GAE seems to have chosen a subset of the JDK 1.6 classes, according to:
Google App Engine JDK whitelist
which is very sad, because you get class binding errors with all the most common java libraries that deal with data binding, reflection, class loading and comments. While some omissions may be for obsolete or obsolete things, there are others that do not. My particular problem is with stream analyzers (javax.xml.stream. *), Which were added to JDK 1.6 after a long delay (the API was completed at about the same time as JDK 1.4). Omitting this makes it difficult to perform scalable, high-performance xml processing.
The problem, as I understand it, is that the classes are not only absent, but cannot be added due to security restrictions.
So: this is an open philosophical question that probably only GAE developers could answer for sure, but ... why some APIs are dropped from the standard JDK 1.6, it would seem, arbitrarily?
UPDATE
Quick note: thanks for the answers. For what it's worth, I really don't see how security will be relevant to not including javax.xml.stream. Security aspects are important for many other things (and, for example, I do not need threads, and you can understand why they are not), so this is an understandable answer from the template; just not applicable for this.
API Stax - . , , SAX, DOM JAXP, !
, Google:
API Stax
, .