Signing a jnlp in order to get rid of the Security Warning
This JNLP seems to need signing because of java-vm-args
but realize that most of the memory related options can be specified in a way so that the JNLP does not need to be signed. I recommend you try that way instead.
Edit
JNLP was part of the Java Plug-In which was removed from browsers and deprecated by Oracle around Java 9. Use other methods to launch apps.
I believe you are getting this warning because you are requesting the JNLP to run with full permissions, and the user needs to know about that.
If you application doesn't need to access critical resources (for instance write to the hard drive), you can run your application in sandbox mode by replacing the following:
<security>
<all-permissions />
</security>
by
<security>
<sandbox />
</security>
as documented in http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html
You can also remove it as sandbox is the default value.