Abstract: In accordance with an embodiment, described herein is a system and method for automatic porting of software applications into a cloud computing environment (cloud environment, cloud). A cloud service enables software developers to deploy user applications to run within the cloud environment. When a user application is deployed to the environment, a deployment logic determines those aspects of the application, such as certain service usages, that may be incompatible with features provided by the environment, or that should use a particular cloud service, and automatically ports the application, including the use of one or more handlers or extensions, for use within the environment. For example, a user application may have been originally developed to use JAVAMAIL™, which presents a security risk in a cloud environment. To minimize such risk, the application can instead be ported to use, for example, a REST-based e-mail service supported by the cloud environment.

Abstract: In accordance with an embodiment, described herein is a system and method for providing application security in a cloud computing or other environment. A plurality of hot-spot configurations define API usages which, for security reasons, are of interest to be monitored at runtime, such as invocations of particular methods that are likely to be used to attempt unauthorized access. Upon a user application being received for deployment to the cloud environment, an application compiler determines, for API usages expressed as method invocations within the source code of the application, one or more hot-spot configurations and associated policies or actions. The application compiler can then inject the user application to provide a security manager that, during runtime, monitors the methods and values invoked, and communicates with one or more security extensions to grant or deny access.

Abstract: In accordance with an embodiment, described herein is a system and method for automatic porting of software applications into a cloud computing environment (cloud environment, cloud). A cloud service enables software developers to deploy user applications to run within the cloud environment. When a user application is deployed to the environment, a deployment logic determines those aspects of the application, such as certain service usages, that may be incompatible with features provided by the environment, or that should use a particular cloud service, and automatically ports the application, including the use of one or more handlers or extensions, for use within the environment. For example, a user application may have been originally developed to use JavaMail, which presents a security risk in a cloud environment. To minimize such risk, the application can instead be ported to use, for example, a REST-based e-mail service supported by the cloud environment.

Abstract: A system and method for providing asynchrony in web services, such as Java-based web services, including in some instances use of a distributed in-memory data grid. Embodiments of the system allow a client application or client to make requests upon a server application or service. A queuing feature, such as one or more Java Message Service (JMS) queues, can be used to store incoming requests at the server side, to support asynchronous behavior. In accordance with an embodiment, instead of or in addition to JMS, the system can use a distributed in-memory data grid, such as Oracle Coherence, to provide queuing functionality.

Abstract: In accordance with an embodiment, described herein is a system and method for providing application security in a cloud computing or other environment. A plurality of hot-spot configurations define API usages which, for security reasons, are of interest to be monitored at runtime, such as invocations of particular methods that are likely to be used to attempt unauthorized access. Upon a user application being received for deployment to the cloud environment, an application compiler determines, for API usages expressed as method invocations within the source code of the application, one or more hot-spot configurations and associated policies or actions. The application compiler can then inject the user application to provide a security manager that, during runtime, monitors the methods and values invoked, and communicates with one or more security extensions to grant or deny access.