Spring Security ACL support permissions with masks longer than 32 bits

Thank you for such a fast response on 9224! You declined it (for a good reason) and I decided to create a new issue. Is it OK, or should I continue discussion in that issue?

Can we do something like this (choose either getBitSetMask() or getBigMask() or getLongMask()):

interface Permission extends Serializable {
    int getMask();

    default BitSet getBitSetMask() {
        return BitSet.valueOf(new long[]{getMask()});
    }

    default BigInteger getBigMask() {
        return BigInteger.valueOf(getMask());
    }

    default long getLongMask() {
        return getMask();
    }
}

And then we can change BasicLookupStrategy, DefaultPermissionFactory, JdbcMutableAclService implementations to use the new default method. In this case we don't brake clients code and can support masks bigger than 32 bits.

getBitSetMask() and getBigMask() look much more flexible, but we should accept dynamic length mask patterns or limit it with 126 bits (practical maximum which we can store as number(38)). getLongMask() is much easier to implement in the current code, but it will limits us with 64 bits.

Can you give your feedback about this implementation?

Comment From: belovaf

BitMask is more convenient than BigInteger, but the latter is immutable, which is a big adventure. I think the best solution here is to implement ImmutableBitSet.

Comment From: jzheaux

So that we have the full context in one place, I'll close this one as a duplicate and we can continue to discuss on #9224.