Question

Google App Engine有一个“JRE Class White List”。

我真正想要的是“黑名单” - 换句话说，Java API不适用于GAE。这样的清单是否存在？是否有任何开发人员在GAE上遇到Java API问题？

Answer 1

他们似乎采取了更多的白名单方法：http://code.google.com/appengine/docs/java/jrewhitelist.html。

此处还有关于沙箱的更多详细信息（它可以访问哪些文件等）：http://code.google.com/appengine/docs/java/runtime.html#The_Sandbox

这些限制似乎非常直观（例如受限制的文件系统访问，没有JNI等）。

Answer 2

我不知道黑名单，但以下链接可能会有所帮助：http://groups.google.com/group/google-appengine-java/web/will-it-play-in-app-engine

Answer 3

我在Google I / O上有一张宣传此服务的卡片：

LTech AppEngine Compatibility Analyzer

听起来它可能对你有用。我没试过，如果你试试，请回来评论。谢谢！

Answer 4

我在我的GAE项目中使用Servlet，但即使它没有任何问题也不在白名单中。实际上，Google提到了如何使用Servlet，但它不在白名单中

导入javax.servlet.http。*;

这里提到：

http://code.google.com/appengine/docs/java/runtime.html

但不包括在内：

http://code.google.com/appengine/docs/java/jrewhitelist.html

我喜欢GAE（因为免费配额），但文档很乱。

我使用IntelliJ，当导入不在白名单中时，它标记为错误。但是，可以禁用它。

Answer 5

当我遇到这个问题时，我正在寻找一些东西，所以想到分享黑色＆amp; GAE（Google App Engine）的白名单，所以任何人都可以解决这个问题。详情： -

appengine-agentruntime.jar 有两个实例变量： -

private static Agent agent      
private static Set<String> blackList

我们从代理商＆amp;获取blackList agent = AppEngineDevAgent.getAgent()。因此，如果我们检查 b）appengine-agent.jar ，我们可以找到代理Class<?> implClass = agentImplLoader.loadClass("com.google.appengine.tools.development.agent.impl.AgentImpl");

然后转到AgentImpl类，即 c）appengine-agentimpl.jar 我们可以通过静态初始化和放大，看看在类加载时填充的黑名单变量它引用白名单来过滤允许的类。

static {
            initBlackList();
        }

    public static Set<String> getBlackList() {
        return blackList;
    }

    private static boolean isBlackListed(String className) {
        Set<String> whiteList = WhiteList.getWhiteList();
        return (!whiteList.contains(className))
                && (!className.startsWith("com.sun.xml.internal.bind."));
    }

最后可以检查 d）appengine-tools-sdk-1.8.3.jar 以获取所有WhiteList类的列表。

结论： 作为一个黑客，为了使用任何不属于此WhiteList的JRE类，需要使用WhiteList或BlackList 。如果你解开 appengine-agentruntime.jar 库＆amp; amp;将拒绝方法的内容评论为

public static void reject(String className) {
    /*throw new NoClassDefFoundError(className + " is a restricted class. Please see the Google " + " App Engine developer's guide for more details.");*/
  }

然后再将它装罐并在你的项目中使用。希望它有所帮助。

----------------------------------------------- ------------------------------

a） appengine-agentruntime.jar ： - 它包含实际的运行时类，它会为类引发异常（来自拒绝方法）不属于以上白名单。

package com.google.appengine.tools.development.agent.runtime;

import com.google.appengine.tools.development.agent.AppEngineDevAgent;
import com.google.appengine.tools.development.agent.impl.Agent;
import com.google.apphosting.utils.clearcast.ClearCast;
//REMOVED OTHER IMPORTS TO KEEP IT SHORT

public class Runtime {

    private static Agent agent = (Agent) ClearCast.cast(
            AppEngineDevAgent.getAgent(), Agent.class);

    private static Set<String> blackList = agent.getBlackList();

    public static ClassLoader checkParentClassLoader(ClassLoader loader) {
        ClassLoader systemLoader = ClassLoader.getSystemClassLoader();
        return (loader != null) && (loader != systemLoader) ? loader
                : Runtime.class.getClassLoader();
    }

    public static void recordClassLoader(ClassLoader loader) {
        agent.recordAppClassLoader(loader);
    }

    public static void reject(String className) {
        throw new NoClassDefFoundError(className
                + " is a restricted class. Please see the Google "
                + " App Engine developer's guide for more details.");
    }

    private static boolean isBlackListed(Class klass) {
        String className = klass.getName().replace('.', '/');
        return blackList.contains(className);
    }

    // REMOVED OTHER METHODS TO KEEP IT SHORT
}

b） appengine-agent.jar ： -

package com.google.appengine.tools.development.agent;

import com.google.apphosting.utils.clearcast.ClearCast;
//REMOVED OTHER IMPORTS TO KEEP IT SHORT

public class AppEngineDevAgent {
    private static final String AGENT_IMPL = "com.google.appengine.tools.development.agent.impl.AgentImpl";
    private static final String AGENT_IMPL_JAR = "appengine-agentimpl.jar";
    private static final Logger logger = Logger.getLogger(AppEngineDevAgent.class.getName());
    private static Object impl;

    public static void premain(String agentArgs, Instrumentation inst) {
        URL agentImplLib = findAgentImplLib();
        URLClassLoader agentImplLoader = new URLClassLoader(
                new URL[] { agentImplLib }) {
            protected PermissionCollection getPermissions(CodeSource codesource) {
                PermissionCollection perms = super.getPermissions(codesource);
                perms.add(new AllPermission());
                return perms;
            }
        };
        try {
            Class<?> implClass = agentImplLoader
                    .loadClass("com.google.appengine.tools.development.agent.impl.AgentImpl");
            impl = ((AgentImplStruct) ClearCast.staticCast(implClass,
                    AgentImplStruct.class)).getInstance();
            AgentImplStruct agentImplStruct = (AgentImplStruct) ClearCast.cast(
                    impl, AgentImplStruct.class);
            agentImplStruct.run(inst);
        } catch (Exception e) {
            logger.log(
                    Level.SEVERE,
                    "Unable to load the App Engine dev agent. Security restrictions will not be completely emulated.",
                    e);
        }
    }

    public static Object getAgent() {
        return impl;
    }

    //REMOVED OTHER METHODS TO KEEP IT SHORT
}

c） appengine-agentimpl.jar ： -

package com.google.appengine.tools.development.agent.impl;

import com.google.apphosting.runtime.security.WhiteList;
//REMOVED OTHER IMPORTS TO KEEP IT SHORT

public class BlackList {
    private static final Logger logger = Logger.getLogger(BlackList.class.getName());
    private static Set<String> blackList = new HashSet();

    static {
        initBlackList();
    }

    public static Set<String> getBlackList() {
        return blackList;
    }

    private static boolean isBlackListed(String className) {
        Set<String> whiteList = WhiteList.getWhiteList();
        return (!whiteList.contains(className))
                && (!className.startsWith("com.sun.xml.internal.bind."));
    }

    private static void initBlackList() {
        Set<File> jreJars = getCurrentJreJars();
        for (File f : jreJars) {
            JarFile jarFile = null;
            try {
                jarFile = new JarFile(f);
            } catch (IOException e) {
                logger.log(
                        Level.SEVERE,
                        "Unable to read a jre library while constructing the blacklist. Security restrictions may not be entirely emulated. "
                                + f.getAbsolutePath());
            }
            continue;

            Enumeration<JarEntry> entries = jarFile.entries();
            while (entries.hasMoreElements()) {
                JarEntry entry = (JarEntry) entries.nextElement();
                String entryName = entry.getName();
                if (entryName.endsWith(".class")) {
                    String className = entryName.replace('/', '.').substring(0,
                            entryName.length() - ".class".length());
                    if (isBlackListed(className)) {
                        blackList.add(className.replace('.', '/'));
                    }
                }
            }
        }
        blackList = Collections.unmodifiableSet(blackList);
    }

    private static Set<File> getCurrentJreJars() {
        return getJreJars(System.getProperty("java.home"));
    }

    //REMOVED OTHER METHODS TO KEEP IT SHORT
}

d） appengine-tools-sdk-1.8.3.jar ： - 它有一个名为 WhiteList 的类，其中包含所有允许的JRE类。

package com.google.apphosting.runtime.security;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;

public class WhiteList {
    private static Set<String> whiteList = new HashSet(
            Arrays.asList(new String[] {
                    "java.beans.Transient",
                    "java.lang.BootstrapMethodError",
                    "java.lang.Character$UnicodeScript",
                    "java.lang.ClassValue",
                    "java.lang.SafeVarargs",

                    //Removed other classes to keep this article short

                    "java.net.URLClassLoader",
                    "java.security.SecureClassLoader",
                    "sun.net.spi.nameservice.NameService" }));

    public static Set<String> getWhiteList() {
        return whiteList;
    }
}

Google应用引擎JRE类“黑名单”

5 个答案:

----------------------------------------------- ------------------------------