[
https://issues.apache.org/jira/browse/HBASE-20735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16526481#comment-16526481
]
Amit Anand commented on HBASE-20735:
------------------------------------
Also, I am able to attach a {{coprocessor}} when {{whitelist}} path is not
defined at all. Below is the configuration in my {{hbase-site.xml}}
{code:java}
<property>
<name>hbase.coprocessor.region.classes</name>
<value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
<name>hbase.coprocessor.regionserver.classes</name>
<value>org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
<name>hbase.coprocessor.master.classes</name>
<value>org.apache.hadoop.hbase.security.access.AccessController,org.apache.hadoop.hbase.security.access.CoprocessorWhitelistMasterObserver</value>
</property>
--
<property>
<name>hbase.coprocessor.abortonerror</name>
<value>true</value>
</property>
--
<property>
<name>hbase.coprocessor.region.whitelist.paths</name>
<value></value>
</property>{code}
and below is what I am able to do via {{hbase shell}}
{code:java}
create 'test_coprocessors', 'c'
alter 'test_coprocessors', METHOD => 'table_att', 'COPROCESSOR' =>
'hdfs:/tmp/coprocessors/coprocessors-0.4.0.jar|com.foo.bar.coprocessors.observers.PrefixedDataFilter|100|prefix=P'
{code}
> Invalid validation of coprocessor whitelist
> -------------------------------------------
>
> Key: HBASE-20735
> URL: https://issues.apache.org/jira/browse/HBASE-20735
> Project: HBase
> Issue Type: Bug
> Components: Coprocessors
> Reporter: Jagadeesh Anabathula
> Assignee: Clay B.
> Priority: Major
> Labels: security
>
> Per HBASE-16700, coprocessors can be present only in whitelisted paths.
> It validates for every new coprocessor, if jar's path is in whitelist paths.
> It is currently validating only the first coprocessor that is set to a
> table. All the coprocessors that are added after that are not validated and
> allows path other than that are whitelisted.
> In my case, I have hbase.coprocessor.region.whitelist.paths as
> /tmp/**,*/tmp/coprocessors/*
> Following works fine
> {code}
> hbase(main):001:0> create 'test_coprocessors', 'c'
> 0 row(s) in 1.7540 seconds
> => Hbase::Table - test_coprocessors
> hbase(main):002:0> alter 'test_coprocessors', METHOD => 'table_att',
> 'COPROCESSOR' =>
> 'hdfs:/tmp/coprocessors/coprocessors-0.4.0.jar|com.test.hbase.coprocessors.observers.PrefixedDataFilter|100|prefix=P'
> Updating all regions with the new schema...
> 1/1 regions updated.
> Done.
> 0 row(s) in 2.1250 seconds
> hbase(main):003:0> alter 'test_coprocessors', METHOD => 'table_att',
> 'COPROCESSOR' =>
> 'hdfs:/user/hbase/coprocessors/coprocessors-0.4.0.jar|com.test.hbase.coprocessors.observers.PrefixedDataFilter|100|prefix=P'
> Updating all regions with the new schema...
> 1/1 regions updated.
> Done.
> 0 row(s) in 1.9690 seconds
> hbase(main):004:0> desc 'test_coprocessors'
> Table test_coprocessors is ENABLED
> test_coprocessors, {TABLE_ATTRIBUTES => {METADATA => {'COPROCESSOR$1' =>
> 'hdfs:/tmp/coprocessors/coprocessors-0.4.0.jar|com.test.hbase.coprocessors.observer
> s.PrefixedDataFilter|100|prefix=P', 'COPROCESSOR$2' =>
> 'hdfs:/user/hbase/coprocessors/coprocessors-0.4.0.jar|com.test.hbase.coprocessors.observers.Prefi
> xedDataFilter|100|prefix=P'}}
> COLUMN FAMILIES DESCRIPTION
> {NAME => 'c', BLOOMFILTER => 'ROW', VERSIONS => '1', IN_MEMORY => 'false',
> KEEP_DELETED_CELLS => 'FALSE', DATA_BLOCK_ENCODING => 'NONE', TTL =>
> 'FOREVER', COMPRESSION => 'NONE', MIN_VERSIONS => '0', BLOCKCACHE => 'true',
> BLOCKSIZE => '65536', REPLICATION_SCOPE => '0'}
> 1 row(s) in 0.0220 seconds
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
