Posted by gouessej on May 05, 2015; 8:04am
URL: https://forum.jogamp.org/Deprecated-functionality-previously-accessible-through-GL2-tp4034407p4034427.html

You have to sign each JAR mentioned in a JNLP file with the same "trusted" certificate and you can use JNLP extensions to use several certificates or point to the extension of a third party library. Using a fat JAR is less smart but it simplifies the deployment.

@jmaasing I understand your position but I don't even know if it's worth it. It's a nightmare, it gets broken at almost each update even you strictly follow Oracle's tutorials and the very latest security changes, especially when dealing with third party libraries. "Trusted-Library" is very difficult to use except if you stop supporting Java 1.7.

You can find some information here:
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html