Sign Jars Automatically

By Moshe Yalo

Artifactory takes the hassle out of signing jars using the Key Store feature that securely manages key pairs, and virtual repositories that wrap your WebStart deployments and their dependencies.

The process is very simple. Let’s consider WebStart applications as an example. You create a key pair storage domain in Artifactory, and upload your signing keys – a one-time process.

Then create a local repository into which you deploy your jars for the WebStart application

Now you wrap the local repository in a virtual repository, and add any remote repositories that are needed to access any 3rd party dependencies.

The rest is automatically managed by Artifactory. Any jar deployed to your wrapped local repository, and any dependency downloaded from a wrapped remote repository is automatically signed. You’ll never have to manually sign a jar again. Artifactory will even modify your JNLP file so all you need to do is launch your jars with WebStart and you’re ready to go.