information will be not be needed once the tooling catches up but in the meantime it may help someone.

Happy coding,
Carl

Comments

Popular posts from this blog

ClassCastException: JAXB

Minishift on HyperV

Parallel to Lincoln's angry letters never sent concept...