[jboss-cvs] Picketbox SVN: r241 - trunk/security-jboss-sx/identity/src/main/java/org/jboss/security/identity/plugins.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Wed Aug 10 14:42:50 EDT 2011 

Author: mmoyses
Date: 2011-08-10 14:42:50 -0400 (Wed, 10 Aug 2011)
New Revision: 241

Modified:
   trunk/security-jboss-sx/identity/src/main/java/org/jboss/security/identity/plugins/SimpleRoleGroup.java
Log:
SECURITY-612: preventing CME

Modified: trunk/security-jboss-sx/identity/src/main/java/org/jboss/security/identity/plugins/SimpleRoleGroup.java
===================================================================
--- trunk/security-jboss-sx/identity/src/main/java/org/jboss/security/identity/plugins/SimpleRoleGroup.java	2011-08-01 14:51:55 UTC (rev 240)
+++ trunk/security-jboss-sx/identity/src/main/java/org/jboss/security/identity/plugins/SimpleRoleGroup.java	2011-08-10 18:42:50 UTC (rev 241)
@@ -25,6 +25,7 @@
 import java.security.acl.Group;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.Enumeration;
 import java.util.List;
 import java.util.Set;
@@ -57,6 +58,8 @@
    public SimpleRoleGroup(String roleName, List<Role> roles)
    {
       super(roleName);
+      if (this.roles == null)
+         this.roles = new ArrayList<Role>();
       addAll(roles);
    }
 
@@ -186,7 +189,7 @@
       {
          //Dealing with another roleGroup
          RoleGroup anotherRG = (RoleGroup) anotherRole;
-         List<Role> anotherRoles = anotherRG.getRoles();
+         CopyOnWriteArrayList<Role> anotherRoles = new CopyOnWriteArrayList<Role>(anotherRG.getRoles());
          for (Role r : anotherRoles)
          {
             //if any of the roles are not there, no point checking further
@@ -206,7 +209,7 @@
    {
       if (anotherRole == null)
          throw new IllegalArgumentException("anotherRole is null");
-      List<Role> roleList = anotherRole.getRoles();
+      CopyOnWriteArrayList<Role> roleList = new CopyOnWriteArrayList<Role>(anotherRole.getRoles());
       for (Role r : roleList)
       {
          if (this.containsAll(r))
@@ -250,4 +253,4 @@
       builder.append(")");
       return builder.toString();
    }
-}
\ No newline at end of file
+}

More information about the jboss-cvs-commits mailing list