Spring Security
  1. Spring Security
  2. SEC-1002

java.lang.IllegalStateException: Mask 1 does not have a corresponding static Permission

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.4
    • Fix Version/s: 3.0.0 RC1
    • Component/s: ACLs, Taglibs
    • Labels:
      None

      Description

      This problem, which appears in both 2.0.3 and 2.0.4, seems to be related to

      http://jira.springframework.org/browse/SEC-908

      but I'm not sure. I haven't done much research into the cause.

      At any rate, I'm using the <security:accesscontrollist> tag but not the <global-method-security> element in the app context. (I know there's no inherent connection between the two, but I mention it because you need to remove <global-method-security> in order to reproduce the bug.) When the JSP that contains the tag runs, I get the following stacktrace:

      java.lang.IllegalStateException: Mask 1 does not have a corresponding static Permission
      org.springframework.util.Assert.state(Assert.java:384)
      org.springframework.security.acls.domain.DefaultPermissionFactory.buildFromMask(DefaultPermissionFactory.java:85)
      org.springframework.security.acls.domain.AbstractRegisteredPermission.buildFromMask(AbstractRegisteredPermission.java:25)
      org.springframework.security.taglibs.authz.AccessControlListTag.parsePermissionsString(AccessControlListTag.java:221)
      org.springframework.security.taglibs.authz.AccessControlListTag.doStartTag(AccessControlListTag.java:97)
      ...<snip>...

      Anyway, I tried one of the ideas in the above-mentioned JIRA issue (namely forcing a BasePermission load and the associated execution of the static initializer) and that solved the problem.

      I assume that what's happening is that DefaultPermissionFactory is trying to carry permissions bits I've set either in the tags or else in the database to actual Permissions, isn't finding anything in the registeredPermissionsByInteger map, and is failing as a result.

        Issue Links

          Activity

          Hide
          Luke Taylor added a comment -

          The ACL tags should probably be rewritten to use the PermissionEvaluator interface from the core, as this has no specific dependencies on the ACL module itself.

          Show
          Luke Taylor added a comment - The ACL tags should probably be rewritten to use the PermissionEvaluator interface from the core, as this has no specific dependencies on the ACL module itself.
          Hide
          Luke Taylor added a comment - - edited

          This should hopefully be resolved by the removal of static fields and methods from BasePermission and the requirement that a PermissionFactory is used directly to convert masks to Permissions (see SEC-1022).

          Show
          Luke Taylor added a comment - - edited This should hopefully be resolved by the removal of static fields and methods from BasePermission and the requirement that a PermissionFactory is used directly to convert masks to Permissions (see SEC-1022 ).

            People

            • Assignee:
              Luke Taylor
              Reporter:
              Willie Wheeler
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: