Fix the windbags issue

fbelzunc · fbelzunc · commit 29b233dfbb5a · 2019-02-06T12:40:46.000+01:00
diff --git a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/types/CrowdAuthorizationType.java b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/types/CrowdAuthorizationType.java
@@ -22,6 +22,7 @@
 import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Hashtable;
 import java.util.Set;
@@ -59,7 +60,7 @@ public class CrowdAuthorizationType extends AuthorizationTypeMappingFactory {
      * The authorities that are granted to the authenticated user.
      * It is not necessary, that the authorities will be stored in the config.xml, they blow up the config.xml
      */
-    public transient GrantedAuthority[] authorities  = new GrantedAuthority[0];
+    private transient GrantedAuthority[] authorities  = new GrantedAuthority[0];
 
     /**
      * The username retrieved from the header field, which is represented by the forwardedUser attribute.
@@ -128,7 +129,8 @@ public GrantedAuthority[] retrieveAuthorities(String userFromHeader, HttpServlet
             }
         }
         authContext.put(userFromHeader, authorities);
-        return authorities;
+
+        return Collections.unmodifiableList(Arrays.asList(authorities)).toArray(new GrantedAuthority[authorities.length]);
     }
 
     @Override
diff --git a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/types/LdapAuthorizationType.java b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/types/LdapAuthorizationType.java
@@ -35,6 +35,7 @@
 import java.net.Socket;
 import java.net.UnknownHostException;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Hashtable;
 import java.util.Set;
@@ -203,7 +204,7 @@ public String getLDAPURL() {
      * The authorities that are granted to the authenticated user.
      * It is not necessary, that the authorities will be stored in the config.xml, they blow up the config.xml
      */
-    public transient GrantedAuthority[] authorities  = new GrantedAuthority[0];
+    private transient GrantedAuthority[] authorities  = new GrantedAuthority[0];
 
     @DataBoundConstructor
     public LdapAuthorizationType(String server, String rootDN, boolean inhibitInferRootDN,
@@ -344,7 +345,7 @@ public GrantedAuthority[] retrieveAuthorities(String userFromHeader, HttpServlet
             }
         }
         authContext.put(userFromHeader, authorities);
-        return authorities;
+        return Collections.unmodifiableList(Arrays.asList(authorities)).toArray(new GrantedAuthority[authorities.length]);
     }
 
 
