SEC-1022: Remove use of static methods/initializers in Acl Permissions #1272

Closed
spring-issuemaster opened this Issue Nov 3, 2008 · 3 comments

1 participant

@spring-issuemaster

Luke Taylor (Migrated from SEC-1022) said:

This has caused some problems and reduces the pluggability of Permission generation strategies, so we’ve agreed it should be modified in 2.5. PermissionFactory should probably also be modified to contain more of the methods that are currently static, allowing implementations to be called when evaluating expressions, for example (see PermissionEvaluator, AclPermissionEvaluator).

@spring-issuemaster

Thomas Champagne said:

You can use the spring util namespace :

@spring-issuemaster

Luke Taylor said:

I've removed the use of static initialization from the permission classes. Instead of invoking static methods on BasePermission in order to convert masks/names to Permissions, classes should use a PermissionFactory. DefaultPermissionFactory is used by default and can have custom Permissions injected. By default it introspects BasePermission and registers its static fields by name.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 RC1 milestone Feb 5, 2016
@spring-issuemaster

This issue supersedes #1253

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment