On 27 Aug 2009, at 11:08, Stefan Guggisberg wrote:
Is it anything to be concerned about ?
without knowing the code in question, i think, yes. the code
obviously assumes
that this situation should never happen. however, if it does, i guess
it's a bug.
This is Sling with some modifications/enhancements/additions.
Although I have made modifications to other areas of the non-securirty
access control structure, I dont think I have made any to the
UserManagerImpl or the UserAccesControlProvider which are direct from
the 1.5.6 jackrabbit jar.
The test that reproduces this is a Ruby script running outside the
JVM, single threaded, exercising the Sling http user manager endpoints.
If its a real problem (from your response, I guess it is) I will try
and reproduce against an unmodified Sling with a simple bash/curl
script.
Thanks,
Ian
