Ensure that array of valid permissions can't be modified outside the class

2025-06-28 06:42:49 +00:00 · 2006-08-22 17:57:18 +00:00 · 2006-08-22 17:57:18 +00:00 · 27d2db9e22
commit 27d2db9e22
parent 38ec0f0d30
3 changed files with 35 additions and 19 deletions
--- a/core/src/main/java/org/acegisecurity/acl/basic/SimpleAclEntry.java
+++ b/core/src/main/java/org/acegisecurity/acl/basic/SimpleAclEntry.java
@ -44,17 +44,18 @@ public class SimpleAclEntry extends AbstractBasicAclEntry {
    public static final int READ_WRITE_DELETE = READ | WRITE | DELETE;
    // Array required by the abstract superclass via getValidPermissions()
-    private static final int[] validPermissions = {
+    private static final int[] VALID_PERMISSIONS = {
            NOTHING, ADMINISTRATION, READ, WRITE, CREATE, DELETE, READ_WRITE_CREATE_DELETE, READ_WRITE_CREATE,
            READ_WRITE, READ_WRITE_DELETE
        };
    private static final String[] VALID_PERMISSIONS_AS_STRING = {
            "NOTHING", "ADMINISTRATION", "READ", "WRITE", "CREATE", "DELETE", "READ_WRITE_CREATE_DELETE", "READ_WRITE_CREATE",
            "READ_WRITE", "READ_WRITE_DELETE" };
    //~ Constructors ===================================================================================================
-/**
+    /**
     * Allows {@link BasicAclDao} implementations to construct this object
     * using <code>newInstance()</code>.
     * 
@ -73,8 +74,11 @@ public class SimpleAclEntry extends AbstractBasicAclEntry {
    //~ Methods ========================================================================================================
    /**
     * @return a copy of the permissions array, changes to the values won't affect this class.
     */
    public int[] getValidPermissions() {
-        return validPermissions;
+        return (int[]) VALID_PERMISSIONS.clone();
    }
    public String printPermissionsBlock(int i) {
@ -123,8 +127,9 @@ public class SimpleAclEntry extends AbstractBasicAclEntry {
     */
    public static int parsePermission(String permission) {
        for (int i = 0; i < VALID_PERMISSIONS_AS_STRING.length; i++) {
-            if (VALID_PERMISSIONS_AS_STRING[i].equalsIgnoreCase(permission))
+            if (VALID_PERMISSIONS_AS_STRING[i].equalsIgnoreCase(permission)) {
-                return validPermissions[i];
+                return VALID_PERMISSIONS[i];
            }
        }
        throw new IllegalArgumentException("Permission provided does not exist: " + permission);
    }
--- a/core/src/test/java/org/acegisecurity/acl/basic/SimpleAclEntryTests.java
+++ b/core/src/test/java/org/acegisecurity/acl/basic/SimpleAclEntryTests.java
@ -172,13 +172,13 @@ public class SimpleAclEntryTests extends TestCase {
    }
    public void testParsePermission() {
-        assertPermission("NOTHING", 0);
+        assertPermission("NOTHING", SimpleAclEntry.NOTHING);
-        assertPermission("ADMINISTRATION", 1);
+        assertPermission("ADMINISTRATION", SimpleAclEntry.ADMINISTRATION);
-        assertPermission("READ", 2);
+        assertPermission("READ", SimpleAclEntry.READ);
-        assertPermission("WRITE", 4);
+        assertPermission("WRITE", SimpleAclEntry.WRITE);
-        assertPermission("CREATE", 8);
+        assertPermission("CREATE", SimpleAclEntry.CREATE);
-        assertPermission("DELETE", 16);
+        assertPermission("DELETE", SimpleAclEntry.DELETE);
-        assertPermission("READ_WRITE_DELETE", 22);
+        assertPermission("READ_WRITE_DELETE", SimpleAclEntry.READ_WRITE_DELETE);
    }
    public void testParsePermissionWrongValues() {
@ -193,4 +193,15 @@ public class SimpleAclEntryTests extends TestCase {
    private void assertPermission(String permission, int value) {
        assertEquals(value, SimpleAclEntry.parsePermission(permission));
    }
    /**
     * Check that the value returned by {@link SimpleAclEntry#getValidPermissions()} is not modifiable.
     */
    public void testGetPermissions() {
        SimpleAclEntry acl = new SimpleAclEntry("", new NamedEntityObjectIdentity("x", "x"), null, 0);
        int[] permissions = acl.getValidPermissions();
        int i = permissions[0];
        permissions[0] -= 100;
        assertEquals("Value returned by getValidPermissions can be modified", i, acl.getValidPermissions()[0]);
    }
 }
--- a/core/src/test/java/org/acegisecurity/vote/BasicAclEntryVoterTests.java
+++ b/core/src/test/java/org/acegisecurity/vote/BasicAclEntryVoterTests.java
@ -446,13 +446,13 @@ public class BasicAclEntryVoterTests extends TestCase {
    }
    public void testSetRequirePermissionFromString() {
-        assertPermission("NOTHING", 0);
+        assertPermission("NOTHING", SimpleAclEntry.NOTHING);
-        assertPermission("ADMINISTRATION", 1);
+        assertPermission("ADMINISTRATION", SimpleAclEntry.ADMINISTRATION);
-        assertPermission("READ", 2);
+        assertPermission("READ", SimpleAclEntry.READ);
-        assertPermission("WRITE", 4);
+        assertPermission("WRITE", SimpleAclEntry.WRITE);
-        assertPermission("CREATE", 8);
+        assertPermission("CREATE", SimpleAclEntry.CREATE);
-        assertPermission("DELETE", 16);
+        assertPermission("DELETE", SimpleAclEntry.DELETE);
-        assertPermission(new String[] { "WRITE", "CREATE" }, new int[] { 4, 8 });
+        assertPermission(new String[] { "WRITE", "CREATE" }, new int[] { SimpleAclEntry.WRITE, SimpleAclEntry.CREATE });
    }
    public void testSetRequirePermissionFromStringWrongValues() {