We are developing an app that uses Java Web Start.

When I try to start my JNLP file, I get this warning:

The "Location" (http://<IP>:port) has been added to the Exception Site List. I would have thought that this would in itself be enough to make the JNLP run.

However, I have also done the following under "Advanced":

I only have one Java version - it is Java 1.8.0_91, 32-bit.

What more do I need to do to make my JNLP run?

The problem was that the Permissions attribute was missing in the manifest, and was therefore blocked without warning in Java 1.8. The warning appears if you run Java 1.7.

Java security is a fun little thing to have to wrestle with.

Add the site for your JavaWS application to the Java Security exceptions list. You're saying you've done that, but have you also tagged your JNLP file to indicate what site it came from?

At heart, the jnlp file is just an XML file and unless it says where it came from, java might be unable to determine whether it comes from a trusted site.

Do you have a tag in the JNLP similar to this?

<jnlp href="someWebstartApp.jnlp" spec="1.0+" codebase="http://myserver.com/" xmlns:jfx="http://javafx.com">

Specifically, the bits for the href (name for the jnlp file on the codebase) and codebase (where the jnlp file and jars can be found).

Alternately, you might try invoking javaws directly from the command line:

javaws http:/myserver.com/someWebstartApp.jnlp

This would let Java grab the JNLP file itself, rather than the launch process from the browser which might fail to tell Java which URL the jnlp came from.