When you will run the above JNLP, you will get the following Web Start exception:
JAR resources in JNLP file are not signed by same certificate
The reason for this is simple - one of the jar files that you are using was already signed by another party. Here is the way to find it:
jarsigner -certs -verbose -verify activation.jar
You will see a long list of certificates (one for each file). This means that this specific jar was signed by another party (Sun in our case). The solution for the problem is simple - put this jar in a separate JNLP and reference it in your main JNLP:
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="https://jaxb-workshop.dev.java.net/webstart/" href="activation.jnlp">
<information>
<title>Activation</title>
<vendor>Sun Microsystems, Inc.</vendor>
<offline-allowed/>
</information>
<offline-allowed/>
<resources>
<jar href="activation.jar"/>
</resources>
<component-desc/>
</jnlp>
As you can see, we don't ask for permissions, as this specific jar doesn't need them. Then, you reference this activation.jnlp in your main JNLP:
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="https://jaxb-workshop.dev.java.net/webstart/" href="wizard.jnlp">
<information>
<title>XJC Wizard</title>
<vendor>
https://jaxb-workshop.dev.java.net/</vendor>
<description>Wizard frontend for XJC generator</description>
<description kind="short">Wizard frontend for XJC generator</description>
<offline-allowed/>
</information>
<offline-allowed/>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.5+"/>
<jar href="jaxbw.jar"/>
<jar href="substance.jar"/>
<jar href="jaxb-api.jar"/>
<jar href="jaxb-impl.jar"/>
<jar href="jaxb-xjc.jar"/>
<jar href="jsr173_api.jar"/>
<extension name="activation" href="activation.jnlp"/>
</resources>
<application-desc main-class="org.jvnet.jaxbw.xjcfe.wizard.WizardMainFrame"/>
</jnlp>