From 476df53fd2c989ae1b24b2071e677e443d9fc9c1 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 1 Aug 2022 12:45:11 -0400 Subject: [PATCH] Use Collections.synchronizedSet and Collections.synchronizedMap for roles, securityRoles and attributes in User (#1970) Signed-off-by: Craig Perkins (cherry picked from commit 50a94b47da5986120f4a5cbdd03d1f9d3ccae55a) --- src/main/java/org/opensearch/security/user/User.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/opensearch/security/user/User.java b/src/main/java/org/opensearch/security/user/User.java index d18e587ee8..83c7ea2eb5 100644 --- a/src/main/java/org/opensearch/security/user/User.java +++ b/src/main/java/org/opensearch/security/user/User.java @@ -62,10 +62,10 @@ public class User implements Serializable, Writeable, CustomAttributesAware { /** * roles == backend_roles */ - private final Set roles = new HashSet(); - private final Set securityRoles = new HashSet(); + private final Set roles = Collections.synchronizedSet(new HashSet()); + private final Set securityRoles = Collections.synchronizedSet(new HashSet()); private String requestedTenant; - private Map attributes = new HashMap<>(); + private Map attributes = Collections.synchronizedMap(new HashMap<>()); private boolean isInjected = false; public User(final StreamInput in) throws IOException { @@ -73,7 +73,7 @@ public User(final StreamInput in) throws IOException { name = in.readString(); roles.addAll(in.readList(StreamInput::readString)); requestedTenant = in.readString(); - attributes = in.readMap(StreamInput::readString, StreamInput::readString); + attributes = Collections.synchronizedMap(in.readMap(StreamInput::readString, StreamInput::readString)); securityRoles.addAll(in.readList(StreamInput::readString)); } @@ -250,7 +250,7 @@ public void writeTo(StreamOutput out) throws IOException { */ public synchronized final Map getCustomAttributesMap() { if(attributes == null) { - attributes = new HashMap<>(); + attributes = Collections.synchronizedMap(new HashMap<>()); } return attributes; } @@ -262,6 +262,6 @@ public final void addSecurityRoles(final Collection securityRoles) { } public final Set getSecurityRoles() { - return this.securityRoles == null ? Collections.emptySet() : Collections.unmodifiableSet(this.securityRoles); + return this.securityRoles == null ? Collections.synchronizedSet(Collections.emptySet()) : Collections.unmodifiableSet(this.securityRoles); } }