Jonathan Leech created HBASE-6850:
-------------------------------------
Summary: PlainTextMessageBodyProducer is dangerous
Key: HBASE-6850
URL: https://issues.apache.org/jira/browse/HBASE-6850
Project: HBase
Issue Type: Bug
Components: client, REST
Affects Versions: 0.94.1
Reporter: Jonathan Leech
- It is my understanding that there is one and only one hbase jar, which
includes
org.apache.hadoop.hbase.rest.provider.producer.PlainTextMessageBodyProducer,
which is only used in the REST / jersey server-side implementation.
- PlainTextMessageBodyProducer claims to provide a text/plain output for
absolutely any input by calling .toString() on it.
- If I am a client to HBase, and I do my own REST / jersey, including my own
custom text/plain writing, by default the jersey stack finds
PlainTextMessageBodyProducer and uses it instead of mine.
I could be off base here; so please feel free to change this from a Bug to a
Feature Request or close it, especially if my assumptions are wrong.
Workaround: set init-param of com.sun.jersey.config.property.packages to limit
it to my own packages.
Recommended fix:
- provide a client jar and / or a maven pom for hbase-client which doesn't
include server-side hbase code or dependencies.
and / or
- don't return true from isWriteable() for every possible input, or create a
different custom mime type that other users of the API might be also using, and
if possible map text/plain to that type in the server.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
