diff --git a/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java b/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java index a3738dadac..cfe96ede0a 100644 --- a/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java +++ b/src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java @@ -207,7 +207,7 @@ private void setUserInfoInThreadContext(User user, Set mappedRoles) { StringJoiner joiner = new StringJoiner("|"); joiner.add(user.getName()); joiner.add(String.join(",", user.getRoles())); - joiner.add(String.join(",", Sets.union(user.getSecurityRoles(), mappedRoles))); + joiner.add(String.join(",", Sets.union(user.getSecurityRoles().stream().collect(ImmutableSet.toImmutableSet()), mappedRoles))); String requestedTenant = user.getRequestedTenant(); if (!Strings.isNullOrEmpty(requestedTenant)) { joiner.add(requestedTenant); diff --git a/src/main/java/org/opensearch/security/user/User.java b/src/main/java/org/opensearch/security/user/User.java index 43ca5d0e57..df34d5b1c4 100644 --- a/src/main/java/org/opensearch/security/user/User.java +++ b/src/main/java/org/opensearch/security/user/User.java @@ -272,13 +272,13 @@ public synchronized final Map getCustomAttributesMap() { return attributes; } - public final void addSecurityRoles(final Collection securityRoles) { + public synchronized final void addSecurityRoles(final Collection securityRoles) { if (securityRoles != null && this.securityRoles != null) { this.securityRoles.addAll(securityRoles); } } - public final Set getSecurityRoles() { + public synchronized final Set getSecurityRoles() { return this.securityRoles == null ? Collections.synchronizedSet(Collections.emptySet()) : Collections.unmodifiableSet(this.securityRoles);