Ensure that array of valid permissions can't be modified outside the class

core/src/main/java/org/acegisecurity/acl/basic/SimpleAclEntry.java

@@ -44,17 +44,18 @@ public class SimpleAclEntry extends AbstractBasicAclEntry {
     public static final int READ_WRITE_DELETE = READ | WRITE | DELETE;
 
     // Array required by the abstract superclass via getValidPermissions()
-    private static final int[] validPermissions = {
+    private static final int[] VALID_PERMISSIONS = {
             NOTHING, ADMINISTRATION, READ, WRITE, CREATE, DELETE, READ_WRITE_CREATE_DELETE, READ_WRITE_CREATE,
             READ_WRITE, READ_WRITE_DELETE
         };
+
     private static final String[] VALID_PERMISSIONS_AS_STRING = {
             "NOTHING", "ADMINISTRATION", "READ", "WRITE", "CREATE", "DELETE", "READ_WRITE_CREATE_DELETE", "READ_WRITE_CREATE",
             "READ_WRITE", "READ_WRITE_DELETE" };
 
     //~ Constructors ===================================================================================================
 
-/**
+    /**
      * Allows {@link BasicAclDao} implementations to construct this object
      * using <code>newInstance()</code>.
      * 
@@ -73,8 +74,11 @@ public class SimpleAclEntry extends AbstractBasicAclEntry {
 
     //~ Methods ========================================================================================================
 
+    /**
+     * @return a copy of the permissions array, changes to the values won't affect this class.
+     */
     public int[] getValidPermissions() {
-        return validPermissions;
+        return (int[]) VALID_PERMISSIONS.clone();
     }
 
     public String printPermissionsBlock(int i) {
@@ -123,8 +127,9 @@ public class SimpleAclEntry extends AbstractBasicAclEntry {
      */
     public static int parsePermission(String permission) {
         for (int i = 0; i < VALID_PERMISSIONS_AS_STRING.length; i++) {
-            if (VALID_PERMISSIONS_AS_STRING[i].equalsIgnoreCase(permission))
-                return validPermissions[i];
+            if (VALID_PERMISSIONS_AS_STRING[i].equalsIgnoreCase(permission)) {
+                return VALID_PERMISSIONS[i];
+            }
         }
         throw new IllegalArgumentException("Permission provided does not exist: " + permission);
     }

core/src/test/java/org/acegisecurity/acl/basic/SimpleAclEntryTests.java

@@ -172,13 +172,13 @@ public class SimpleAclEntryTests extends TestCase {
     }
 
     public void testParsePermission() {
-        assertPermission("NOTHING", 0);
-        assertPermission("ADMINISTRATION", 1);
-        assertPermission("READ", 2);
-        assertPermission("WRITE", 4);
-        assertPermission("CREATE", 8);
-        assertPermission("DELETE", 16);
-        assertPermission("READ_WRITE_DELETE", 22);
+        assertPermission("NOTHING", SimpleAclEntry.NOTHING);
+        assertPermission("ADMINISTRATION", SimpleAclEntry.ADMINISTRATION);
+        assertPermission("READ", SimpleAclEntry.READ);
+        assertPermission("WRITE", SimpleAclEntry.WRITE);
+        assertPermission("CREATE", SimpleAclEntry.CREATE);
+        assertPermission("DELETE", SimpleAclEntry.DELETE);
+        assertPermission("READ_WRITE_DELETE", SimpleAclEntry.READ_WRITE_DELETE);
     }
 
     public void testParsePermissionWrongValues() {
@@ -193,4 +193,15 @@ public class SimpleAclEntryTests extends TestCase {
     private void assertPermission(String permission, int value) {
         assertEquals(value, SimpleAclEntry.parsePermission(permission));
     }
+
+    /**
+     * Check that the value returned by {@link SimpleAclEntry#getValidPermissions()} is not modifiable.
+     */
+    public void testGetPermissions() {
+        SimpleAclEntry acl = new SimpleAclEntry("", new NamedEntityObjectIdentity("x", "x"), null, 0);
+        int[] permissions = acl.getValidPermissions();
+        int i = permissions[0];
+        permissions[0] -= 100;
+        assertEquals("Value returned by getValidPermissions can be modified", i, acl.getValidPermissions()[0]);
+    }
 }

core/src/test/java/org/acegisecurity/vote/BasicAclEntryVoterTests.java

@@ -446,13 +446,13 @@ public class BasicAclEntryVoterTests extends TestCase {
     }
 
     public void testSetRequirePermissionFromString() {
-        assertPermission("NOTHING", 0);
-        assertPermission("ADMINISTRATION", 1);
-        assertPermission("READ", 2);
-        assertPermission("WRITE", 4);
-        assertPermission("CREATE", 8);
-        assertPermission("DELETE", 16);
-        assertPermission(new String[] { "WRITE", "CREATE" }, new int[] { 4, 8 });
+        assertPermission("NOTHING", SimpleAclEntry.NOTHING);
+        assertPermission("ADMINISTRATION", SimpleAclEntry.ADMINISTRATION);
+        assertPermission("READ", SimpleAclEntry.READ);
+        assertPermission("WRITE", SimpleAclEntry.WRITE);
+        assertPermission("CREATE", SimpleAclEntry.CREATE);
+        assertPermission("DELETE", SimpleAclEntry.DELETE);
+        assertPermission(new String[] { "WRITE", "CREATE" }, new int[] { SimpleAclEntry.WRITE, SimpleAclEntry.CREATE });
     }
 
     public void testSetRequirePermissionFromStringWrongValues() {