[
https://issues.apache.org/jira/browse/HBASE-21881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16766179#comment-16766179
]
Kevin Risden commented on HBASE-21881:
--------------------------------------
[~nihaljain.cs] I saw from HBASE-21872 that it looked like it was picking up
JDK 1.6 signatures. There is a way to make sure it picks up the JDK 1.8
signatures. Might also be worth adding commons-io.
We use this in Knox to make sure the right signatures are picked up:
{code:java}
<!-- Ensure that source and target version are overridden from base ASF POM.
This is also used by forbiddenapis to ensure correct signatures are loaded. -->
<maven.compiler.source>8</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target>
{code}
The above can also be specified in the plugin config as well.
Commons io signature
{code:java}
<!-- disallow unsafe commons-io classes -->
<bundledSignature>commons-io-unsafe-${commons-io.version}</bundledSignature>
{code}
> Use Forbidden API Checker to prevent future usages of forbidden api's
> ---------------------------------------------------------------------
>
> Key: HBASE-21881
> URL: https://issues.apache.org/jira/browse/HBASE-21881
> Project: HBase
> Issue Type: Improvement
> Components: build
> Reporter: Nihal Jain
> Assignee: Nihal Jain
> Priority: Major
>
> [Policeman's Forbidden API
> Checker|https://github.com/policeman-tools/forbidden-apis] provides an
> elegant way to fail build if any "forbidden api" is used in the code base.
> Here we will add the plugin to our pom.xml.
> We will discuss which all api's to put in forbidden list. Or whether to use
> the one's bundled with the plugin.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
