|

Simple XML Serialization

Google App Engine support

View: New views

3 Messages — Rating Filter: Alert me

	Google App Engine support by Jeremy Blythe :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Google App Engine has various restrictions which hamper some frameworks. JAXB cannot be used on GAE because it uses many clasees which are not in the "whitelist". Simple however, works really well and causes no problems in the Local environment. However, when I deployed this to Google I was hit by the Sandbox limitations for Reflection. When Simple scans your classes to build its "schema" it calls setAccessible(true) on every method and constructor it finds all the way up the hierarchy to Object. This violates the sandbox restriction: "An application cannot reflect against any other classes not belonging to itself, and it can not use the `setAccessible()` method to circumvent these restrictions." App Engine throws a SecurityException when you try to call setAccessible(true) on one of its classes. For my purposes (and probably the majority case?) I do not need to serialize or deserialize to any non-public method of any superclasses other than my own. So given this I decided to absorb any SecurityExceptions thrown during the scanning process thus leaving those methods out of the "schema". Two minor changes are required to the source. The scan methods in org.simpleframework.xml.core.ClassScanner and org.simpleframework.xml.core.ConstructrorScanner both need a try..catch block added like so: //ClassScanner private void scan(Class real, Class type) throws Exception { Method[] method = type.getDeclaredMethods(); for(int i = 0; i < method.length; i++) { Method next = method[i]; try { if(!next.isAccessible()) { next.setAccessible(true); } scan(next); } catch (SecurityException e) { // Absorb this } } } //ConstructorScanner private void scan(Class type) throws Exception { Constructor[] array = type.getDeclaredConstructors(); for(Constructor factory: array){ ClassMap map = new ClassMap(type); try { if(!factory.isAccessible()) { factory.setAccessible(true); } scan(factory, map); } catch (SecurityException e) { // Absorb this } } } This works well now in the Local and Deployed environments. Perhaps Simple would benefit from a mode or an option on the @Root annotation to specify the depth of class scanning as an alternative to this work-around? It would be good to see Simple as the XML Serialization framework of choice for Google App Engine projects! I would be happy to contribute changes if you think this would be appropriate. Jeremy. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Simple-support mailing list Simple-support@... https://lists.sourceforge.net/lists/listinfo/simple-support
	Re: Google App Engine support by niall.gallagher :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, This sounds like a reasonable fix, ill ensure to add it in to the next release. Thanks, Niall Niall Gallagher RBS Global Banking & Markets Office: +44 2070851454 From: Jeremy Blythe [mailto:jeremyblythe@...] Sent: 08 November 2009 19:47 To: simple-support@... Subject: [Simple-support] Google App Engine support Google App Engine has various restrictions which hamper some frameworks. JAXB cannot be used on GAE because it uses many clasees which are not in the "whitelist". Simple however, works really well and causes no problems in the Local environment. However, when I deployed this to Google I was hit by the Sandbox limitations for Reflection. When Simple scans your classes to build its "schema" it calls setAccessible(true) on every method and constructor it finds all the way up the hierarchy to Object. This violates the sandbox restriction: "An application cannot reflect against any other classes not belonging to itself, and it can not use the `setAccessible()` method to circumvent these restrictions." App Engine throws a SecurityException when you try to call setAccessible(true) on one of its classes. For my purposes (and probably the majority case?) I do not need to serialize or deserialize to any non-public method of any superclasses other than my own. So given this I decided to absorb any SecurityExceptions thrown during the scanning process thus leaving those methods out of the "schema". Two minor changes are required to the source. The scan methods in org.simpleframework.xml.core.ClassScanner and org.simpleframework.xml.core.ConstructrorScanner both need a try..catch block added like so: //ClassScanner private void scan(Class real, Class type) throws Exception { Method[] method = type.getDeclaredMethods(); for(int i = 0; i < method.length; i++) { Method next = method[i]; try { if(!next.isAccessible()) { next.setAccessible(true); } scan(next); } catch (SecurityException e) { // Absorb this } } } //ConstructorScanner private void scan(Class type) throws Exception { Constructor[] array = type.getDeclaredConstructors(); for(Constructor factory: array){ ClassMap map = new ClassMap(type); try { if(!factory.isAccessible()) { factory.setAccessible(true); } scan(factory, map); } catch (SecurityException e) { // Absorb this } } } This works well now in the Local and Deployed environments. Perhaps Simple would benefit from a mode or an option on the @Root annotation to specify the depth of class scanning as an alternative to this work-around? It would be good to see Simple as the XML Serialization framework of choice for Google App Engine projects! I would be happy to contribute changes if you think this would be appropriate. Jeremy. ********************************************************************************* The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority. This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our website at www.rbs.com ********************************************************************************* ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Simple-support mailing list Simple-support@... https://lists.sourceforge.net/lists/listinfo/simple-support
	Re: Google App Engine support by Jeremy Blythe :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Excellent. Any idea when the next release will be? :) On Mon, Nov 9, 2009 at 9:47 AM, <niall.gallagher@...> wrote: Hi, This sounds like a reasonable fix, ill ensure to add it in to the next release. Thanks, Niall Niall Gallagher RBS Global Banking & Markets Office: +44 2070851454 From: Jeremy Blythe [mailto:jeremyblythe@...] Sent: 08 November 2009 19:47 To: simple-support@... Subject: [Simple-support] Google App Engine support Google App Engine has various restrictions which hamper some frameworks. JAXB cannot be used on GAE because it uses many clasees which are not in the "whitelist". Simple however, works really well and causes no problems in the Local environment. However, when I deployed this to Google I was hit by the Sandbox limitations for Reflection. When Simple scans your classes to build its "schema" it calls setAccessible(true) on every method and constructor it finds all the way up the hierarchy to Object. This violates the sandbox restriction: "An application cannot reflect against any other classes not belonging to itself, and it can not use the `setAccessible()` method to circumvent these restrictions." App Engine throws a SecurityException when you try to call setAccessible(true) on one of its classes. For my purposes (and probably the majority case?) I do not need to serialize or deserialize to any non-public method of any superclasses other than my own. So given this I decided to absorb any SecurityExceptions thrown during the scanning process thus leaving those methods out of the "schema". Two minor changes are required to the source. The scan methods in org.simpleframework.xml.core.ClassScanner and org.simpleframework.xml.core.ConstructrorScanner both need a try..catch block added like so: //ClassScanner private void scan(Class real, Class type) throws Exception { Method[] method = type.getDeclaredMethods(); for(int i = 0; i < method.length; i++) { Method next = method[i]; try { if(!next.isAccessible()) { next.setAccessible(true); } scan(next); } catch (SecurityException e) { // Absorb this } } } //ConstructorScanner private void scan(Class type) throws Exception { Constructor[] array = type.getDeclaredConstructors(); for(Constructor factory: array){ ClassMap map = new ClassMap(type); try { if(!factory.isAccessible()) { factory.setAccessible(true); } scan(factory, map); } catch (SecurityException e) { // Absorb this } } } This works well now in the Local and Deployed environments. Perhaps Simple would benefit from a mode or an option on the @Root annotation to specify the depth of class scanning as an alternative to this work-around? It would be good to see Simple as the XML Serialization framework of choice for Google App Engine projects! I would be happy to contribute changes if you think this would be appropriate. Jeremy. ********************************************************************************* The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority. This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our website at www.rbs.com ********************************************************************************* ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Simple-support mailing list Simple-support@... https://lists.sourceforge.net/lists/listinfo/simple-support