Spring Security ACL : AclImpl.hashCode leads to StackOverflowError

Summary

When calling method AclImpl.hashCode, a java.lang.StackOverflowError is throw

Actual Behavior

A cross-reference exists between AccessControlEntryImpl.hashCode and AclImpl.hasCode. This cross-reference leads to an infinite recursive loop and then to a stack overflow.

AclImpl.hasCode uses hash code of field "aces". "aces" field type is List. And AccessControlEntryImpl.hashCode uses hash code of field "acl". "acl" field type is Acl. The cross-reference is between this 2 fields : AclImpl.aces and AccessControlEntryImpl.acl. "acl" field reference always his Acl object (see AclImpl.insertAce).

Expected Behavior

No cross-reference on AclImpl.hashCode call.

Configuration

Version

spring-security-acl:5.0.1

Sample

java.lang.StackOverflowError: null at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111] at org.springframework.security.acls.domain.AclImpl.hashCode(AclImpl.java:351) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE] at org.springframework.security.acls.domain.AccessControlEntryImpl.hashCode(AccessControlEntryImpl.java:134) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE] at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111] at org.springframework.security.acls.domain.AclImpl.hashCode(AclImpl.java:351) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE] at org.springframework.security.acls.domain.AccessControlEntryImpl.hashCode(AccessControlEntryImpl.java:134) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE] at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111] at org.springframework.security.acls.domain.AclImpl.hashCode(AclImpl.java:351) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE] at org.springframework.security.acls.domain.AccessControlEntryImpl.hashCode(AccessControlEntryImpl.java:134) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE] at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111] at org.springframework.security.acls.domain.AclImpl.hashCode(AclImpl.java:351) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE] at org.springframework.security.acls.domain.AccessControlEntryImpl.hashCode(AccessControlEntryImpl.java:134) ~[spring-security-acl-5.0.1.RELEASE.jar:5.0.1.RELEASE] at java.util.AbstractList.hashCode(AbstractList.java:541) ~[na:1.8.0_111]

...

Comment From: udayrajluhar

@spring-issuemaster @gpoissonnier @leon @michaelpigg @mengelbrecht Hi All, what is the plan for #5401 to be merged and available for use.

Comment From: rwinch

Thanks for the ping @udayrajluhar This is now merged into master and backported through 5.0.x See the list of issues above for details