Oracle Java Cloud Service - SaaS Extension

All the productivity of Java, without the IT.

Validating user application

Whitelist validation

Every application that is installed or updated in a Java Cloud Service - SaaS Extension instance is first validated by the Whitelist tool. This tool validates deployment descriptors and other application configuration files, such as the file, as part of the Java API validation.

If there are Java API validations, the tool may not reject the application from being deployed. Instead, it creates a warning report against the violations. A security exception will be raised only during runtime, should those exceptions be exercised when the application is running. For example, it is common for third-party libraries to raise warnings during Whitelist validation; however, they are rarely exercised during runtime.

You can locally validate an application by using the whitelist.jar, which is available in the Java Cloud Service - SaaS Extension SDK.


$>java -jar whitelist.jar

Usage: java -jar whitelist.jar [-argument ...] [-help] [file1 file2 dir1 dir2 ...]

This tool can be used to scan one or more class files, JAR files, deployable archives (WAR or EAR), or exploded directories for any usages that are not allowed. It can also verify whether the input file (when the input file is not a class, JAR, WAR, or EAR) can be packaged inside a deployable archive.

For example:

  • java -jar whitelist.jar -log /home/log/newlog.log /home/apps/myapp.war
  • java -jar whitelist.jar myapp.jar
   log       - The path to the log file where the scan result will be written to.
   grid      - The flag (true/false) that indicates if the error listing should be 
               done in a grid. Please ensure to have more width on the console 
               window to ensure that the grid does not wrap.
               Default Value: false
   gridwidth - The maximum width of the grid. You can use this if you want to 
               limit the width of the grid display (for instance, when you have a 
               smaller display).

               Note: If you specify a smaller width, the grid might not be 
               formed to fit within the width. This is applicable when grid is true.					
               Default Value: 180

        $java -jar whitelist.jar localremote-ejb.jar  -grid 

 |              Whitelist validation - localremote-ejb.jar                   |
 |          Entry              |          Validation Error(s) - 3            |
 |com/prohorenko/localremote/  |Type javax.ejb.EJBObject not                 |
 |ExRem.class(2)               |allowed.(OnClassSignature:com.prohorenko.    |
 |                             |localremote.ExRem ->Base type)               |
 |                             |Type java.rmi.RemoteException not allowed.   |
 |                             |(Exceptions at method:sayHello ->            |
 |                             |OnClassSignature:java.rmi.RemoteException)   |
 |com/prohorenko/localremote   |Type java.rmi.RemoteException not allowed.   |
 |/ExRemHome.class(1)          |(Exceptions at method:create->               |
 |                             |OnClassSignature:java.rmi.RemoteException)   |
        ERROR    - Whitelist validation has failed with 3 error(s).