Cloud Documentation
Advanced Search

Using Oracle Java Cloud Service
Close Window

Table of Contents

Show All | Collapse

Considerations When Developing Applications on Java Cloud Service


This section provides information about the supported application standards and APIs that you need to consider when developing applications for deployment to a Java Cloud Service instance.

About Underlying Oracle Technologies

Think of each Java Cloud Service instance as a deployment target for applications using a set of Java EE release 5, Java EE release 6, and Oracle WebLogic Server capabilities. Note that Java Cloud Service is built on the following Oracle technologies:

  • Oracle WebLogic Server (WebLogic Server) release 10.3.6

  • Oracle Application Development Framework (ADF) release


All references in this document to WebLogic Server capabilities and ADF specific capabilities refer only to the releases specified in the previous list.

About Supported Applications, Standards, and APIs

Java Cloud Service supports the deployment of the following types of applications and technology standards:

WAR or EAR Deployment

Web Application Archive (WAR) or Enterprise Archive (EAR) deployment. All supported applications must be deployed through a WAR file or an EAR file (which can contain multiple WAR or JAR files).


The class loader behavior of EAR archives when deployed to a Java Cloud Service is the same as that of WebLogic Server as described in Understanding WebLogic Server Application Classloading in Oracle Fusion Middleware Developing Applications for Oracle WebLogic Server.

ADF Applications

Oracle Application Development Framework (ADF) applications are supported.

Web Applications

  • Applications using Servlet 2.5, JavaServer Pages (JSP) 2.1, Java Server Faces (JSF) release 1.2 and release 2.0.

  • Use of web.xml and weblogic.xml deployment descriptors, and related annotations are supported.

Web Services Applications

  • Applications using Java API for XML Web Services (JAX-WS) 2.1 based web services. Use of webservices.xml, weblogic-webservices.xml deployment descriptors and related annotations is supported.

  • Applications providing REST-based APIs through Java API for RESTful web services (JAX-RS) 1.1 and Jersey 1.9 annotations are supported.

Enterprise Java Beans (EJB) Containers

Applications using EJB 2.1 and EJB 3.0 specifications. Use of ejb-jar.xml, weblogic-ejb-jar.xml, and related annotations are supported with the following exceptions:

  • Only local EJB invocations are supported, specifically, the client code invoking an EJB application's interface must be either within the same deployment archive as the EJB implementation code itself or within a deployment archive that is deployed to the same Java Cloud Service instance.

  • EJB 2.x Entity Beans are not supported.

JDBC Services

  • Applications using Java Persistence API (JPA) 2.0 specifications and use of JPA persistence.xml elements with EclipseLink 2.1.3 specific extensions.

  • Direct use of Java Database Connectivity (JDBC) 4.0 APIs as described in "WebLogic Server 12.1.1 Compatibility with Previous Releases" in Oracle Fusion Middleware Upgrade Guide for Oracle WebLogic Server.

  • Use of Oracle Database 11g compatible SQL statements.

  • JDBC Data Sources provisioned within a Java Cloud Service instance upon association with a Database Cloud Service instance will be XA-enabled JDBC data sources.

Java Platform, Standard Edition (SE) 1.6 or 1.7 APIs

Applications can use the set of Java SE 1.6 or 1.7 public APIs, as long as they pass the Java Cloud Service whitelist tool, and that their use is in-line with Java EE best practices. See Java Cloud Service Whitelist Validation.

Other Supported Java EE 5 and 6 Specifications

This section describes other Java EE 5 and Java EE 6 specifications supported by the Java Cloud Service.


Some Java EE specifications in this section relate purely to the underlying Java EE container environment and are irrelevant to the actual Java EE deployment archives and how they are developed (for example, Java Authentication and Authorization Service (JaaS)). Although these specifications are supported, they are not listed here.

Supported Specification Supported Version

JavaServer Pages Standard Tag Library (JSTL)


Java Data Base Connectivity (JDBC)


Java Persistence API


Web Services Metadata for the Java Platform


Java Naming and Directory Interface Specification (JNDI)


Java Transaction API (JTA)


Streaming API for XML (StAX)


SOAP with Attachments API for Java (SAAJ)


JavaBeans Activation Framework Specification (JAF)


Java API for XML Processing (JAXP)


Java Management Extensions (JMX)

Note: JMX is only supported for exposure of MBeans within a deployment archive and access to these MBeans from the deployment archive itself or other archives deployed to the same Java Cloud Service instance.


Java API for XML-based Web Services (JAX-WS)


Java API for RESTful Web Services (JAX-RS)


Java Architecture for XML Binding (JAXB)


Other Supported Public WebLogic Server 10.3.6 APIs and Capabilities

This section describes additional public WebLogic Server 10.3.6 APIs and capabilities supported by the Java Cloud Service.


As a best practice, Oracle recommends that you always use standard Java APIs for your Java Cloud Service and avoid using WebLogic Server APIs to ensure that your applications are portable to other environments. This way your applications will not get locked into running only on the Oracle Java Cloud Service.

API Description


Used for internal (non-catalogue) WebLogic server logging


For applications using custom WebLogic Server specific tags


Response caching servlet filter


Used for implementation of application life-cycle listeners


Public I18N APIs and logging


Public I18N APIs and logging


For Java Naming and Directory Interface (JNDI) lookup within WLS JNDI tree


WebLogic specific extensions to JAX-WS for supporting WS-*


For annotations based servlet descriptions


API used for direct JTA interaction

About the Application Deployment Validation Process and Run-time Security


During application deployment and at run-time, the Java Cloud Service utilizes both the Java Security Manager and a whitelisting tool to enforce certain API restrictions. However, these API validations are not the primary security defense mechanisms for Java Cloud Service. Oracle Cloud has extensive primary security defense mechanisms at the VM, OS and network layers.

During the Java Cloud Service deployment process, every application or library undergoes a series of security checks before that application or library is actually deployed. For technical and security reasons, a small number of specific APIs are prevented from executing in Oracle Cloud.

The Java Security Manager performs additional security validation during application run-time. For example, an application that has packaged some third-party JAR files that have API violations are permitted to be deployed as long as the violated usages are not exercised during run-time. Security exceptions will be raised when those APIs are exercised.

See also Unsupported Features and APIs.

Application and Library Deployment Validation Flow

Every application or library that is being deployed undergoes background security checks before that application is attempted to deployed.

  1. Virus scan

  2. Whitelist validation

  3. WLS compile

  4. Cloud compile

  5. Deploy

For a typical deployment, Java Cloud Service generates five logs, one for each of these security checks. These logs are the result of background jobs that ran against the application and determined whether the application contains a virus or could otherwise cause problems. For more information, see Viewing the Activity Logs.

Java Cloud Service Whitelist Validation

The Whitelist tool validates deployment descriptors and other application configuration files, such as the file, as part of the Java API validation. If there are Java API validations, the tool may not reject the application from being deployed. Instead, it would create a warning report against the violations. A security exception will be raised only during runtime, should those exceptions be exercised when the application is running. For example, it is common for third-party libraries to raise warnings during Whitelist validation; however, they are rarely exercised during runtime.

For instructions on downloading the SDK, see Downloading the Java Cloud Service SDK.


The Java Cloud Service "whitelist" is actually the result of what are sometimes called blacklist and whitelist checks. It may be helpful to think of Java Cloud Service whitelist validation as simply a compatibility check.