Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1002: java.lang.IllegalStateException: Mask 1 does not have a corresponding static Permission #1253

spring-issuemaster opened this Issue Oct 2, 2008 · 2 comments


None yet
1 participant

Willie Wheeler(Migrated from SEC-1002) said:

This problem, which appears in both 2.0.3 and 2.0.4, seems to be related to


but I’m not sure. I haven’t done much research into the cause.

At any rate, I’m using the security:accesscontrollist tag but not the element in the app context. (I know there’s no inherent connection between the two, but I mention it because you need to remove in order to reproduce the bug.) When the JSP that contains the tag runs, I get the following stacktrace:

java.lang.IllegalStateException: Mask 1 does not have a corresponding static Permission

Anyway, I tried one of the ideas in the above-mentioned JIRA issue (namely forcing a BasePermission load and the associated execution of the static initializer) and that solved the problem.

I assume that what’s happening is that DefaultPermissionFactory is trying to carry permissions bits I’ve set either in the tags or else in the database to actual Permissions, isn’t finding anything in the registeredPermissionsByInteger map, and is failing as a result.

Luke Taylor said:

The ACL tags should probably be rewritten to use the PermissionEvaluator interface from the core, as this has no specific dependencies on the ACL module itself.

Luke Taylor said:

This should hopefully be resolved by the removal of static fields and methods from BasePermission and the requirement that a PermissionFactory is used directly to convert masks to Permissions (see SEC-1022).

@spring-issuemaster spring-issuemaster added this to the 3.0.0 RC1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment