Beans can be digitally signed to guarantee the end user that a third party has not modified the file. Users must decide if they trust the author, but at least they know who created the bean. When you digitally sign a bean, you actually add a digital signature to the bean's JAR file, which means you end up digitally signing the whole JAR package.
Creating Digitally Signed JAR Files
Digitally sign your beans by generating your own digital signature and then including the signature in the bean's JAR file. To generate a digital signature, your identity profile must be included in your keystore file as a digital certificate along with a pair of encryption keys.
Creating a Keystore and Keys Using keytool
The first step to creating your ...