Mastering FXML


6 Deployment of FXML Applications

This page describes why some FXML applications need digital signatures and presents an alternative to signing the application.

For information about how to begin deploying simple applications, see "Basic Deployment" in the JavaFX Getting Started tutorials at

For detailed information about application packaging and deployment, see Deploying JavaFX Applications at

For web deployment, applications must be signed when there are @FXML annotations in the controller class. The FXMLLoader class uses reflection to set annotated fields. It calls the setAccessible() method on controller fields that are protected or private so it can inject the value from the FXML markup. The setAccessible() method is a privileged operation, and that privilege is not enabled by default for web applications.

If you use NetBeans IDE, your application is packaged automatically as a JavaFX application, and by default the JAR file is signed to ensure that it will run on the web. If you plan to run your application only on the desktop, then you can change the project properties so the application is not signed, by clearing the Request Unrestricted Access checkbox in the Deployment screen.

If you deploy using the JavaFX Packager tool or an Ant task, then include the FXML file in the JAR file as an uncompiled file, and sign the application if it contains @FXML annotations and you plan to deploy to the web.

The alternative to signing the application is to make your controller fields and handler methods public. While this is usually not considered a good practice, in the case of FXML applications, the controller instance is generally visible only to the FXML Loader that created it, which in effect is similar to creating a private inner class with public members.

The signing requirement for applications that contain @FXML annotations is being tracked as an Atlassian Jira issue: