Hey realized on applications using caconfig that if you had read right only on /conf/<child>, and not on /conf, each (unsucessfull) lookup ended up in a quiet AccessDeniedException at jackrabbit level, ending up in a null return value. It "works", but still under performs (exceptions are expensive at that intensity). I think that in our context, we can set read rights on /conf, but i wonder if we shouldn't have "conf roots" for ca configs, or "root depth" whose lookup is done before reaching JCR. wdyt?
Nicolas