FULL PRODUCT VERSION :
C:\Users\plowman>java -version
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Client running webstart (seems like any, latest OSX or Windows 7)

Darwin WFS-PLOWMAN-M 16.3.0 Darwin Kernel Version 16.3.0: Thu Nov 17 20:23:58 PST 2016; root:xnu-3789.31.2~1/RELEASE_X86_64 x86_64

Microsoft Windows [Version 6.1.7601]

A DESCRIPTION OF THE PROBLEM :
Starting with Java 8u121, launching WebStart against a validly code-signed application requesting full permissions, can yield the following fatal error and the application not starting at all:
Error: Unsigned application requesting unrestricted access to system

The only known workaround is to downgrade to Java 8u111/112.

REGRESSION.  Last worked in version 8u111

ADDITIONAL REGRESSION INFORMATION: 
C:\Users\plowman>java -version
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Run the JNLP file
2. Authenticate with username/password at Webstart prompt to download JAR file
3. It will show the Downloading Application dialog, then Verifying Application
4. The Unable to launch the application error dialog occurs with the exception shown in the ticket below.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The application would launch
ACTUAL -
The "Unable to launch the application error" dialog occurs with the exception shown in the error message below (appears under Exception tab).

ERROR MESSAGES/STACK TRACES THAT OCCUR :

JNLPException[category: Security Error : Exception: null : LaunchDesc: 
<jnlp spec="0.2 1.0" codebase="https://example.com/workforce/webstart/adminmodule/">
  <information>
    <title>Example Admin Client 16.2.0.1</title>
    <vendor>WorkForce Software</vendor>
    <description>EmpCenter Admin Client</description>
    <icon href="workforce_icon.ico"/>
    <icon href="empcenter-splash-screen.png" kind="splash"/>
    <offline-allowed/>
  </information>
  <security>
    <all-permissions/>
  </security>
  <resources>
    <j2se version="1.8" max-heap-size="1024m"/>
    <j2se version="1.7" max-heap-size="1024m"/>
    <property name="jnlp.packEnabled" value="true"/>
    <jar href="Workforce_AdminClient_Signed-16.2.0.1.jar" main="true" download="eager"/>
  </resources>
  <application-desc main-class="com.workforcesoftware.Client.AdminModule.AdminMain">
    <argument>--unify-enabled</argument>
    <argument>"false"</argument>
    <argument>--autologin</argument>
    <argument>TOKEN</argument>
    <argument>--session-cookie-name</argument>
    <argument>JSESSIONID</argument>
    <argument>https://example.com/workforce</argument>
  </application-desc>
</jnlp> ]
	at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
	at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
	at com.sun.javaws.Launcher.prepareResources(Unknown Source)
	at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
	at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
	at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
	at com.sun.javaws.Launcher.launch(Unknown Source)
	at com.sun.javaws.Main.launchApp(Unknown Source)
	at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
	at com.sun.javaws.Main.access$000(Unknown Source)
	at com.sun.javaws.Main$1.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
Downgrading to Java 8 Update 111 is the only workaround