On Thu, Aug 27, 2009 at 12:15 PM, Ian Boston<[email protected]> wrote:
>
> On 27 Aug 2009, at 11:08, Stefan Guggisberg wrote:
>
>>> Is it anything to be concerned about ?
>>
>> without knowing the code in question, i think, yes. the code obviously
>> assumes
>> that this situation should never happen. however, if it does, i guess
>> it's a bug.
>
> This is Sling with some modifications/enhancements/additions.
> Although I have made modifications to other areas of the non-securirty
> access control structure, I dont think I have made any to the
> UserManagerImpl or the UserAccesControlProvider which are direct from the
> 1.5.6 jackrabbit jar.
>
> The test that reproduces this is a Ruby script running outside the JVM,
> single threaded, exercising the Sling http user manager endpoints.
>
> If its a real problem (from your response, I guess it is) I will try and
> reproduce against an unmodified Sling with a simple bash/curl script.
it would be better if you create a junit test case for jackrabbit -
because we don't use sling for testing.
regards, toby
