Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49075

NPE protection if roles is null and roles needs to be modifiable

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@932357 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index 55ebf6b..bf5a21e 100644 (file)
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -2229,14 +2229,16 @@ public class JNDIRealm extends RealmBase {
          final private String username;
          final private String dn;
          final private String password;
-         final private List<String> roles;
+         final private List<String> roles = new ArrayList<String>();
 
          public User(String username, String dn, String password,
                  List<String> roles) {
              this.username = username;
              this.dn = dn;
              this.password = password;
-             this.roles = Collections.unmodifiableList(roles);
+             if (roles != null) {
+                 this.roles.addAll(roles);
+             }
          }
     
          public String getUserName() {