SEC-1022: Remove use of static methods/initializers in Acl Permissions #1272

spring-issuemaster opened this Issue Nov 3, 2008 · 3 comments


None yet

1 participant


Luke Taylor (Migrated from SEC-1022) said:

This has caused some problems and reduces the pluggability of Permission generation strategies, so we’ve agreed it should be modified in 2.5. PermissionFactory should probably also be modified to contain more of the methods that are currently static, allowing implementations to be called when evaluating expressions, for example (see PermissionEvaluator, AclPermissionEvaluator).


Thomas Champagne said:

You can use the spring util namespace :


Luke Taylor said:

I've removed the use of static initialization from the permission classes. Instead of invoking static methods on BasePermission in order to convert masks/names to Permissions, classes should use a PermissionFactory. DefaultPermissionFactory is used by default and can have custom Permissions injected. By default it introspects BasePermission and registers its static fields by name.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 RC1 milestone Feb 5, 2016

This issue supersedes #1253

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment